When I build safe_vault it creates a different binary file to when maidsafe builds safe_vault.
This is not really ideal; the functionality is identical but the file itself is not.
So this topic is about exploring the path toward deterministic builds for at least the vault but hopefully the other SAFE software also.
Bitcoin does deterministic builds with gitian (for windows and mac) and is looking to move to guix (which is currently used for the linux build). You can see from the massive commit Add deterministic Guix builds this is not a trivial thing to do.
My initial investigations have given rise to some basic questions:
Why is the maidsafe linux build of safe_vault done with x86_64-unknown-linux-musl
rather than x86_64-unknown-linux-gnu (see the *-musl suffix on the release page)? For me the default rust toolchain installed by rustup is gnu, and the travisCI is also gnu (see L435 of the travis build log for vault 0.20.1), so why is maidsafe using musl for their build? I had an error with the openssl package when trying to build safe_vault with the musl toolchain. Which toolchain would be preferred if we try moving toward deterministic builds?
I looked at the vault binaries (using
xxd safe_vault) and searched for the text
homeand didn’t see anything that immediately stood out as being specific to the build environment. An introduction to deterministic builds seems like a good starting place to get an idea of how complex it is to manage sources of variation (although not specifically about rust builds).
What is the value of deterministic builds, are they important, and should they be attempted or worked towards? Can / should they be used for all maidsafe products (eg browser, frontend etc) or only the vault? Can we do fine without them?
This topic doesn’t seem to have been discussed too much on the forum from what I can see… @bluebird discussed it a couple of times (here is one such time) and @sfultong uses NixOS which is known for deterministic builds. Anyone else got experience or opinions about this topic?
And for those that just want a good read, try Reflections on Trusting Trust.