Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Info: Build reproduced for v1.0.0 #30

Closed
kristovatlas opened this issue Sep 27, 2024 · 3 comments
Closed

Info: Build reproduced for v1.0.0 #30

kristovatlas opened this issue Sep 27, 2024 · 3 comments

Comments

@kristovatlas
Copy link
Contributor

I verified using make build that the sha256 sum of atomoned-v1.0.0-darwin-arm64 matches the one in SHA256SUMS-v1.0.0.txt: 1f412ab27ca74de7ead3e0f27389b5e1ed5369fab43dbb381abdc021c76d5e21
@kristovatlas kristovatlas added bug Something isn't working and removed bug Something isn't working labels Sep 27, 2024
@kristovatlas
Copy link
Contributor Author

Also verified 434c10a2007a01734fc353acc1b4082099b1f6c99b81371ddf4df3bf5f2f27d6 atomoned-v1.0.0-linux-arm64

@kristovatlas kristovatlas changed the title Info: sha256 sum for atomoned-v1.0.0-darwin-arm64 Info: sha256 sum for atomoned-v1.0.0-darwin-arm64/linux-arm64 Sep 27, 2024
@kristovatlas
Copy link
Contributor Author

generating atomoned with make build on linux i686: 6775ec68a81892cb741d360fbe047952759edc2ebc8bd36a803def31a76315af

@kristovatlas
Copy link
Contributor Author

I was able to reproduce all of the file hashes using goreleaser:

Steps

% go version
go version go1.21.13 darwin/arm64

% ~/go/bin/goreleaser -v
  ____       ____      _
 / ___| ___ |  _ \ ___| | ___  __ _ ___  ___ _ __
| |  _ / _ \| |_) / _ \ |/ _ \/ _` / __|/ _ \ '__|
| |_| | (_) |  _ <  __/ |  __/ (_| \__ \  __/ |
 \____|\___/|_| \_\___|_|\___|\__,_|___/\___|_|
goreleaser: Deliver Go Binaries as fast and easily as possible
https://goreleaser.com

GitVersion:    v1.24.0
GitCommit:     unknown
GitTreeState:  unknown
BuildDate:     unknown
BuiltBy:       unknown
GoVersion:     go1.21.13
Compiler:      gc
ModuleSum:     h1:jsoS5T2CvPKOyECPATAo8hCvUaX8ok4iAq9m5Zyl1L0=
Platform:      darwin/arm64

% git checkout tags/v1.0.0

% GOROOT=$(go1.21.13 env GOROOT) PATH=$GOROOT/bin:$PATH TM_VERSION=v0.37.5 ~/go/bin/goreleaser build --clean 

% find dist -type f -exec openssl dgst -sha256 {} \;
SHA2-256(dist/metadata.json)= ed91ac7859f1585dfab3c0048831cac1cefd94e01edadbd618a4b545166be8d9
SHA2-256(dist/config.yaml)= 7cd0ecd40a2759280b4ad867a703d406a48a9a28951bdfaa53857c534d4fdeac
SHA2-256(dist/atomoned_darwin_amd64_v1/atomoned)= 9e9ba6fda17e9791d5ea38e93807cd6dbd2af3a1a3e1dc97bfae26b9cb2fb201
SHA2-256(dist/atomoned_windows_amd64_v1/atomoned.exe)= 4ee28cfca97590d156f59249acf4c2ae21974728a3e0f55a1382abab8e8e3436
SHA2-256(dist/atomoned_darwin_arm64/atomoned)= 1f412ab27ca74de7ead3e0f27389b5e1ed5369fab43dbb381abdc021c76d5e21
SHA2-256(dist/atomoned_windows_arm64/atomoned.exe)= e29e5bc3aff354caf100fcaad35a9e0173276dd6a5f162a8939dee5f30c9b69e
SHA2-256(dist/atomoned_linux_amd64_v1/atomoned)= 78fcb6bcda906fc5b959cca985afab5a8486c17b63e1835faec0c0e57364582d
SHA2-256(dist/artifacts.json)= 7885c22d2baf77260c2f15a0a56d1bcc2a9f180d5ada4be2dd36cd007422b4d3
SHA2-256(dist/atomoned_linux_arm64/atomoned)= 434c10a2007a01734fc353acc1b4082099b1f6c99b81371ddf4df3bf5f2f27d6

@kristovatlas kristovatlas changed the title Info: sha256 sum for atomoned-v1.0.0-darwin-arm64/linux-arm64 Info: Build reproduced for v1.0.0 Oct 17, 2024
tbruyelle added a commit that referenced this issue Dec 10, 2024
@tbruyelle
fix(vuln): https://pkg.go.dev/vuln/GO-2024-3279 (#60)
4a894e1 
Spotted by `make vulncheck`

Last seen in
https://github.com/atomone-hub/atomone/actions/runs/12228478419/job/34106805715#step:4:14

```
Vulnerability #1: GO-2024-3279
    ASA-2024-010: cosmossdk.io/math: Mismatched bit-length validation in sdk.Int
    and sdk.Dec can lead to panic
  More info: https://pkg.go.dev/vuln/GO-2024-3279
  Module: cosmossdk.io/math
    Found in: cosmossdk.io/math@v1.3.0
    Fixed in: cosmossdk.io/math@v1.4.0
    Example traces found:
Error:       #1: app/export.go:209:63: app.AtomOneApp.prepForZeroHeightGenesis calls keeper.Keeper.ApplyAndReturnValidatorSetUpdates, which calls math.Int.Add
Error:       #2: app/genesis_account.go:31:33: app.SimGenesisAccount.Validate calls types.Coins.IsAnyNil, which eventually calls math.Int.BigInt
Error:       #3: x/gov/types/v1beta1/gov.pb.go:732:20: v1beta1.TallyResult.Equal calls math.Int.Equal
Error:       #4: x/gov/keeper/deposit.go:180:97: keeper.Keeper.AddDeposit calls types.Coins.IsAllGTE, which calls math.Int.GT
Error:       #5: ante/gov_vote_ante.go:46:[14](https://github.com/atomone-hub/atomone/actions/runs/12228478419/job/34106805715#step:4:15): ante.GovVoteDecorator.AnteHandle calls types.ChainAnteDecorators, which eventually calls math.Int.GTE
Error:       #6: app/app.go:254:26: app.AtomOneApp.BeginBlocker calls module.Manager.BeginBlock, which eventually calls math.Int.Int64
Error:       #7: app/app.go:254:26: app.AtomOneApp.BeginBlocker calls module.Manager.BeginBlock, which eventually calls math.Int.IsInt64
Error:       #8: x/gov/keeper/deposit.go:145:28: keeper.Keeper.AddDeposit calls types.NewCoin, which eventually calls math.Int.IsNegative
Error:       #9: x/gov/types/v1/msgs.go:101:30: types.MsgSubmitProposal.ValidateBasic calls types.MsgCancelUnbondingDelegation.ValidateBasic, which calls math.Int.IsPositive
Error:       #10: x/gov/keeper/tally.go:58:23: keeper.Keeper.HasReachedQuorum calls math.Int.IsZero
Error:       #11: x/gov/keeper/deposit.go:[15](https://github.com/atomone-hub/atomone/actions/runs/12228478419/job/34106805715#step:4:16)5:20: keeper.Keeper.AddDeposit calls types.Coin.IsGTE, which calls math.Int.LT
Error:       #12: x/gov/keeper/deposit.go:63:37: keeper.DeleteAndBurnDeposits calls keeper.BaseKeeper.BurnCoins, which eventually calls math.Int.Marshal
Error:       #13: x/gov/types/v1beta1/gov.pb.go:994:38: v1beta1.TallyResult.MarshalToSizedBuffer calls math.Int.MarshalTo
Error:       #14: app/export.go:11:2: app.init calls staking.init, which eventually calls math.Int.Mul
Error:       #15: x/gov/keeper/deposit.go:[16](https://github.com/atomone-hub/atomone/actions/runs/12228478419/job/34106805715#step:4:17)8:54: keeper.Keeper.AddDeposit calls keeper.BaseKeeper.SendCoinsFromAccountToModule, which eventually calls math.Int.Neg
