0pcom commented on Feb 21

I've successfully tested reproducible builds of golang binaries on different machines of the same architecture and OS, and I am adding this to the SkycoinProject AUR repo packages where applicable.

An example of how to do this:

export GOPATH="${HOME}"/go
export GOBIN=${GOPATH}/bin
export PATH=${GOPATH}/bin:${PATH}
cmddir=${GOPATH}/src/github.com/SkycoinProject/skycoin/cmd
cd ${cmddir}/skycoin
go build -trimpath -ldflags '-extldflags ${LDFLAGS}' -ldflags=-buildid= -o $GOBIN/ .

The resulting binary is placed in $GOBIN

Limitations

• It is possible that the GOROOT path may still be written into the compiled binary (untested)
• It is possible that changes in the version of golang may change the hash of the compiled binary (untested)
• Every change to the SkycoinProject github source repository that affects binary compilation will change the resulting compiled binary hash

Using the same OS, architecture, and properly / conventionally installed golang of the same version the build is fully reproducible with the above method, regardless of build path; the same output will be produced given the same inputs.

iketheadore commented on Feb 21

Thanks for you info. The trimpath flag is not supported before Go 1.13, I will update build flags after we upgrade to use Go 1.13+.

We do build wallets binary with the gox.sh, check code here:

@0pcom , is this a deterministic build?