search

ungoogled-software / ungoogled-chromium-debian

Debian, Ubuntu, and others packaging for ungoogled-chromium
386 stars 49 forks source link

End to end build Dockerfile #173

Open InnovativeInventor opened 4 years ago

InnovativeInventor commented 4 years ago

From: https://github.com/Eloston/ungoogled-chromium/issues/743

I've dockerized the build process on debian (so we can pin exact hashes of the version of debian we're building on). This is intended to aid in the production of reproducible binaries.

Once this is complete, we can use GitHub Actions to build it (a neutral, trusted platform) and have volunteers verify that the GitHub Actions build matches their own local build.

Note: Currently the build only targets amd64

I'll be submitting a pull request once the build finishes (since an end-to-end dockerfile would be useful anyways to have).

Eloston commented 4 years ago

Thanks for looking into this, but I have several questions:

  1. What Debian versions are you building on? How about Ubuntu?
  2. Why is it necessary to pin exact hashes of the Debian version we're building on? For example, Debian buster hardly ever changes so it's a pretty stable environment
  3. GitHub Actions does not work well for building Chromium (can't remember the specific issues on ungoogled-chromium). We already setup OBS to make binaries. Is there still a reason to use GitHub Actions?
  4. Are you planning to support other CPU architectures?
  5. How are you planning to integrate the Dockerfile with this repo? This repo is meant to mirror Debian's git repo for the chromium source package. I'm having troubles seeing how a Dockerfile would be appropriate here. Maybe ungoogled-software/contrib would be a better place?
InnovativeInventor commented 4 years ago

I don't believe it is necessary to pin the exact hashes, but doing so ensures that everybody starts off with the same image, eliminating a source of non-reproducible. I have no clue what kind of optimizations the compiler does, but I felt that a reproducible build environment is a good step towards reproducible builds.

Yet another update: Can't seem to get the same .deb files -- planning on trying some other ideas from: https://reproducible-builds.org/tools/

Particularly: https://salsa.debian.org/reproducible-builds/strip-nondeterminism (add-on to debhelper)

InnovativeInventor commented 4 years ago

To answer your question, I'll get other architectures (and Ubuntu) built once I manage to figure out how to make builds reproducible. There isn't a reason to use GitHub Actions if OBS works and GitHub Actions didn't in the past.

I've opened up a PR in ungoogled-software/contrib. (https://github.com/ungoogled-software/contrib/pull/2)

thedeadliestcatch commented 8 months ago

Has the Dockerfile ever been made available?

iskunk commented 8 months ago

Has the Dockerfile ever been made available?

It's in the PR linked above your comment.

thedeadliestcatch commented 8 months ago

It seems like it has been stalled since 2020.