diff options
| author | Benjamin Staffin <benley@gmail.com> | 2017-04-17 22:16:33 -0400 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-04-17 22:16:33 -0400 |
| commit | 8cf393bf481b1b11be6491787a1efce21414a990 (patch) | |
| tree | 72f8ccacdeb9ad6629630601a23a425e2824d623 /pkgs | |
| parent | 9239bc6c9680950abf49ace083f64590aff97bed (diff) | |
| parent | 5ca1646bb0404a21dcfc4b3842f0651c1d19b3cc (diff) | |
| download | nixlib-8cf393bf481b1b11be6491787a1efce21414a990.tar nixlib-8cf393bf481b1b11be6491787a1efce21414a990.tar.gz nixlib-8cf393bf481b1b11be6491787a1efce21414a990.tar.bz2 nixlib-8cf393bf481b1b11be6491787a1efce21414a990.tar.lz nixlib-8cf393bf481b1b11be6491787a1efce21414a990.tar.xz nixlib-8cf393bf481b1b11be6491787a1efce21414a990.tar.zst nixlib-8cf393bf481b1b11be6491787a1efce21414a990.zip | |
Merge pull request #24947 from timclassic/docker-repro
docker: improve reproducibility of layers
Diffstat (limited to 'pkgs')
| -rw-r--r-- | pkgs/build-support/docker/default.nix | 15 |
1 files changed, 8 insertions, 7 deletions
diff --git a/pkgs/build-support/docker/default.nix b/pkgs/build-support/docker/default.nix index 27575053954f..7f63664dadd0 100644 --- a/pkgs/build-support/docker/default.nix +++ b/pkgs/build-support/docker/default.nix @@ -209,7 +209,7 @@ rec { postMount = '' echo "Packing raw image..." - tar -C mnt --mtime=0 -cf $out . + tar -C mnt --mtime="@$SOURCE_DATE_EPOCH" -cf $out . ''; }; @@ -247,7 +247,7 @@ rec { echo "Adding contents..." for item in $contents; do echo "Adding $item" - rsync -ak $item/ layer/ + rsync -ak --chown=0:0 $item/ layer/ done else echo "No contents to add to layer." @@ -260,7 +260,7 @@ rec { # Tar up the layer and throw it into 'layer.tar'. echo "Packing layer..." mkdir $out - tar -C layer --mtime=0 -cf $out/layer.tar . + tar -C layer --mtime="@$SOURCE_DATE_EPOCH" -cf $out/layer.tar . # Compute a checksum of the tarball. echo "Computing layer checksum..." @@ -310,7 +310,7 @@ rec { echo "Adding contents..." for item in ${toString contents}; do echo "Adding $item..." - rsync -ak $item/ layer/ + rsync -ak --chown=0:0 $item/ layer/ done ''; @@ -340,7 +340,7 @@ rec { echo "Packing layer..." mkdir $out - tar -C layer --mtime=0 -cf $out/layer.tar . + tar -C layer --mtime="@$SOURCE_DATE_EPOCH" -cf $out/layer.tar . # Compute the tar checksum and add it to the output json. echo "Computing checksum..." @@ -467,7 +467,8 @@ rec { comm <(sort -n baseFiles|uniq) \ <(sort -n layerFiles|uniq|grep -v ${layer}) -1 -3 > newFiles # Append the new files to the layer. - tar -rpf temp/layer.tar --mtime=0 --no-recursion --files-from newFiles + tar -rpf temp/layer.tar --mtime="@$SOURCE_DATE_EPOCH" \ + --owner=0 --group=0 --no-recursion --files-from newFiles echo "Adding meta..." @@ -496,7 +497,7 @@ rec { chmod -R a-w image echo "Cooking the image..." - tar -C image --mtime=0 -c . | pigz -nT > $out + tar -C image --mtime="@$SOURCE_DATE_EPOCH" -c . | pigz -nT > $out echo "Finished." ''; |