You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The build process for the constellation binary is not deterministic.
The CLI embeds an OCI image manifest hash for ghcr.io/edgelesssys/constellation/qemu-metadata-api. One of the layers consists of files from the Nix store. Depending on the optimisation settings of the Nix store, some files may or may not be hard links to others, resulting in a diff in the layer tarball.
Issue description
The build process for the
constellationbinary is not deterministic.The CLI embeds an OCI image manifest hash for
ghcr.io/edgelesssys/constellation/qemu-metadata-api. One of the layers consists of files from the Nix store. Depending on the optimisation settings of the Nix store, some files may or may not be hard links to others, resulting in a diff in the layer tarball.Workaround: try to stick close to the reproducible builds workflow.
Steps to reproduce the behavior
auto-optimise-store = true).bazel build //cli:cli_enterprise_linux_amd64).Version
This affects v2.19.0 and older releases.
The text was updated successfully, but these errors were encountered: