Skip to content

Fix package consistency - retain shasum for the package#10178

Closed
FrenchBen wants to merge 10 commits intohelm:mainfrom
FrenchBen:fix-packages
Closed

Fix package consistency - retain shasum for the package#10178
FrenchBen wants to merge 10 commits intohelm:mainfrom
FrenchBen:fix-packages

Conversation

@FrenchBen
Copy link
Contributor

@FrenchBen FrenchBen commented Sep 23, 2021
edited
Loading

What this PR does / why we need it: Fixes #3612

Special notes for your reviewer:
We also have this PR pending for it: #9674
I believe this is the better approach, by leveraging the file modtime, instead of creating a new one in the tar headers.

If applicable:

  • this PR contains documentation
  • this PR contains unit tests
  • this PR has been tested for backwards compatibility

Added test for package SHA showing a repeatable process:

$ go test -v ./.../chartutil -run TestRepeatableSave
=== RUN   TestRepeatableSave
=== RUN   TestRepeatableSave/Package_1_file
=== RUN   TestRepeatableSave/Package_2_files
--- PASS: TestRepeatableSave (0.01s)
    --- PASS: TestRepeatableSave/Package_1_file (0.00s)
    --- PASS: TestRepeatableSave/Package_2_files (0.00s)
PASS
ok      helm.sh/helm/v3/pkg/chartutil   1.020s

Validation

$ cd $(mktemp -d)
$ helm create foo
$ helm package foo
Successfully packaged chart and saved it to: /tmp/foo-0.1.0.tgz
$ shasum -a 256 foo-0.1.0.tgz
0f06258f0d51ffbd8dfd3bd503f490ea35a02a84cd2a33104990d34e5cdfb4c9  foo-0.1.0.tgz
$ rm foo-0.1.0.tgz
$ helm package foo
Successfully packaged chart and saved it to: /tmp/foo-0.1.0.tgz
$ shasum -a 256 foo-0.1.0.tgz
0f06258f0d51ffbd8dfd3bd503f490ea35a02a84cd2a33104990d34e5cdfb4c9  foo-0.1.0.tgz
$ helm version
version.BuildInfo{Version:"v3.7+unreleased", GitCommit:"f933eaa8215b9ec7287a46b9fa3bc0166d448588", GitTreeState:"dirty", GoVersion:"go1.17"}

@helm-bot helm-bot added the size/M Denotes a PR that changes 30-99 lines, ignoring generated files. label Sep 23, 2021
@FrenchBen FrenchBen changed the title Fix packages Fix package consistency - retain shasum for the package Sep 23, 2021
@helm-bot helm-bot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Sep 23, 2021
zonggen
zonggen reviewed Sep 24, 2021
View reviewed changes
pkg/chart/loader/load_test.go Outdated
home: http://example.com
icon: https://example.com/64x64.png
`),
ModTime: time.Now(),
Copy link
Member

@zonggen zonggen Sep 24, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Think we need a c.ModTime check in TestLoadFiles since other fields in c were also checked.

Copy link
Contributor Author

@FrenchBen FrenchBen Sep 26, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done!

@zonggen
Copy link
Member

zonggen commented Sep 24, 2021

Don't think the provided test case will reproduce the original issue, since the issue does not happen all the time (70% of the time sha is identical). Also as pointed out in #3612 (comment) and #9674 (comment), the potential fix is to enforce the deterministic file ordering within tarballs. It would be great if you could provide test cases to reproduce the original issue (#9674 (review)).

@FrenchBen
Copy link
Contributor Author

FrenchBen commented Sep 26, 2021
edited
Loading

@zonggen I don't believe that file ordering is the key here, as walking the dir to add files into the array, as currently done, should be a repeatable process.

Golang Walk pkg: https://pkg.go.dev/path/filepath#Walk

The files are walked in lexical order, which makes the output deterministic but requires Walk to read an entire directory into memory before proceeding to walk that directory.

I went ahead and added the exact same test found in this PR, without the mod-time, to the main branch.
Code is here: https://github.com/FrenchBen/helm/tree/test-package

Repeatedly got wrong SHA: (not 70%)

$ for i in {1..10}; do go test -v ./.../chartutil -run TestRepeatableSave; done
=== RUN   TestRepeatableSave
=== RUN   TestRepeatableSave/Package_1_file
    save_test.go:312: FormatName() result = 3e36a09b6d1314a979db881a0cade51623edd76dc2530f6ffa639019908eb6f9, want 5427738f1e4fffdc6e67bf3dfb0abd19e5d77900778b744461707ff5b980878c
=== RUN   TestRepeatableSave/Package_2_files
    save_test.go:312: FormatName() result = 2327efd695c1286ce2865a4c8f3689ee852815d7cece097d6f94fead3c10da75, want 0347ca299620594f1459c80dada72802a2b1e05fdba6142c1f2d3d1d887eb348
--- FAIL: TestRepeatableSave (0.00s)
    --- FAIL: TestRepeatableSave/Package_1_file (0.00s)
    --- FAIL: TestRepeatableSave/Package_2_files (0.00s)
FAIL
FAIL    helm.sh/helm/v3/pkg/chartutil   0.858s
FAIL
=== RUN   TestRepeatableSave
=== RUN   TestRepeatableSave/Package_1_file
    save_test.go:312: FormatName() result = f8cc15afea1f94700341c332b664ba482f4d8242baaa8f9b049b3d03278426a5, want 5427738f1e4fffdc6e67bf3dfb0abd19e5d77900778b744461707ff5b980878c
=== RUN   TestRepeatableSave/Package_2_files
    save_test.go:312: FormatName() result = 883592bd45b319f3a489b94c80095ec6f8d3eaed683cd89f51954eba6ccfe0d9, want 0347ca299620594f1459c80dada72802a2b1e05fdba6142c1f2d3d1d887eb348
--- FAIL: TestRepeatableSave (0.00s)
    --- FAIL: TestRepeatableSave/Package_1_file (0.00s)
    --- FAIL: TestRepeatableSave/Package_2_files (0.00s)
FAIL
FAIL    helm.sh/helm/v3/pkg/chartutil   0.765s
FAIL
=== RUN   TestRepeatableSave
=== RUN   TestRepeatableSave/Package_1_file
    save_test.go:312: FormatName() result = e8e7dd8bb7a6da7f9227c09886a041d23f9c7235ad38c165c0b474b56dccd0d6, want 5427738f1e4fffdc6e67bf3dfb0abd19e5d77900778b744461707ff5b980878c
=== RUN   TestRepeatableSave/Package_2_files
    save_test.go:312: FormatName() result = 8aa5715e946f76ea9d07a0b1d69f1d4d129c41db3dc8ef6ca331c3079a79dd2d, want 0347ca299620594f1459c80dada72802a2b1e05fdba6142c1f2d3d1d887eb348
--- FAIL: TestRepeatableSave (0.00s)
    --- FAIL: TestRepeatableSave/Package_1_file (0.00s)
    --- FAIL: TestRepeatableSave/Package_2_files (0.00s)
FAIL
FAIL    helm.sh/helm/v3/pkg/chartutil   0.815s
FAIL
=== RUN   TestRepeatableSave
=== RUN   TestRepeatableSave/Package_1_file
    save_test.go:312: FormatName() result = d17119de54770e06ecccd5d5c84a1059728bdd9ecc84a8ed37052bdb22a31e27, want 5427738f1e4fffdc6e67bf3dfb0abd19e5d77900778b744461707ff5b980878c
=== RUN   TestRepeatableSave/Package_2_files
    save_test.go:312: FormatName() result = 217b2bdaf2ecc34b5562b34b88f29f7b7bf93626b3844c99e299edc6247bc326, want 0347ca299620594f1459c80dada72802a2b1e05fdba6142c1f2d3d1d887eb348
--- FAIL: TestRepeatableSave (0.00s)
    --- FAIL: TestRepeatableSave/Package_1_file (0.00s)
    --- FAIL: TestRepeatableSave/Package_2_files (0.00s)
FAIL
FAIL    helm.sh/helm/v3/pkg/chartutil   0.776s
FAIL
=== RUN   TestRepeatableSave
=== RUN   TestRepeatableSave/Package_1_file
    save_test.go:312: FormatName() result = b8bb89d89eaac69a6d044fbebb2c3deb58a25c5fe902ef545b1b0e60803b8d3d, want 5427738f1e4fffdc6e67bf3dfb0abd19e5d77900778b744461707ff5b980878c
=== RUN   TestRepeatableSave/Package_2_files
    save_test.go:312: FormatName() result = bf74ee4041caca5d02ed3bf831a6f38842565d9c8a0202246399d682809430ae, want 0347ca299620594f1459c80dada72802a2b1e05fdba6142c1f2d3d1d887eb348
--- FAIL: TestRepeatableSave (0.00s)
