Skip to content

Non-determinism in JSON export #1211

Closed
Closed
@davidstrauss

Description

@davidstrauss

Description of issue or feature request:

I've been working to create a deterministic test fixture generator for PHP-TUF. I've rooted out the apparent sources of most meaningful non-determinism by fixing the clock and using a fixed well of keypairs. However, some of the JSON export appears to have different behavior on different systems.

Shown below is the diff I see when comparing generated data on GitHub Actions (on Python 3.9 with ubuntu-latest) versus on my laptop (also Python 3.9 but with Fedora 33). We've pinned all known dependencies using pipenv, so I don't think it's that.

This causes a cascading set of differences because other files use hashes of snapshot.json.

Could TUF canonicalize even the JSON data that isn't directly signed?

Current behavior:
Screenshot from 2020-11-12 12-30-35

Expected behavior:

Deterministic (ideally canonical) output of JSON that contains the same functional data.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions