Broken Replica Source Code Verification

levi · April 20, 2022, 2:54pm

Hello,
Is there a correct way to verify the source code of a blessed replica proposal now that the binaries are using compression?

For proposal 54964 , the git commit is: 0ef2aebde4ff735a1a93efa342dcf966b6df5061 , and the release_package_sha256_hex hash specified in the proposal is

.
When I checkout the ic repo at the commit: 0ef2aebde4ff735a1a93efa342dcf966b6df5061 and build the code with the build commands in the readme, the build is successful but the hashes are different than the one in the proposal

@diegop
@roman-kashitsyn
How can I verify the source code of the replica?

roman-kashitsyn · April 20, 2022, 9:36pm

The canister module GZip compression that I implemented recently is not related to this issue.

When I try to build the IC OS image from the same commit, I get yet another hash:

$ git status
HEAD detached at 0ef2aebd

$ ./gitlab-ci/tools/docker-run ./gitlab-ci/tools/build-ic

IC-OS Image
05cd757019e276af68a7e2e178dec73ae095131af841d0b44a9c03c947c2d399  update-img.tar.gz

There might be an issue with the build reproducibility; I asked our release engineers for clarification.

levi · April 20, 2022, 11:47pm

Thanks, If I remember correct it is the extracted root.img file that is different.

levi · April 23, 2022, 3:58pm

I’m seeing the same thing when building for proposal 56257
the proposal hash is

at commit 3ad313dcda03e2db45e81d02c5f931fdf3bf5bc1

When I checkout 3ad313dcda03e2db45e81d02c5f931fdf3bf5bc1 and build on my machine:

livio · April 25, 2022, 6:56am

@levi Many thanks for discovering and reporting this issue. We are currently investigating and will update you on the progress.

We haven’t pinpointed the source yet, but assume it is related to the Docker image used in our build environment.

sat · May 16, 2022, 1:28pm

@levi do you still see issues with reproducibility?