    --- FAIL: TestRepeatableSave/Package_1_file (0.00s)
    --- FAIL: TestRepeatableSave/Package_2_files (0.00s)
FAIL
FAIL    helm.sh/helm/v3/pkg/chartutil   0.786s
FAIL
=== RUN   TestRepeatableSave
=== RUN   TestRepeatableSave/Package_1_file
    save_test.go:312: FormatName() result = 77727a20397cf8d85e6c376a3805bd79d3b03cf63b50f4728d0cf9b1cab87d4d, want 5427738f1e4fffdc6e67bf3dfb0abd19e5d77900778b744461707ff5b980878c
=== RUN   TestRepeatableSave/Package_2_files
    save_test.go:312: FormatName() result = 760520cce1187f63d0101dabc89e3d96649ebcbc08480680fefeee42687cb669, want 0347ca299620594f1459c80dada72802a2b1e05fdba6142c1f2d3d1d887eb348
--- FAIL: TestRepeatableSave (0.00s)
    --- FAIL: TestRepeatableSave/Package_1_file (0.00s)
    --- FAIL: TestRepeatableSave/Package_2_files (0.00s)
FAIL
FAIL    helm.sh/helm/v3/pkg/chartutil   0.778s
FAIL
=== RUN   TestRepeatableSave
=== RUN   TestRepeatableSave/Package_1_file
    save_test.go:312: FormatName() result = 579e865851dd68bdd7e155d39330ddad21359241c16565dac249cc56b7a1516c, want 5427738f1e4fffdc6e67bf3dfb0abd19e5d77900778b744461707ff5b980878c
=== RUN   TestRepeatableSave/Package_2_files
    save_test.go:312: FormatName() result = 24635edf7c31d2d9adb1d48ed82e42e288fe22240084e73a91a6faca403ece5f, want 0347ca299620594f1459c80dada72802a2b1e05fdba6142c1f2d3d1d887eb348
--- FAIL: TestRepeatableSave (0.00s)
    --- FAIL: TestRepeatableSave/Package_1_file (0.00s)
    --- FAIL: TestRepeatableSave/Package_2_files (0.00s)
FAIL
FAIL    helm.sh/helm/v3/pkg/chartutil   0.657s
FAIL
=== RUN   TestRepeatableSave
=== RUN   TestRepeatableSave/Package_1_file
    save_test.go:312: FormatName() result = 2b7996fc3409a1ed88f309740ae12a610f4b29219d9f3f6d7c8eea6c1e43152c, want 5427738f1e4fffdc6e67bf3dfb0abd19e5d77900778b744461707ff5b980878c
=== RUN   TestRepeatableSave/Package_2_files
    save_test.go:312: FormatName() result = dc84a9e8fe3987cfb168c81ed07a5a06a8a1d21efa62ca082f929e54bc62abe8, want 0347ca299620594f1459c80dada72802a2b1e05fdba6142c1f2d3d1d887eb348
--- FAIL: TestRepeatableSave (0.01s)
    --- FAIL: TestRepeatableSave/Package_1_file (0.00s)
    --- FAIL: TestRepeatableSave/Package_2_files (0.00s)
FAIL
FAIL    helm.sh/helm/v3/pkg/chartutil   0.731s
FAIL
=== RUN   TestRepeatableSave
=== RUN   TestRepeatableSave/Package_1_file
    save_test.go:312: FormatName() result = fe092111af4656b53302f891cd7e19df4fc40dc0f20a97d1d430caad67600275, want 5427738f1e4fffdc6e67bf3dfb0abd19e5d77900778b744461707ff5b980878c
=== RUN   TestRepeatableSave/Package_2_files
    save_test.go:312: FormatName() result = 6bd212b104bd0d4eddcd15b8511d11056bf70f44f035a4907c748b066ce79439, want 0347ca299620594f1459c80dada72802a2b1e05fdba6142c1f2d3d1d887eb348
--- FAIL: TestRepeatableSave (0.00s)
    --- FAIL: TestRepeatableSave/Package_1_file (0.00s)
    --- FAIL: TestRepeatableSave/Package_2_files (0.00s)
FAIL
FAIL    helm.sh/helm/v3/pkg/chartutil   0.701s
FAIL
=== RUN   TestRepeatableSave
=== RUN   TestRepeatableSave/Package_1_file
    save_test.go:312: FormatName() result = 4c8cc8cb2d2743a0bab681dd0dfe18337585c4250dc8723b6848a28c1d634a31, want 5427738f1e4fffdc6e67bf3dfb0abd19e5d77900778b744461707ff5b980878c
=== RUN   TestRepeatableSave/Package_2_files
    save_test.go:312: FormatName() result = bc6b98c588ee1ba68dd0208e6f5cbef80c3ddab82f45a37d073c15936725036c, want 0347ca299620594f1459c80dada72802a2b1e05fdba6142c1f2d3d1d887eb348
--- FAIL: TestRepeatableSave (0.00s)
    --- FAIL: TestRepeatableSave/Package_1_file (0.00s)
    --- FAIL: TestRepeatableSave/Package_2_files (0.00s)
FAIL
FAIL    helm.sh/helm/v3/pkg/chartutil   0.644s
FAIL

@zonggen
Copy link
Member

zonggen commented Sep 27, 2021

Thanks for the explanation! I reproduced your go test on main without ModTime, found the same result as printed above. Then I went ahead to reproduce the original issue. Unfortunately I'm still seeing the issue:

$ for i in {1..10}; do helm package druid/ > /dev/null  && sha256sum druid-0.3.0.tgz && rm druid-0.3.0.tgz; done

c30215b3c7c73ded7ffb2c15dffbd088bd3247ee98bc6a67e55906831a6772f7  druid-0.3.0.tgz
c30215b3c7c73ded7ffb2c15dffbd088bd3247ee98bc6a67e55906831a6772f7  druid-0.3.0.tgz
c30215b3c7c73ded7ffb2c15dffbd088bd3247ee98bc6a67e55906831a6772f7  druid-0.3.0.tgz
a5acbb7b1329a0d712d0a6dd1e53300ec0c3e505a00ac74a3a0e15ceb0d04ad2  druid-0.3.0.tgz
c30215b3c7c73ded7ffb2c15dffbd088bd3247ee98bc6a67e55906831a6772f7  druid-0.3.0.tgz
a5acbb7b1329a0d712d0a6dd1e53300ec0c3e505a00ac74a3a0e15ceb0d04ad2  druid-0.3.0.tgz
c30215b3c7c73ded7ffb2c15dffbd088bd3247ee98bc6a67e55906831a6772f7  druid-0.3.0.tgz
c30215b3c7c73ded7ffb2c15dffbd088bd3247ee98bc6a67e55906831a6772f7  druid-0.3.0.tgz
a961fbf2dad4381b86b28a03436ccb62786811239fafe13d978275fbea8c2190  druid-0.3.0.tgz
c30215b3c7c73ded7ffb2c15dffbd088bd3247ee98bc6a67e55906831a6772f7  druid-0.3.0.tgz

I used a modified chart which has three subcharts.

@FrenchBen
Copy link
Contributor Author

FrenchBen commented Sep 27, 2021
edited
Loading

Great use case @zonggen - let me reproduce on my end, and figure out why this isn't fixed as I'd expect it to.
--edit-- looks like it's the order in which it adds the sub-charts to the package

root@beeb9343891c:~# helm package druid/
Dependency: mysql
Dependency: postgresql
Dependency: zookeeper
Successfully packaged chart and saved it to: /root/druid-0.3.0.tgz
root@beeb9343891c:~# rm druid-0.3.0.tgz
root@beeb9343891c:~# helm package druid/
Dependency: zookeeper
Dependency: mysql
Dependency: postgresql
Successfully packaged chart and saved it to: /root/druid-0.3.0.tgz

@FrenchBen
Keep the subcharts sorted
29620aa 
Signed-off-by: frenchben <[email protected]>
@FrenchBen
Copy link
Contributor Author

FrenchBen commented Sep 27, 2021
edited
Loading

@zonggen Fixed! Since subcharts were using map[string] which is unsorted, it didn't always return the same results. proof
I created a small key index, to make sure the results are consistent.

for i in {1..20}; do helm package druid/ > /dev/null  && sha256sum druid-0.3.0.tgz && rm druid-0.3.0.tgz; done
6e5341abd057d2f8424f5aeb792e4724052361c405e8354325ccc0a30ab9719a  druid-0.3.0.tgz
6e5341abd057d2f8424f5aeb792e4724052361c405e8354325ccc0a30ab9719a  druid-0.3.0.tgz
6e5341abd057d2f8424f5aeb792e4724052361c405e8354325ccc0a30ab9719a  druid-0.3.0.tgz
6e5341abd057d2f8424f5aeb792e4724052361c405e8354325ccc0a30ab9719a  druid-0.3.0.tgz
6e5341abd057d2f8424f5aeb792e4724052361c405e8354325ccc0a30ab9719a  druid-0.3.0.tgz
6e5341abd057d2f8424f5aeb792e4724052361c405e8354325ccc0a30ab9719a  druid-0.3.0.tgz
6e5341abd057d2f8424f5aeb792e4724052361c405e8354325ccc0a30ab9719a  druid-0.3.0.tgz
6e5341abd057d2f8424f5aeb792e4724052361c405e8354325ccc0a30ab9719a  druid-0.3.0.tgz
6e5341abd057d2f8424f5aeb792e4724052361c405e8354325ccc0a30ab9719a  druid-0.3.0.tgz
6e5341abd057d2f8424f5aeb792e4724052361c405e8354325ccc0a30ab9719a  druid-0.3.0.tgz
6e5341abd057d2f8424f5aeb792e4724052361c405e8354325ccc0a30ab9719a  druid-0.3.0.tgz
6e5341abd057d2f8424f5aeb792e4724052361c405e8354325ccc0a30ab9719a  druid-0.3.0.tgz
6e5341abd057d2f8424f5aeb792e4724052361c405e8354325ccc0a30ab9719a  druid-0.3.0.tgz
6e5341abd057d2f8424f5aeb792e4724052361c405e8354325ccc0a30ab9719a  druid-0.3.0.tgz
6e5341abd057d2f8424f5aeb792e4724052361c405e8354325ccc0a30ab9719a  druid-0.3.0.tgz
6e5341abd057d2f8424f5aeb792e4724052361c405e8354325ccc0a30ab9719a  druid-0.3.0.tgz
6e5341abd057d2f8424f5aeb792e4724052361c405e8354325ccc0a30ab9719a  druid-0.3.0.tgz
6e5341abd057d2f8424f5aeb792e4724052361c405e8354325ccc0a30ab9719a  druid-0.3.0.tgz
6e5341abd057d2f8424f5aeb792e4724052361c405e8354325ccc0a30ab9719a  druid-0.3.0.tgz
6e5341abd057d2f8424f5aeb792e4724052361c405e8354325ccc0a30ab9719a  druid-0.3.0.tgz

@zonggen
Copy link
Member

zonggen commented Sep 28, 2021

Tested with latest change (ModTime + subchart load order), worked as expected: same hash for each run.

Then I was curious to see if only changing the load order will fix this issue (without ModTime). Turned out that without ModTime, it is less likely to have different hash, but still happens occasionally:

$ for i in {1..20}; do helm package druid/ > /dev/null  && sha256sum druid-0.3.0.tgz && rm druid-0.3.0.tgz; done

4d8cc0bb5e1e11d3b938b679e62eec9eb4a796e606ef5c9d84f3b408e1535f64  druid-0.3.0.tgz
4d8cc0bb5e1e11d3b938b679e62eec9eb4a796e606ef5c9d84f3b408e1535f64  druid-0.3.0.tgz
4d8cc0bb5e1e11d3b938b679e62eec9eb4a796e606ef5c9d84f3b408e1535f64  druid-0.3.0.tgz
4d8cc0bb5e1e11d3b938b679e62eec9eb4a796e606ef5c9d84f3b408e1535f64  druid-0.3.0.tgz
4d8cc0bb5e1e11d3b938b679e62eec9eb4a796e606ef5c9d84f3b408e1535f64  druid-0.3.0.tgz
4d8cc0bb5e1e11d3b938b679e62eec9eb4a796e606ef5c9d84f3b408e1535f64  druid-0.3.0.tgz
4d8cc0bb5e1e11d3b938b679e62eec9eb4a796e606ef5c9d84f3b408e1535f64  druid-0.3.0.tgz
4d8cc0bb5e1e11d3b938b679e62eec9eb4a796e606ef5c9d84f3b408e1535f64  druid-0.3.0.tgz
4d8cc0bb5e1e11d3b938b679e62eec9eb4a796e606ef5c9d84f3b408e1535f64  druid-0.3.0.tgz
4d8cc0bb5e1e11d3b938b679e62eec9eb4a796e606ef5c9d84f3b408e1535f64  druid-0.3.0.tgz
4d8cc0bb5e1e11d3b938b679e62eec9eb4a796e606ef5c9d84f3b408e1535f64  druid-0.3.0.tgz
4d8cc0bb5e1e11d3b938b679e62eec9eb4a796e606ef5c9d84f3b408e1535f64  druid-0.3.0.tgz
4d8cc0bb5e1e11d3b938b679e62eec9eb4a796e606ef5c9d84f3b408e1535f64  druid-0.3.0.tgz
4d8cc0bb5e1e11d3b938b679e62eec9eb4a796e606ef5c9d84f3b408e1535f64  druid-0.3.0.tgz
66f5e13dd451f60807e6d7b75e7a3b128e49592eda384ed37d28ebabbf48169f  druid-0.3.0.tgz
66f5e13dd451f60807e6d7b75e7a3b128e49592eda384ed37d28ebabbf48169f  druid-0.3.0.tgz
66f5e13dd451f60807e6d7b75e7a3b128e49592eda384ed37d28ebabbf48169f  druid-0.3.0.tgz
66f5e13dd451f60807e6d7b75e7a3b128e49592eda384ed37d28ebabbf48169f  druid-0.3.0.tgz
66f5e13dd451f60807e6d7b75e7a3b128e49592eda384ed37d28ebabbf48169f  druid-0.3.0.tgz
66f5e13dd451f60807e6d7b75e7a3b128e49592eda384ed37d28ebabbf48169f  druid-0.3.0.tgz

So I think both changes are needed and this PR seems to fix the original issue. Waiting for core maintainers to chime in :)

zonggen
zonggen reviewed Sep 28, 2021
View reviewed changes
@FrenchBen
Remove old comment
e4d4f96 
Signed-off-by: frenchben <[email protected]>
@FrenchBen
Copy link
Contributor Author

FrenchBen commented Sep 28, 2021

@zonggen for double checking my work! Now part of me wonders if I shouldn't have done ModTime + the sorting from #9674 to get this in cleaner 😅

@FrenchBen
Copy link
Contributor Author

FrenchBen commented Oct 26, 2021

bump @bacongobbler :)

@FrenchBen
Copy link
Contributor Author

FrenchBen commented Nov 8, 2021

/cc @technosophos @mattfarina @jdolitsky

@Mathiasdm
Copy link

Mathiasdm commented Aug 9, 2022
edited
Loading

So... could this one go in? It looks like a useful improvement I'd like to use ;-)
(Without this change, I need to untar and tar the package again before upload)

@FalkW
Copy link

FalkW commented Sep 27, 2022

So... could this one go in? It looks like a useful improvement I'd like to use ;-) (Without this change, I need to untar and tar the package again before upload)

@Mathiasdm how do you tar it? I close to giving up as the tgz-files from helm always create a different checksum after unpacking and repacking (If I run helm package on the same chart content in between)

So far I've tried:
tar -I 'gzip --no-name' --format gnu -cvf "../$chart_file_full_name" "$chart_file"
GZIP=-n tar --format gnu -czvf "../$chart_file_full_name" "$chart_file"
tar -czvf "../$chart_file_full_name" "$chart_file"
tar -I 'gzip --no-name' -cvf "../$chart_file_full_name" "$chart_file"
tar -c "$chart_file" | gzip --no-name > "../$chart_file_full_name"

@h0tbird
Copy link

h0tbird commented Oct 4, 2022

Thanks for doing this @FrenchBen, today I needed this and I ended up here 😄
Maybe putting this feature behind a flag will make it more likely to be accepted by maintainers?

@joejulian joejulian added this to the 3.11.0 milestone Oct 4, 2022
@FrenchBen
Copy link
Contributor Author

FrenchBen commented Jan 12, 2023

@h0tbird it's technically an existing command, that provided inconsistent shasum when building a package.
This allows for the process to be consistently repeatable :)

@mattfarina mattfarina added this to the 3.15.0 milestone Mar 13, 2024
@mattfarina mattfarina modified the milestones: 3.15.0, 3.16.0 Jun 12, 2024
@FrenchBen
Copy link
Contributor Author

FrenchBen commented Jul 17, 2024

Back to the top, and hoping that we can get this merged :)
Thanks @mattfarina

@FrenchBen FrenchBen mentioned this pull request Jul 17, 2024
Closed
3 tasks
@FrenchBen
Copy link
Contributor Author

FrenchBen commented Jul 18, 2024

@FrenchBen TODO: Add idempotent flag to the CLI to prevent breaking Helm 3.
Can become default in Helm 4

@scottrigby scottrigby modified the milestones: 3.16.0, 3.17.0 Sep 11, 2024
@gjenkins8 gjenkins8 self-assigned this Dec 20, 2024
@max-rocket-internet
Copy link

max-rocket-internet commented Jan 8, 2025

Any update on the contribution? @gjenkins8 @mattfarina?

We are also facing an issue where the sums are different for every build (of the same chart version) which makes it seem like the OCI chart package is always changing.

The issue is now almost 7 years old 😐

@scottrigby scottrigby modified the milestones: 3.17.0, 3.18.0, 3.17.1 Jan 15, 2025
@mattfarina mattfarina modified the milestones: 3.17.1, 3.17.2 Feb 12, 2025
@scottrigby scottrigby modified the milestones: 3.17.2, 3.17.3 Mar 13, 2025
@scottrigby scottrigby added the bug Categorizes issue or PR as related to a bug. label Mar 13, 2025
@mattfarina mattfarina modified the milestones: 3.17.3, 3.18.1 May 19, 2025
@mattfarina mattfarina modified the milestones: 3.18.1, 3.18.3 May 28, 2025
@mattfarina mattfarina modified the milestones: 3.18.3, 3.18.4 Jun 16, 2025
@scottrigby scottrigby modified the milestones: 3.18.5, v4 Sep 5, 2025
@mattfarina mattfarina mentioned this pull request Sep 24, 2025
Merged
3 tasks
@TerryHowe
Copy link
Contributor

TerryHowe commented Sep 24, 2025

Closing in favor of #31323 reopen if I missed something

@TerryHowe TerryHowe closed this Sep 24, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@zonggen zonggen zonggen left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@gjenkins8 gjenkins8

Labels

bug Categorizes issue or PR as related to a bug. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.

Projects

None yet

Milestone

4.0.0

Development

Successfully merging this pull request may close these issues.

helm package should produce bitwise-deterministic tar files