From ff9f6d248c67951dec16e140354a4fa4908bdb99 Mon Sep 17 00:00:00 2001 From: nacho692 Date: Mon, 6 Jan 2020 15:08:57 -0300 Subject: [PATCH 1/3] native library reproducibility --- native/altbn128/linux/1.0.0/Dockerfile | 28 ++++++++++++++++++ native/altbn128/linux/1.0.0/README.md | 34 ++++++++++++++++++++++ native/dependency/1.0.0/Dockerfile | 12 ++++++++ native/dependency/1.0.0/README.md | 39 ++++++++++++++++++++++++++ 4 files changed, 113 insertions(+) create mode 100644 native/altbn128/linux/1.0.0/Dockerfile create mode 100644 native/altbn128/linux/1.0.0/README.md create mode 100644 native/dependency/1.0.0/Dockerfile create mode 100644 native/dependency/1.0.0/README.md diff --git a/native/altbn128/linux/1.0.0/Dockerfile b/native/altbn128/linux/1.0.0/Dockerfile new file mode 100644 index 0000000..c765e8b --- /dev/null +++ b/native/altbn128/linux/1.0.0/Dockerfile @@ -0,0 +1,28 @@ +FROM ubuntu:18.04 + +ENV GOLANG=go1.13.5.linux-amd64.tar.gz +ENV GOROOT=/go +ENV GOBIN=$GOROOT/bin +ENV GOPATH=/root/go +ENV PATH=$GOBIN:$PATH +ENV JAVA_HOME=/usr/lib/jvm/java-8-openjdk-amd64 +ENV CGO_CFLAGS="-I$JAVA_HOME/include -I$JAVA_HOME/include/linux" + +RUN apt-get update && \ + apt-get install -y -o APT::Install-Suggests="false" git curl openjdk-8-jdk=8u232-b09-0ubuntu1~18.04.1 build-essential=12.4ubuntu1 + +WORKDIR /code/altbn128 + +RUN git clone --single-branch --depth 1 --branch 1.0.0 https://github.com/rsksmart/native.git /code/altbn128 + +RUN curl "https://dl.google.com/go/"$GOLANG -o $GOLANG -# && \ + echo "512103d7ad296467814a6e3f635631bd35574cab3369a97a323c9a585ccaa569 go1.13.5.linux-amd64.tar.gz" > shasum.txt && \ + cat shasum.txt + +RUN sha256sum -c shasum.txt + +RUN tar -xvf $GOLANG +RUN mkdir $GOROOT && mv go / + +RUN cd src/jni && go get && make clean && make linux +RUN sha256sum src/jni/libbn128.so diff --git a/native/altbn128/linux/1.0.0/README.md b/native/altbn128/linux/1.0.0/README.md new file mode 100644 index 0000000..88467d4 --- /dev/null +++ b/native/altbn128/linux/1.0.0/README.md @@ -0,0 +1,34 @@ +# albn128 1.0.0 + +* Source: https://github.com/rsksmart/native +* Tag: `1.0.0` + +## Build + +``` +$ docker build -t altbn128-1.0.0-reproducible . +``` + +The build will print a hash. It should match +``` +9de3f2efe3e0686734b79e41d8a0f8ea2c1e4f3e3d2c6ddcd10e3b60b5f973ca src/jni/libbn128.so +``` + +If you had already generated this reproducible build prior to its retag, please add `--no-cache` parameter to the build command to ensure the image regeneration. + + +## Verify + +If you want to verify the hash without rebuilding the image +``` +$ docker run --rm altbn128-1.0.0-reproducible sha256sum /code/altbn128/src/jni/libbn128.so +9de3f2efe3e0686734b79e41d8a0f8ea2c1e4f3e3d2c6ddcd10e3b60b5f973ca src/jni/libbn128.so +``` + +## (Optional) Extract the library from image + +``` +$ docker run --name temp-container altbn128-1.0.0-reproducible /bin/true +$ docker cp temp-container://code/rskj/code/altbn128/src/jni/libbn128.so ./libbn128.so +$ docker rm temp-container +``` diff --git a/native/dependency/1.0.0/Dockerfile b/native/dependency/1.0.0/Dockerfile new file mode 100644 index 0000000..ac944a0 --- /dev/null +++ b/native/dependency/1.0.0/Dockerfile @@ -0,0 +1,12 @@ +FROM ubuntu:18.04 + +RUN apt-get update -y && \ + apt-get install -y --no-install-recommends git curl openjdk-8-jdk=8u232-b09-0ubuntu1~18.04.1 + +WORKDIR /code/native + +RUN git clone --single-branch --depth 1 --branch 1.0.0 https://github.com/rsksmart/native.git /code/native + +RUN ./gradlew --no-daemon clean build -x test + +RUN sha256sum build/libs/* diff --git a/native/dependency/1.0.0/README.md b/native/dependency/1.0.0/README.md new file mode 100644 index 0000000..116f617 --- /dev/null +++ b/native/dependency/1.0.0/README.md @@ -0,0 +1,39 @@ +# native 1.0.0 + +* Source: https://github.com/rsksmart/native +* Tag: `1.0.0` + +## Build + +``` +$ docker build -t native-1.0.0-reproducible . +``` + +The build will print a hash. It should match +``` +248394158f35d5485ceb3e0312ce60b686381a1000a9cfacee10bf0ff3415596 build/libs/native-1.0.0.jar +5bae503ee4b32f8f2941985a05ae00229f74a8f4e635d3698e5ec1be1956224b build/libs/native-1.0.0.pom +``` + +If you had already generated this reproducible build prior to its retag, please add `--no-cache` parameter to the build command to ensure the image regeneration. + + +## Verify + +If you want to verify the hash without rebuilding the image +``` +$ docker run --rm native-1.0.0-reproducible sha256sum /code/native/build/libs/native-1.0.0.jar +248394158f35d5485ceb3e0312ce60b686381a1000a9cfacee10bf0ff3415596 build/libs/native-1.0.0.jar + +$ docker run --rm native-1.0.0-reproducible sha256sum /code/native/build/libs/native-1.0.0.pom +5bae503ee4b32f8f2941985a05ae00229f74a8f4e635d3698e5ec1be1956224b build/libs/native-1.0.0.pom +``` + +## (Optional) Extract the jar from image + +``` +$ docker run --name temp-container native-1.0.0-reproducible /bin/true +$ docker cp temp-container://code/native/build/libs/native-1.0.0.jar ./native-1.0.0.jar +$ docker cp temp-container://code/native/build/libs/native-1.0.0.pom ./native-1.0.0.pom +$ docker rm temp-container +``` From 60971b15f1a64ec231cbe2107445a51974948964 Mon Sep 17 00:00:00 2001 From: nacho692 Date: Mon, 6 Jan 2020 15:31:22 -0300 Subject: [PATCH 2/3] add javadoc and sources --- native/dependency/1.0.0/README.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/native/dependency/1.0.0/README.md b/native/dependency/1.0.0/README.md index 116f617..def66c4 100644 --- a/native/dependency/1.0.0/README.md +++ b/native/dependency/1.0.0/README.md @@ -11,6 +11,8 @@ $ docker build -t native-1.0.0-reproducible . The build will print a hash. It should match ``` +a1902dac3e0ee55c54820bbd3913d1c1bbe85d8c8efb3092b50451605ee87f98 build/libs/native-1.0.0-javadoc.jar +371b1539efd34cdce20d63c5416facdd3fa853abc36fd8a192e501c32d2d528d build/libs/native-1.0.0-sources.jar 248394158f35d5485ceb3e0312ce60b686381a1000a9cfacee10bf0ff3415596 build/libs/native-1.0.0.jar 5bae503ee4b32f8f2941985a05ae00229f74a8f4e635d3698e5ec1be1956224b build/libs/native-1.0.0.pom ``` @@ -22,6 +24,12 @@ If you had already generated this reproducible build prior to its retag, please If you want to verify the hash without rebuilding the image ``` +$ docker run --rm native-1.0.0-reproducible sha256sum /code/native/build/libs/native-1.0.0-javadoc.jar +a1902dac3e0ee55c54820bbd3913d1c1bbe85d8c8efb3092b50451605ee87f98 build/libs/native-1.0.0-javadoc.jar + +$ docker run --rm native-1.0.0-reproducible sha256sum /code/native/build/libs/native-1.0.0-sources.jar +371b1539efd34cdce20d63c5416facdd3fa853abc36fd8a192e501c32d2d528d build/libs/native-1.0.0-sources.jar + $ docker run --rm native-1.0.0-reproducible sha256sum /code/native/build/libs/native-1.0.0.jar 248394158f35d5485ceb3e0312ce60b686381a1000a9cfacee10bf0ff3415596 build/libs/native-1.0.0.jar @@ -33,6 +41,8 @@ $ docker run --rm native-1.0.0-reproducible sha256sum /code/native/build/libs/na ``` $ docker run --name temp-container native-1.0.0-reproducible /bin/true +$ docker cp temp-container://code/native/build/libs/native-1.0.0-javadoc.jar ./native-1.0.0-javadoc.jar +$ docker cp temp-container://code/native/build/libs/native-1.0.0-sources.jar ./native-1.0.0-sources.jar $ docker cp temp-container://code/native/build/libs/native-1.0.0.jar ./native-1.0.0.jar $ docker cp temp-container://code/native/build/libs/native-1.0.0.pom ./native-1.0.0.pom $ docker rm temp-container From 021f570c6cf0985932c2ce792877f201b80abebe Mon Sep 17 00:00:00 2001 From: nacho692 Date: Thu, 16 Jan 2020 14:13:50 -0300 Subject: [PATCH 3/3] native 1.0.1 --- native/dependency/1.0.1/Dockerfile | 12 ++++++++ native/dependency/1.0.1/README.md | 49 ++++++++++++++++++++++++++++++ 2 files changed, 61 insertions(+) create mode 100644 native/dependency/1.0.1/Dockerfile create mode 100644 native/dependency/1.0.1/README.md diff --git a/native/dependency/1.0.1/Dockerfile b/native/dependency/1.0.1/Dockerfile new file mode 100644 index 0000000..7f7a302 --- /dev/null +++ b/native/dependency/1.0.1/Dockerfile @@ -0,0 +1,12 @@ +FROM ubuntu:18.04 + +RUN apt-get update -y && \ + apt-get install -y --no-install-recommends git curl openjdk-8-jdk=8u232-b09-0ubuntu1~18.04.1 + +WORKDIR /code/native + +RUN git clone --single-branch --depth 1 --branch 1.0.1 https://github.com/rsksmart/native.git /code/native + +RUN ./gradlew --no-daemon clean build -x test + +RUN sha256sum build/libs/* \ No newline at end of file diff --git a/native/dependency/1.0.1/README.md b/native/dependency/1.0.1/README.md new file mode 100644 index 0000000..c1cebaf --- /dev/null +++ b/native/dependency/1.0.1/README.md @@ -0,0 +1,49 @@ +# native 1.0.1 + +* Source: https://github.com/rsksmart/native +* Tag: `1.0.1` + +## Build + +``` +$ docker build -t native-1.0.1-reproducible . +``` + +The build will print a hash. It should match +``` +a73f028ee48a70d7fbcc15f7384d15384453c201c85c063974e9a3dad1ab3051 build/libs/native-1.0.1-javadoc.jar +c40a2467a2e2299be18206a3abd1f9ff4ac2d8ac6c9d9e2cecefb3bff4dc5308 build/libs/native-1.0.1-sources.jar +28012193abba5638493d6023f4c937307ec10470b4c4fb3bd92ad3d687315cf0 build/libs/native-1.0.1.jar +34c12e3819b63ff2f4bb7f61cae87f60ea328b68bbe59d5eed9af43e0191b792 build/libs/native-1.0.1.pom +``` + +If you had already generated this reproducible build prior to its retag, please add `--no-cache` parameter to the build command to ensure the image regeneration. + + +## Verify + +If you want to verify the hash without rebuilding the image +``` +$ docker run --rm native-1.0.1-reproducible sha256sum /code/native/build/libs/native-1.0.1-javadoc.jar +a73f028ee48a70d7fbcc15f7384d15384453c201c85c063974e9a3dad1ab3051 build/libs/native-1.0.1-javadoc.jar + +$ docker run --rm native-1.0.1-reproducible sha256sum /code/native/build/libs/native-1.0.1-sources.jar +c40a2467a2e2299be18206a3abd1f9ff4ac2d8ac6c9d9e2cecefb3bff4dc5308 build/libs/native-1.0.1-sources.jar + +$ docker run --rm native-1.0.1-reproducible sha256sum /code/native/build/libs/native-1.0.1.jar +28012193abba5638493d6023f4c937307ec10470b4c4fb3bd92ad3d687315cf0 build/libs/native-1.0.1.jar + +$ docker run --rm native-1.0.1-reproducible sha256sum /code/native/build/libs/native-1.0.1.pom +34c12e3819b63ff2f4bb7f61cae87f60ea328b68bbe59d5eed9af43e0191b792 build/libs/native-1.0.1.pom +``` + +## (Optional) Extract the jar from image + +``` +$ docker run --name temp-container native-1.0.1-reproducible /bin/true +$ docker cp temp-container://code/native/build/libs/native-1.0.1-javadoc.jar ./native-1.0.1-javadoc.jar +$ docker cp temp-container://code/native/build/libs/native-1.0.1-sources.jar ./native-1.0.1-sources.jar +$ docker cp temp-container://code/native/build/libs/native-1.0.1.jar ./native-1.0.1.jar +$ docker cp temp-container://code/native/build/libs/native-1.0.1.pom ./native-1.0.1.pom +$ docker rm temp-container +```