Error:       #16: app/export.go:209:63: app.AtomOneApp.prepForZeroHeightGenesis calls keeper.Keeper.ApplyAndReturnValidatorSetUpdates, which eventually calls math.Int.Quo
Error:       #[17](https://github.com/atomone-hub/atomone/actions/runs/12228478419/job/34106805715#step:4:18): ante/gov_vote_ante.go:46:14: ante.GovVoteDecorator.AnteHandle calls types.ChainAnteDecorators, which eventually calls math.Int.QuoRaw
Error:       #[18](https://github.com/atomone-hub/atomone/actions/runs/12228478419/job/34106805715#step:4:19): x/gov/types/v1beta1/msgs.go:167:29: v1beta1.MsgDeposit.ValidateBasic calls types.Coins.IsAnyNegative, which eventually calls math.Int.Sign
Error:       #[19](https://github.com/atomone-hub/atomone/actions/runs/12228478419/job/34106805715#step:4:20): x/gov/types/v1beta1/gov.pb.go:1322:16: v1beta1.TallyResult.Size calls math.Int.Size
Error:       #[20](https://github.com/atomone-hub/atomone/actions/runs/12228478419/job/34106805715#step:4:21): x/gov/types/v1/tally.go:12:27: types.NewTallyResult calls math.Int.String
Error:       #[21](https://github.com/atomone-hub/atomone/actions/runs/12228478419/job/34106805715#step:4:22): app/export.go:209:63: app.AtomOneApp.prepForZeroHeightGenesis calls keeper.Keeper.ApplyAndReturnValidatorSetUpdates, which calls math.Int.Sub
Error:       #[22](https://github.com/atomone-hub/atomone/actions/runs/12228478419/job/34106805715#step:4:23): x/gov/keeper/deposit.go:145:73: keeper.Keeper.AddDeposit calls math.Int.ToLegacyDec
Error:       #23: x/gov/types/v1beta1/gov.pb.go:2141:29: v1beta1.TallyResult.Unmarshal calls math.Int.Unmarshal
Error:       #24: x/gov/types/v1beta1/msgs.go:263:32: v1beta1.MsgVoteWeighted.ValidateBasic calls math.LegacyDec.Add
Error:       #25: app/sim/sim_state.go:203:34: sim.AppStateRandomizedFn calls module.SimulationManager.GenerateGenesisStates, which eventually calls math.LegacyDec.BigInt
Error:       #26: ante/gov_vote_ante.go:46:14: ante.GovVoteDecorator.AnteHandle calls types.ChainAnteDecorators, which eventually calls math.LegacyDec.Ceil
Error:       #27: x/gov/types/v1beta1/params.go:68:[24](https://github.com/atomone-hub/atomone/actions/runs/12228478419/job/34106805715#step:4:25): v1beta1.TallyParams.Equal calls math.LegacyDec.Equal
Error:       #28: x/gov/client/cli/query.go:624:15: cli.GetCmdQueryProposer calls fmt.Sprintf, which eventually calls math.LegacyDec.Format
Error:       #29: x/gov/types/v1beta1/msgs.go:270:19: v1beta1.MsgVoteWeighted.ValidateBasic calls math.LegacyDec.GT
Error:       #30: x/gov/keeper/tally.go:93:26: keeper.Keeper.HasReachedQuorum calls math.LegacyDec.GTE
Error:       #31: x/gov/types/v1/params.go:129:22: types.Params.ValidateBasic calls math.LegacyDec.IsNegative
Error:       #32: x/gov/types/v1/msgs.go:101:30: types.MsgSubmitProposal.ValidateBasic calls types.MsgUpdateParams.ValidateBasic, which calls math.LegacyDec.IsNil
