Deterministic Builds #2454
Comments
|
@probonopd Could you please comment about AppImage? |
|
Not sure I understand the question. It is obvious that the |
|
No, the question was, why the output |
|
Different timestamps in the squashfs image come to mind immediately. |
|
Is there a known possibility to remove the timestamps? |
|
So you are technically looking to produce "reproducible builds". Since a type-2 AppImage contains a squashfs file, the tool used to generate the squashfs must be told to remove them. It was discussed here: (If you would like to see support for this in |
|
Awesome! Thx a lot for the information! Looking forward to it or will aid when I find time. Is the Windows NSIS installer also using AppImage? |
No, AppImage is Linux only. |
|
We do our best to ensure that build from the same sources will be the same. For example, even if you use unreliable and buggy npm instead of yarn, all internal npm fields are removed from node modules package.json. Why it is important? For differential updates. We do use CDC (content defined chunking) but anyway. Problem is that in case of Windows code signing your builds will be different in any case (code signing dramatically changes the file). And you cannot get the same checksum even if you build from the same sources (timestams). Linux — see above #2454 (comment) ("file issue to AppImageKit"). |
|
Thank you two for your assistance! |
Electron-builder version: 19.52.1
Targets: Windows.NSIS, Linux.AppImage
Running packaging (using the programmatic API) twice gives me two different checksums for the output '.exe'|'.AppImage'. The rest of the files do not seem to change. I wonder where the non-determinism has it's root and if there is a possibility to have deterministic builds?
The text was updated successfully, but these errors were encountered: