Packaging Principles
All Cardano software is packaged according to the following principles.
- Reproducibility
- Uncompromising GitOps
- The 4 Layers of Packaging
Reproducibility
All Cardano software published via this repository is built in a reproducible manner. That means, given a specific checkout of this repository, anyone will be able with time and knowledge to reproduce byte-equivalent artifacts compared to the ones that we publish as releases.
This reproducibility is such that it percolates the entire build stack and up to the most fundamental bootstrapping of the compiler toolchain.
Reproducability produces high-integrity build artifacts and is the only route to sensible software supply chain auditing. → We build Cardano with the same rigor as we write it.
Additional Resources
-
If this is new to you, see: https://reproducible-builds.org/
-
And for even more mind-blow, see: https://bootstrappable.org/
-
Make sure to also read up the legendary Ken Thompson's "Reflections on Trusting Trust".
Uncompromising GitOps
Building on the previous principle, all our build instructions are code. That means
with a simple checkout, a single system dependency on nix
and simple
nix
commands, you can do one or all of the following things (and more):
- Build a binary (and also publish it)
- Build an entrypoint
- Build an OCI-Image (and also publish it)
- Build the scheduler spec (and also deploy it)
The 4 Layer of Packaging
Based on the previous principles, to get a runnable shipped, we look at 4 layers of packaging:
- The binary packaging (
nix/cardano/packages/default.nix
) - The entrypoint packaging (
nix/cardano/entrypoints.nix
) - The OCI image packaging (
nix/cardano/oci-images.nix
) - The scheduler packaging (
nix/cardano/nomadJob/default.nix
)
You can consume any of those artifacts according to your deployment scenario, but usually using our published OCI-images ("docker") might be a good start.