Hello,
Is there a correct way to verify the source code of a blessed replica proposal now that the binaries are using compression?
For proposal 54964 , the git commit is: 0ef2aebde4ff735a1a93efa342dcf966b6df5061 , and the release_package_sha256_hex hash specified in the proposal is
.
When I checkout the ic repo at the commit: 0ef2aebde4ff735a1a93efa342dcf966b6df5061 and build the code with the build commands in the readme, the build is successful but the hashes are different than the one in the proposal
The canister module GZip compression that I implemented recently is not related to this issue.
When I try to build the IC OS image from the same commit, I get yet another hash:
$ git status
HEAD detached at 0ef2aebd
$ ./gitlab-ci/tools/docker-run ./gitlab-ci/tools/build-ic
IC-OS Image
05cd757019e276af68a7e2e178dec73ae095131af841d0b44a9c03c947c2d399 update-img.tar.gz
There might be an issue with the build reproducibility; I asked our release engineers for clarification.