feat: Add reproducible Debian package builds and distribution #7617
Conversation
MoeMahhouk
changed the title
lighthouse/lighthouse.service
Outdated
| Type=simple | ||
| DynamicUser=true | ||
| User=lighthouse | ||
| Group=eth |
There was a problem hiding this comment.
| Group=eth | |
| Group=lighthouse |
There was a problem hiding this comment.
I thought we wanted to pack, lighthouse, reth and rbuilder in the same group, right?
lighthouse/lighthouse.service
Outdated
| RestartSec=5 | ||
| TimeoutStopSec=180 | ||
| Environment="RUST_LOG=info" | ||
| ExecStart=/usr/bin/lighthouse \ |
There was a problem hiding this comment.
You should not assume any specific use-case of a service. I'd simplify it to /usr/bin/lighthouse bn
There was a problem hiding this comment.
yeah, this is just a dummy/simple systemd service file that will be anyway overwritten during deplyoments as we discussed offline, right?
Otherwise, how would you suggest it to be? just /usr/bin/lighthouse --help?
| @@ -0,0 +1,188 @@ | |||
| name: reproducible-build | |||
There was a problem hiding this comment.
I'd avoid imposing a responsibility for verifying reproducibility to third-parties (Lighthouse team in this case). Those who have reproducibility requirements should independently verify it relying on their infra.
There was a problem hiding this comment.
The variance in the environment is not sufficient to say that the builds are reproducible. Check out how Debian independently verify reproducibility by building on different OSes with a variable set of tools.
There was a problem hiding this comment.
I also followed here the steps of reth and how they are doing it here https://github.com/paradigmxyz/reth/blob/main/.github/workflows/reproducible-build.yml
However, good point on if the lighthouse team would want this to be as part of their workflow or not. I would leave it for them to decide and then we can re-iterate on what the best way to do it
| @@ -0,0 +1,142 @@ | |||
| name: release-reproducible | |||
There was a problem hiding this comment.
Can we make reproducible builds a default for Lighthouse? Not an additional target requiring extra effort to support
There was a problem hiding this comment.
I created a separate workflow for the reproducible container builds as separation of concerns similar to what the reth team did here https://github.com/paradigmxyz/reth/blob/main/.github/workflows/release-reproducible.yml
MoeMahhouk
force-pushed
the
deb-packaging
branch
from
d950bee to
1519838
Compare
MoeMahhouk
force-pushed
the
deb-packaging
branch
from
1519838 to
211063a
Compare
Issue Addressed
This pull request introduces workflows and configuration updates to automate the building, testing, and releasing of reproducible Debian packages for the Lighthouse project. Below are the key changes grouped by theme:
New GitHub Actions Workflows
.github/workflows/release-deb.ymlto automate the building, testing, and releasing of reproducible Debian packages for multiple architectures (x86_64andaarch64). Includes steps for dry-run testing, artifact uploads, and checksum generation.Proposed Changes
Additional Info
This is an incremental work on #7614 and requires it to be merged first
close #7618