With qubes-mirage-firewall we try to have a reproducible build process. In https://github.com/mirage/qubes-mirage-firewall/issues/184 a user noticed the hashsum of the unikernel was not the one expected (something has changed between 05/11/23 and 07/11/23 because github action run every weeks on sunday and the build artifact has the good hashsum).
I tracked down to an update of cmdliner (from 1.1.1 to 1.2.0+dune). The version selection is done in the make depend step with mirage, but I don't see how this could happen (the 1.2.0 version is out since several months). Therefore I wonder if you could have some insight on how I can improve the reproducibility of our builds ?
Dear developpers,
With qubes-mirage-firewall we try to have a reproducible build process. In https://github.com/mirage/qubes-mirage-firewall/issues/184 a user noticed the hashsum of the unikernel was not the one expected (something has changed between 05/11/23 and 07/11/23 because github action run every weeks on sunday and the build artifact has the good hashsum).
I tracked down to an update of cmdliner (from 1.1.1 to 1.2.0+dune). The version selection is done in the
make depend
step with mirage, but I don't see how this could happen (the 1.2.0 version is out since several months). Therefore I wonder if you could have some insight on how I can improve the reproducibility of our builds ?Best.