Error:       #33: x/gov/types/v1/params.go:140:26: types.Params.ValidateBasic calls math.LegacyDec.IsPositive
Error:       #34: x/gov/keeper/deposit.go:138:28: keeper.Keeper.AddDeposit calls math.LegacyDec.IsZero
Error:       #35: x/gov/types/v1beta1/msgs.go:274:19: v1beta1.MsgVoteWeighted.ValidateBasic calls math.LegacyDec.LT
Error:       #36: app/export.go:96:53: app.AtomOneApp.prepForZeroHeightGenesis calls keeper.Keeper.WithdrawDelegationRewards, which eventually calls math.LegacyDec.LTE
Error:       #37: app/app.go:[25](https://github.com/atomone-hub/atomone/actions/runs/12228478419/job/34106805715#step:4:26)4:26: app.AtomOneApp.BeginBlocker calls module.Manager.BeginBlock, which eventually calls math.LegacyDec.Marshal
Error:       #38: x/gov/types/v1beta1/gov.pb.go:1187:41: v1beta1.TallyParams.MarshalToSizedBuffer calls math.LegacyDec.MarshalTo
Error:       #39: x/gov/keeper/deposit.go:145:79: keeper.Keeper.AddDeposit calls math.LegacyDec.Mul
Error:       #40: x/gov/keeper/tally.go:1[26](https://github.com/atomone-hub/atomone/actions/runs/12228478419/job/34106805715#step:4:27):31: keeper.tallyVotes calls keeper.Keeper.IterateDelegations, which eventually calls math.LegacyDec.MulInt
Error:       #41: app/export.go:96:53: app.AtomOneApp.prepForZeroHeightGenesis calls keeper.Keeper.WithdrawDelegationRewards, which eventually calls math.LegacyDec.MulInt64
Error:       #42: app/app.go:254:26: app.AtomOneApp.BeginBlocker calls module.Manager.BeginBlock, which eventually calls math.LegacyDec.MulTruncate
Error:       #43: app/export.go:151:60: app.AtomOneApp.prepForZeroHeightGenesis calls keeper.Hooks.BeforeDelegationCreated, which eventually calls math.LegacyDec.Neg
Error:       #44: x/gov/keeper/tally.go:88:39: keeper.Keeper.HasReachedQuorum calls math.LegacyDec.Quo
Error:       #45: app/app.go:254:26: app.AtomOneApp.BeginBlocker calls module.Manager.BeginBlock, which eventually calls math.LegacyDec.QuoInt
Error:       #46: app/app.go:254:26: app.AtomOneApp.BeginBlocker calls module.Manager.BeginBlock, which eventually calls math.LegacyDec.QuoRoundUp
Error:       #47: app/export.go:96:53: app.AtomOneApp.prepForZeroHeightGenesis calls keeper.Keeper.WithdrawDelegationRewards, which eventually calls math.LegacyDec.QuoTruncate
Error:       #48: x/gov/keeper/deposit.go:246:112: keeper.Keeper.validateInitialDeposit calls math.LegacyDec.RoundInt
Error:       #49: x/gov/simulation/genesis.go:84:52: simulation.GenTallyParamsConstitutionalThreshold calls math.LegacyDec.RoundInt64
Error:       #50: x/gov/types/v1beta1/gov.pb.go:1392:19: v1beta1.TallyParams.Size calls math.LegacyDec.Size
Error:       #51: x/gov/keeper/msg_server.go:[27](https://github.com/atomone-hub/atomone/actions/runs/12228478419/job/34106805715#step:4:28)4:29: keeper.legacyMsgServer.VoteWeighted calls math.LegacyDec.String
Error:       #52: x/gov/keeper/tally.go:41:25: keeper.Keeper.Tally calls math.LegacyDec.Sub
Error:       #53: x/gov/keeper/deposit.go:145:108: keeper.Keeper.AddDeposit calls math.LegacyDec.TruncateInt
