diff options
author | Brian McKenna <bmckenna@atlassian.com> | 2016-04-14 22:04:39 +1000 |
---|---|---|
committer | Brian McKenna <bmckenna@atlassian.com> | 2016-04-15 09:29:15 +1000 |
commit | bc2f314f7355531c1f5cb780b04442df269b903a (patch) | |
tree | 2217e94301c2775fd793803b0c95724465fb3fa5 /pkgs/build-support/docker | |
parent | ab428dce14f3dacd61e073eba14a9a9c9fcdde03 (diff) | |
download | nixlib-bc2f314f7355531c1f5cb780b04442df269b903a.tar nixlib-bc2f314f7355531c1f5cb780b04442df269b903a.tar.gz nixlib-bc2f314f7355531c1f5cb780b04442df269b903a.tar.bz2 nixlib-bc2f314f7355531c1f5cb780b04442df269b903a.tar.lz nixlib-bc2f314f7355531c1f5cb780b04442df269b903a.tar.xz nixlib-bc2f314f7355531c1f5cb780b04442df269b903a.tar.zst nixlib-bc2f314f7355531c1f5cb780b04442df269b903a.zip |
dockerTools: make tars deterministic
There were two sources of non-determinisim coming into the images. The first was tar mtimes, the second was pigz/gzip times. An example image now passes with the --check flag.
Diffstat (limited to 'pkgs/build-support/docker')
-rw-r--r-- | pkgs/build-support/docker/default.nix | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/pkgs/build-support/docker/default.nix b/pkgs/build-support/docker/default.nix index 1a7ed88223b9..f874354b15ed 100644 --- a/pkgs/build-support/docker/default.nix +++ b/pkgs/build-support/docker/default.nix @@ -151,7 +151,7 @@ EOF postMount = '' echo Packing raw image - tar -C mnt -cf $out . + tar -C mnt --mtime=0 -cf $out . ''; }; @@ -176,7 +176,7 @@ EOF echo Packing layer mkdir $out - tar -C layer -cf $out/layer.tar . + tar -C layer --mtime=0 -cf $out/layer.tar . ts=$(${tarsum} < $out/layer.tar) cat ${baseJson} | jshon -s "$ts" -i checksum > $out/json echo -n "1.0" > $out/VERSION @@ -216,7 +216,7 @@ EOF echo Packing layer mkdir $out - tar -C layer -cf $out/layer.tar . + tar -C layer --mtime=0 -cf $out/layer.tar . ts=$(${tarsum} < $out/layer.tar) cat ${baseJson} | jshon -s "$ts" -i checksum > $out/json echo -n "1.0" > $out/VERSION @@ -297,7 +297,7 @@ EOF tar -tf temp/layer.tar >> baseFiles sed 's/^\.//' -i baseFiles comm <(sort -n baseFiles|uniq) <(sort -n layerFiles|uniq|grep -v ${layer}) -1 -3 > newFiles - tar -rpf temp/layer.tar --no-recursion --files-from newFiles 2>/dev/null || true + tar -rpf temp/layer.tar --mtime=0 --no-recursion --files-from newFiles 2>/dev/null || true echo Adding meta @@ -320,7 +320,7 @@ EOF chmod -R a-w image echo Cooking the image - tar -C image -c . | pigz > $out + tar -C image --mtime=0 -c . | pigz -nT > $out ''; in |