pyrox.dev / nixpkgs
lol
fork atom

Merge pull request #14711 from puffnfresh/bug/docker-nondeterminism

dockerTools: make tars deterministic

Luca Bruno 230bf0ea a3d6602c

options
unified split
Changed files
+5 -5
pkgs
build-support
docker
default.nix
+5 -5
pkgs/build-support/docker/default.nix 
···

       
151

       
151

       
 

       



     

       
152

       
152

       
 

       
      postMount = ''


     

       
153

       
153

       
 

       
        echo Packing raw image


     

       
154

       

       
-

       
        tar -C mnt -cf $out .


     

       

       
154

       
+

       
        tar -C mnt --mtime=0 -cf $out .


     

       
155

       
155

       
 

       
      '';


     

       
156

       
156

       
 

       
    };


     

       
157

       
157

       
 

       
    


     
···

       
176

       
176

       
 

       
      


     

       
177

       
177

       
 

       
      echo Packing layer


     

       
178

       
178

       
 

       
      mkdir $out


     

       
179

       

       
-

       
      tar -C layer -cf $out/layer.tar .


     

       

       
179

       
+

       
      tar -C layer --mtime=0 -cf $out/layer.tar .


     

       
180

       
180

       
 

       
      ts=$(${tarsum} < $out/layer.tar)


     

       
181

       
181

       
 

       
      cat ${baseJson} | jshon -s "$ts" -i checksum > $out/json


     

       
182

       
182

       
 

       
      echo -n "1.0" > $out/VERSION


     
···

       
216

       
216

       
 

       



     

       
217

       
217

       
 

       
        echo Packing layer


     

       
218

       
218

       
 

       
        mkdir $out


     

       
219

       

       
-

       
        tar -C layer -cf $out/layer.tar .


     

       

       
219

       
+

       
        tar -C layer --mtime=0 -cf $out/layer.tar .


     

       
220

       
220

       
 

       
        ts=$(${tarsum} < $out/layer.tar)


     

       
221

       
221

       
 

       
        cat ${baseJson} | jshon -s "$ts" -i checksum > $out/json


     

       
222

       
222

       
 

       
        echo -n "1.0" > $out/VERSION


     
···

       
297

       
297

       
 

       
        tar -tf temp/layer.tar >> baseFiles


     

       
298

       
298

       
 

       
        sed 's/^\.//' -i baseFiles


     

       
299

       
299

       
 

       
        comm <(sort -n baseFiles|uniq) <(sort -n layerFiles|uniq|grep -v ${layer}) -1 -3 > newFiles


     

       
300

       

       
-

       
        tar -rpf temp/layer.tar --no-recursion --files-from newFiles 2>/dev/null || true


     

       

       
300

       
+

       
        tar -rpf temp/layer.tar --mtime=0 --no-recursion --files-from newFiles 2>/dev/null || true


     

       
301

       
301

       
 

       



     

       
302

       
302

       
 

       
        echo Adding meta


     

       
303

       
303

       
 

       
        


     
···

       
320

       
320

       
 

       
        chmod -R a-w image


     

       
321

       
321

       
 

       



     

       
322

       
322

       
 

       
        echo Cooking the image


     

       
323

       

       
-

       
        tar -C image -c . | pigz > $out


     

       

       
323

       
+

       
        tar -C image --mtime=0 -c . | pigz -nT > $out


     

       
324

       
324

       
 

       
      '';


     

       
325

       
325

       
 

       



     

       
326

       
326

       
 

       
    in