Error:       #54: cmd/atomoned/main.go:16:26: atomoned.main calls cmd.Execute, which eventually calls math.LegacyDec.TruncateInt64
Error:       #55: x/gov/types/v1beta1/gov.pb.go:2680:32: v1beta1.TallyParams.Unmarshal calls math.LegacyDec.Unmarshal
Error:       #56: app/export.go:96:53: app.AtomOneApp.prepForZeroHeightGenesis calls keeper.Keeper.WithdrawDelegationRewards, which eventually calls math.LegacyMinDec
Error:       #57: x/gov/simulation/genesis.go:73:37: simulation.GenMinDepositRatio calls math.LegacyMustNewDecFromStr
Error:       #58: x/gov/types/v1beta1/msgs.go:257:34: v1beta1.MsgVoteWeighted.ValidateBasic calls math.LegacyNewDec
Error:       #59: app/sim/sim_state.go:203:34: sim.AppStateRandomizedFn calls module.SimulationManager.GenerateGenesisStates, which eventually calls math.LegacyNewDecFromBigIntWithPrec
Error:       #60: x/gov/keeper/tally.go:88:64: keeper.Keeper.HasReachedQuorum calls math.LegacyNewDecFromInt
Error:       #61: x/gov/keeper/grpc_query.go:406:35: keeper.legacyQueryServer.Params calls math.LegacyNewDecFromStr
Error:       #62: x/gov/simulation/genesis.go:85:27: simulation.GenTallyParamsConstitutionalThreshold calls math.LegacyNewDecWithPrec
Error:       #63: x/gov/types/v1/params.go:132:32: types.Params.ValidateBasic calls math.LegacyOneDec
Error:       #64: app/export.go:96:53: app.AtomOneApp.prepForZeroHeightGenesis calls keeper.Keeper.WithdrawDelegationRewards, which eventually calls math.LegacySmallestDec
Error:       #65: x/gov/keeper/tally.go:41:77: keeper.Keeper.Tally calls math.LegacyZeroDec
Error:       #66: app/app.go:254:26: app.AtomOneApp.BeginBlocker calls module.Manager.BeginBlock, which eventually calls math.MaxInt
Error:       #67: app/app.go:254:26: app.AtomOneApp.BeginBlocker calls module.Manager.BeginBlock, which eventually calls math.MinInt
Error:       #68: app/helpers/test_helpers.go:79:69: helpers.Setup calls math.NewInt
Error:       #69: x/gov/keeper/proposal.go:72:24: keeper.Keeper.SubmitProposal calls baseapp.RegisterService, which eventually calls math.NewIntFromBigInt
Error:       #70: x/gov/migrations/v3/convert.go:73:35: migrations.ConvertToLegacyTallyResult calls math.NewIntFromString
Error:       #71: x/gov/types/v1beta1/codec.go:7:2: v1beta1.init calls types.init, which calls math.NewIntFromUint64
Error:       #72: app/sim/sim_state.go:203:34: sim.AppStateRandomizedFn calls module.SimulationManager.GenerateGenesisStates, which eventually calls math.OneInt
Error:       #73: x/gov/types/v1beta1/tally.go:55:36: v1beta1.EmptyTallyResult calls math.ZeroInt
Error:       #74: app/sim/sim_state.go:205:[31](https://github.com/atomone-hub/atomone/actions/runs/12228478419/job/34106805715#step:4:32): sim.AppStateRandomizedFn calls json.Marshal, which eventually calls math.init
Error:       #75: x/gov/types/v1beta1/genesis.go:6:2: v1beta1.init calls math.init
```
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@kristovatlas