)]}'
{
  "commit": "3871fa1003840be797fc3f49efb716ae5f4862b1",
  "tree": "22394cf2fbae2c134fc297b9e7231b640b3b9218",
  "parents": [
    "58bbc85c27d2d91276113640ba1fe6ea0f2e8b0c"
  ],
  "author": {
    "name": "Jan Schär",
    "email": "jan@monogon.tech",
    "time": "Wed Jul 09 17:30:00 2025 +0000"
  },
  "committer": {
    "name": "Jan Schär",
    "email": "jan@monogon.tech",
    "time": "Thu Jul 10 11:11:12 2025 +0000"
  },
  "message": "osbase/build/mkverity: make build reproducible\n\nThe verity encoder previously generated a random salt. To make the build\nreproducible, the salt is now taken from a hash of the entire input\nfile.\n\nI shortened the salt from 64 bytes to 16 bytes. This is enough for the\npurpose of the salt, which is to make hash collisions not reusable\nacross images. A potential benefit of the 64 byte salt is that it fills\na sha256 block and thus the remaining data is aligned to that block\nsize. On the other hand, with a 16 byte salt, one fewer hash block is\nneeded because the sha256 length fits in the last partially filled\nblock.\n\nThe encoder also generated a random UUID, but this did not affect\nreproducibility as we do not write the superblock. For now, I removed\nthe UUID generation as it is completely unused.\n\nNow, the build of //metropolis/node:oci_image is reproducible on my\nmachine.\n\nChange-Id: I756ca31d02e65c7d6ce7bbfd6749c835ab696f3f\nReviewed-on: https://review.monogon.dev/c/monogon/+/4418\nReviewed-by: Lorenz Brun \u003clorenz@monogon.tech\u003e\nTested-by: Jenkins CI\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "82db0da2a8d9b3469cf1f5b0988994e3505ea166",
      "old_mode": 33188,
      "old_path": "osbase/build/mkverity/mkverity.go",
      "new_id": "f75845d25ffcf41755848ff4b6043dfef5414d02",
      "new_mode": 33188,
      "new_path": "osbase/build/mkverity/mkverity.go"
    },
    {
      "type": "modify",
      "old_id": "5a968cd24c6832aae7923862942d114f548e0b9e",
      "old_mode": 33188,
      "old_path": "osbase/verity/encoder.go",
      "new_id": "6ba8b970ddf95309d70a88b6bd72dad6cb6848ac",
      "new_mode": 33188,
      "new_path": "osbase/verity/encoder.go"
    },
    {
      "type": "modify",
      "old_id": "012cb27e94130079b5786b09b71880e041fffbe2",
      "old_mode": 33188,
      "old_path": "osbase/verity/encoder_test.go",
      "new_id": "2c9c35b71cff71fbd226fc45e6386ce0c5cdf170",
      "new_mode": 33188,
      "new_path": "osbase/verity/encoder_test.go"
    }
  ]
}