Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Add reproducible build profile and Dockerfile #42

Merged
merged 9 commits into from
Jan 17, 2025
Merged

feat: Add reproducible build profile and Dockerfile #42

merged 9 commits into from
Jan 17, 2025
+118 −1

Conversation

MoeMahhouk
Copy link
Contributor

This PR adds a reproducible build profile and a Dockerfile that will build the binary reproducibly and puts it in a distroless minimal base image.
This will later be used in the BuilderNet v1.3 where most services will run in containers.

Steps to test:

mkdir output1 output2
docker build --no-cache --output=output1 .
docker build --no-cache --output=output2 . 
sha256sum output1/rbuilder output2/rbuilder
# hashes should be identical
rm -rf output1 output2

@MoeMahhouk MoeMahhouk requested a review from bakhtin January 14, 2025 15:01
@ZanCorDX
Copy link
Collaborator

ZanCorDX commented Jan 14, 2025
edited
Loading

I see you don't use release defaults (https://doc.rust-lang.org/cargo/reference/profiles.html):

[profile.release]
opt-level = 3
debug = false
split-debuginfo = '...'  # Platform-specific.
strip = "none"
debug-assertions = false
overflow-checks = false
lto = false
panic = 'unwind'
incremental = false
codegen-units = 16
rpath = false

I'm worried about behavior change. Are you 100% sure about each item? eg: overflow-checks, panic.

@metachris
Copy link

metachris commented Jan 14, 2025
edited
Loading

agree with Dan about there being a bunch of items. imo the fewer changes the better! which ones are absolutely necessary?

@MoeMahhouk
Copy link
Contributor Author

I see you don't use release defaults (https://doc.rust-lang.org/cargo/reference/profiles.html):

[profile.release]
opt-level = 3
debug = false
split-debuginfo = '...'  # Platform-specific.
strip = "none"
debug-assertions = false
overflow-checks = false
lto = false
panic = 'unwind'
incremental = false
codegen-units = 16
rpath = false

I'm worried about behavior change. Are you 100% sure about each item? eg: overflow-checks, panic.

good point, I will test again with the release profile without changes and see if the reproducibility still holds.
The only change that I think might be important is this codegen-units = 1 because it might introduce non-determinism factor to the build process.

@MoeMahhouk MoeMahhouk mentioned this pull request Jan 16, 2025
Merged
metachris
metachris reviewed Jan 17, 2025
View reviewed changes
Dockerfile Outdated
ENV BUILD_PROFILE=$BUILD_PROFILE

# Extra Cargo flags
ARG RUSTFLAGS="-C target-feature=+crt-static -C link-arg=-Wl,--build-id=none -Clink-arg=-static-libgcc -C metadata='' --remap-path-prefix $(pwd)=."
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

would it be too much to ask to break out each flag into it's own line, with a comment what it does? like in mev-boost here: https://github.com/flashbots/mev-boost/blob/develop/Makefile#L4-L15

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sure, I can do that there too

@MoeMahhouk MoeMahhouk requested a review from metachris January 17, 2025 12:34
metachris
metachris reviewed Jan 17, 2025
View reviewed changes
Dockerfile Outdated
Comment on lines 6 to 17
# RUSTFLAGS breakdown:
# -C target-feature=+crt-static -> Statically link the C runtime library for standalone binaries
# -C link-arg=-Wl,--build-id=none -> Remove build ID from binary for reproducibility
# -Clink-arg=-static-libgcc -> Statically link against libgcc
# -C metadata='' -> Remove metadata hash from symbol names for reproducible builds
# --remap-path-prefix $(pwd)=. -> Replace absolute paths with '.' in debug info
ARG RUSTFLAGS="-C target-feature=+crt-static \
-C link-arg=-Wl,--build-id=none \
-Clink-arg=-static-libgcc \
-C metadata='' \
--remap-path-prefix $(pwd)=."
ENV RUSTFLAGS="$RUSTFLAGS"
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
# RUSTFLAGS breakdown:
# -C target-feature=+crt-static -> Statically link the C runtime library for standalone binaries
# -C link-arg=-Wl,--build-id=none -> Remove build ID from binary for reproducibility
# -Clink-arg=-static-libgcc -> Statically link against libgcc
# -C metadata='' -> Remove metadata hash from symbol names for reproducible builds
# --remap-path-prefix $(pwd)=. -> Replace absolute paths with '.' in debug info
ARG RUSTFLAGS="-C target-feature=+crt-static \
-C link-arg=-Wl,--build-id=none \
-Clink-arg=-static-libgcc \
-C metadata='' \
--remap-path-prefix $(pwd)=."
ENV RUSTFLAGS="$RUSTFLAGS"
ARG RUSTFLAGS="-C target-feature=+crt-static \ # Statically link the C runtime library for standalone binaries
-C link-arg=-Wl,--build-id=none \ # Remove build ID from binary for reproducibility
-Clink-arg=-static-libgcc \ # Statically link against libgcc
-C metadata='' \ # Remove metadata hash from symbol names for reproducible builds
--remap-path-prefix $(pwd)=." # Replace absolute paths with '.' in debug info
ENV RUSTFLAGS="$RUSTFLAGS"

Copy link
Contributor Author

@MoeMahhouk MoeMahhouk Jan 17, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this doesnt work in Docker
You cant have inline comments there. Thats why I pulled them outside of it.
However, this is possible

ARG RUSTFLAGS="\
# Statically link the C runtime library for standalone binaries
-C target-feature=+crt-static \
# Remove build ID from binary for reproducibility
-C link-arg=-Wl,--build-id=none \
# Statically link against libgcc
-Clink-arg=-static-libgcc \
# Remove metadata hash from symbol names for reproducible builds
-C metadata='' \
# Replace absolute paths with '.' in debug info
--remap-path-prefix $(pwd)=."
ENV RUSTFLAGS="$RUSTFLAGS"

@MoeMahhouk
feat: add extra job for the reproducible docker build in the CI (#43)
16b2904 
* feat: add extra job for the reproducible docker build in the CI

* remove the extra Cargo.toml profiles

* add comments to the rust flags and move them into Makefile

* Add comments to the rust flags
@MoeMahhouk
refactor the comments position
c977d1a
@ZanCorDX ZanCorDX requested a review from metachris January 17, 2025 14:53
bakhtin
bakhtin approved these changes Jan 17, 2025
View reviewed changes
Copy link

@bakhtin bakhtin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm.

One implementation detail that I don't particularly like is duplication of flags in both Dockerfile and Makefile. One would need to keep them in sync to match the behavior of Docker build vs make build-reproducible.
Maybe in the future we can move them to an externally managed profile.

Dockerfile Outdated Show resolved Hide resolved
@MoeMahhouk MoeMahhouk merged commit 260b67e into main Jan 17, 2025
1 check passed
@MoeMahhouk MoeMahhouk deleted the reproducible-builds branch January 17, 2025 22:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bakhtin bakhtin bakhtin approved these changes

@metachris metachris metachris approved these changes

@dvush dvush Awaiting requested review from dvush dvush is a code owner

@ZanCorDX ZanCorDX Awaiting requested review from ZanCorDX ZanCorDX is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@MoeMahhouk @ZanCorDX @metachris @bakhtin