Added fixed SOURCE_DATE_EPOCH flag for reproducible ubuntu builds#8547
Merged
rustyrussell merged 1 commit intoElementsProject:masterfrom Sep 15, 2025
Merged
Conversation
…uilds clnrest's `utoipa-swagger-ui` library has an indirect `rust-embed` dependency which by default includes timestamps in build. It results in non-deterministic build for clnrest. Using environment variable `SOURCE_DATE_EPOCH` with fixed value will enforce a consistent timestamp for builds. Also adding the `--locked` flag to ensure the release build uses exact dependencies from Cargo.lock. The `--locked` flag is particularly important for deterministic builds as it prevents Cargo from updating the lockfile. Fixes ElementsProject#8288. Changelog-Fixed: Core lightning builds for Ubuntu Focal, Jammy and Noble are deterministic again.
Closed
Collaborator
|
Wow great find, back when i tried to fix it my LLM didn't point me to this and now it does... Also the maintainer didn't point me to this either when i implemented my fix with the feature flag. I've built clnrest 3 times in release mode with that ENV set and i got the same hash every time so i'm pretty sure it works! |
ShahanaFarooqui
added a commit
to ShahanaFarooqui/lightning
that referenced
this pull request
Nov 6, 2025
This reverts [commit](ElementsProject@cd1ec72), as an alternative fix has already been introduced in PR [ElementsProject#8547](ElementsProject#8547) to restore reproducible builds. This reversion is necessary because otherwise Docker image building will fail with GitHub Actions or via build-release.sh. The issue arises from Cargo’s inability to resolve the git URL dependencies for clnrest’s utoipa and utoipa-swagger-ui packages within these build contexts. While direct `docker buildx` commands succeeds, Github Action or build-release.sh modifies the build context in a way that prevents Cargo from locating the specific git commit for these dependencies. References: ElementsProject#8530 (comment) https://github.com/ElementsProject/lightning/actions/runs/17435823432 Added fixed SOURCE_DATE_EPOCH flag for reproducible ubuntu builds [8547](ElementsProject#8547) Changelog-None.
ShahanaFarooqui
added a commit
to ShahanaFarooqui/lightning
that referenced
this pull request
Nov 6, 2025
This reverts [commit](ElementsProject@cd1ec72), as an alternative fix has already been introduced in PR [ElementsProject#8547](ElementsProject#8547) to restore reproducible builds. This reversion is necessary because otherwise Docker image building will fail with GitHub Actions or via build-release.sh. The issue arises from Cargo’s inability to resolve the git URL dependencies for clnrest’s utoipa and utoipa-swagger-ui packages within these build contexts. While direct `docker buildx` commands succeeds, Github Action or build-release.sh modifies the build context in a way that prevents Cargo from locating the specific git commit for these dependencies. References: ElementsProject#8530 (comment) https://github.com/ElementsProject/lightning/actions/runs/17435823432 Added fixed SOURCE_DATE_EPOCH flag for reproducible ubuntu builds [8547](ElementsProject#8547) Changelog-None.
sangbida
pushed a commit
that referenced
this pull request
Nov 12, 2025
This reverts [commit](cd1ec72), as an alternative fix has already been introduced in PR [#8547](#8547) to restore reproducible builds. This reversion is necessary because otherwise Docker image building will fail with GitHub Actions or via build-release.sh. The issue arises from Cargo’s inability to resolve the git URL dependencies for clnrest’s utoipa and utoipa-swagger-ui packages within these build contexts. While direct `docker buildx` commands succeeds, Github Action or build-release.sh modifies the build context in a way that prevents Cargo from locating the specific git commit for these dependencies. References: #8530 (comment) https://github.com/ElementsProject/lightning/actions/runs/17435823432 Added fixed SOURCE_DATE_EPOCH flag for reproducible ubuntu builds [8547](#8547) Changelog-None.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
clnrest's
utoipa-swagger-uilibrary has an indirectrust-embeddependency which by default includes timestamps in build. It results in non-deterministic build for clnrest. Using environment variableSOURCE_DATE_EPOCHwith fixed value will enforce a consistent timestamp for builds.Also adding the
--lockedflag to ensure the release build uses exact dependencies from Cargo.lock. The--lockedflag is particularly important for deterministic builds as it prevents Cargo from updating the lockfile.Fixes #8288.
Changelog-Fixed: Core lightning builds for Ubuntu Focal, Jammy and Noble are deterministic again.