Jim: Reproducible build of Sandstorm bundle

[garrison]

It would be nice to have the bundle for each Sandstorm release be a reproducible build.

My work on a nix expression for Sandstorm might help here, but another approach could be to use a Dockerfile, along with more conventional tools.

[zenhack]

I would definitely favor nix here, as it strikes me as likely to be more robust.

[garrison]

You might be right. But somehow, Debian has achieved >90% of packages having reproducible builds, without relying on nix.

[zenhack]

Quoting Jim Garrison (2021-10-24 15:13:42)

You might be right. But somehow, Debian has achieved [1]>90% of packages having reproducible builds, without relying on nix.

I certainly don't doubt that it is possible

[ocdtrekkie]

I do find it interesting Kenton often has different tests results than our GitHub Action. Presumably that suggests something between his environment and GitHub's can produce different results.

[zenhack]

Quoting Jacob Weisz (2021-10-24 18:35:07)

I do find it interesting Kenton often has different tests results than our GitHub Action. Presumably that suggests something between his environment and GitHub's can produce different results.

I assume this is a function of differing system libraries; Kenton runs Debian, while CI runs on Ubuntu. Fwiw, I can reproduce the 19 failures on my own system (Archlinux). I suspect it's a matter of time before whatever the problem is affects Kenton too.

Wrt. reproducibility, either way the approach to fixing that particular problem is to pin the system library versions used, which either approach gives us.

-Ian

[ocdtrekkie]

@alteckclub has been working on this one recently here: https://github.com/garrison/sandstorm-nix/pull/2

I believe the present blocker is that Meteor likes to add random characters to package names for reasons, which needs to be patched out to get reproducible builds.