search

kpcyrd / i-probably-didnt-backdoor-this

A practical experiment on supply-chain security using reproducible builds
Apache License 2.0
152 stars 9 forks source link

Base checkout and make did not work can't find crate for `std` #5

Open PastaPastaPasta opened 4 months ago

PastaPastaPasta commented 4 months ago

I tried to check this out and build; however it didn't appear to work

> $ make                                                                                                                                                                                                                                                                                  [±main ✓]
docker run --rm -v "/Users/pasta/workspace/i-probably-didnt-backdoor-this:/app" -w /app -u "501:20" \
        rust@sha256:8463cc29a3187a10fc8bf5200619aadf78091b997b0c3941345332a931c40a64 \
        cargo build --release --locked --target=x86_64-unknown-linux-musl
   Compiling asdf v0.1.1 (/app)
error[E0463]: can't find crate for `std`
  |
  = note: the `x86_64-unknown-linux-musl` target may not be installed
  = help: consider downloading the target with `rustup target add x86_64-unknown-linux-musl`

error: aborting due to previous error

For more information about this error, try `rustc --explain E0463`.
error: could not compile `asdf`

To learn more, run the command again with --verbose.
make: *** [build] Error 101
kpcyrd commented 4 months ago

I suspect this is run on an aarch64 computer, the hash that is pinned in this command is for a manifest list, so there are two different containers that may be used (x86_64-unknown-linux-musl and aarch64-unknown-linux-musl):

docker manifest inspect rust@sha256:8463cc29a3187a10fc8bf5200619aadf78091b997b0c3941345332a931c40a64

{
   "schemaVersion": 2,
   "mediaType": "application/vnd.docker.distribution.manifest.list.v2+json",
   "manifests": [
      {
         "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
         "size": 953,
         "digest": "sha256:9a6e2a77192a24806453ad5f94106a9216aa3c91516ddb0f897e13df8f8ce6ea",
         "platform": {
            "architecture": "amd64",
            "os": "linux"
         }
      },
      {
         "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
         "size": 953,
         "digest": "sha256:b6448e792e8bc77a72765f1e47039777a5104ddbaad133bbc3853f4bb616d272",
         "platform": {
            "architecture": "arm64",
            "os": "linux",
            "variant": "v8"
         }
      }
   ]
}

You can check the available toolchains like this:

docker run --rm rust@sha256:8463cc29a3187a10fc8bf5200619aadf78091b997b0c3941345332a931c40a64 ls -la /usr/local/rustup/toolchains/