search

sbellem / cipher-paratime

Fork of Oasis Cipher-ParaTime to experiment with nix-based reproducible builds
Apache License 2.0
0 stars 0 forks source link

nix build varies from machine to machine #3

Open sbellem opened 2 years ago

sbellem commented 2 years ago

Taking cipher-paratime.sgxs as an example, when built on different machines, the sha256sum will vary, although the derivation path (e.g.: /nix/store/8sp3hk8szax7x5jwjniw7b0yhkghsp50-cipher-paratime-2.0.1-alpha1) may be identical.

For instance, for the latest build, at the time of this writing, the following hashes are obtained.

cipher-paratime.sgxs

This involves running cargo elf2sgxs on the cipher-paratime binary, built with cargo build --release --target=x86_64-fortanix-unknown-sgx.

env OS sha256sum cipher-paratime.sgxs store path hash (/nix/store/<hash>-cipher-paratime-2.0.1-alpha1)
laptop Ubuntu 20.04.4 LTS f7ff2296f5182cb287a30cab7c41a8a2ab75e72847300b9131f1507e37826322 8sp3hk8szax7x5jwjniw7b0yhkghsp50
github Ubuntu 20.04.4 LTS 0e3acd4d0d81397ba887e73b67db1087360698d943e29de3b4e7a58d10a27409 8sp3hk8szax7x5jwjniw7b0yhkghsp50
azure Ubuntu 18.04.6 LTS e0ba5841dfbe191e4b218074ff2fa318bc4684179642cf549ca6a685c3c89887 8sp3hk8szax7x5jwjniw7b0yhkghsp50
docker (laptop) nixpkgs/nix-unstable 2c9d849377c478b63b9f363d824f434190d05c2eb3091c94871e948c73a12e26 8sp3hk8szax7x5jwjniw7b0yhkghsp50
docker (laptop) nixpkgs/nix-flakes 2c9d849377c478b63b9f363d824f434190d05c2eb3091c94871e948c73a12e26 8sp3hk8szax7x5jwjniw7b0yhkghsp50
docker (github) todo todo todo
docker (azure) todo todo todo

cipher-paratime (no sgx support)

Built with cargo build --release.

env OS sha256sum cipher-paratime.sgxs store path hash (/nix/store/<hash>-cipher-paratime-2.0.1-alpha1)
laptop Ubuntu 20.04.4 LTS 8f34b28f395943544b1d511a4494dc9ac295b1b4d1b91aec679375363c2f1675 pgk96j8mwcpxnf8ws2asvmycpcwi5zq7
github Ubuntu 20.04.4 LTS c75ee6a2ac333ac5b3b73184f8da42399d3d700644e7f3dbfb7f6ee53a0915e6 pgk96j8mwcpxnf8ws2asvmycpcwi5zq7
azure Ubuntu 18.04.6 LTS 0aeaf94d8090988eecd7d747693bfd9d1950c3033530350b65d9d365cea7c682 pgk96j8mwcpxnf8ws2asvmycpcwi5zq7
docker (laptop) nixpkgs/nix-unstable 6e7f332b7726db2d721467fa5743cda30168602b8075a539821701b085d8fb42 pgk96j8mwcpxnf8ws2asvmycpcwi5zq7
docker (laptop) nixpkgs/nix-flakes 6e7f332b7726db2d721467fa5743cda30168602b8075a539821701b085d8fb42 pgk96j8mwcpxnf8ws2asvmycpcwi5zq7
docker (github) todo todo todo
docker (azure) todo todo todo

It's important to note that the sha256 values obtained are consistent, meaning that for the same environment (machine), they do not vary.

sbellem commented 2 years ago

Resources