aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2017-03-16 21:56:10 +0100
committerLudovic Courtès <ludo@gnu.org>2017-03-16 22:50:15 +0100
commit54241dc8e62c8616dcd72effe816e6e570607055 (patch)
treec77296e4841ed4055eb2abd17b92d6b60c859697
parent84dda5a9c0772b2507fab3209938ead9da2a3442 (diff)
downloadguix-54241dc8e62c8616dcd72effe816e6e570607055.tar
guix-54241dc8e62c8616dcd72effe816e6e570607055.tar.gz
docker: Build images in a reproducible fashion.
* guix/docker.scm (%tar-determinism-options): New variable. (build-docker-image): Use it on the two 'tar' invocations.
-rw-r--r--guix/docker.scm11
1 files changed, 9 insertions, 2 deletions
diff --git a/guix/docker.scm b/guix/docker.scm
index 5614ab2115..9b7a28f6f3 100644
--- a/guix/docker.scm
+++ b/guix/docker.scm
@@ -84,6 +84,11 @@
(rootfs . ((type . "layers")
(diff_ids . (,(layer-diff-id layer)))))))
+(define %tar-determinism-options
+ ;; GNU tar options to produce archives deterministically.
+ '("--sort=name" "--mtime=@1"
+ "--owner=root:0" "--group=root:0"))
+
(define* (build-docker-image image path
#:key closure compressor
(creation-time (current-time time-utc)))
@@ -119,7 +124,8 @@ creation time in metadata."
(let ((items (call-with-input-file closure
read-reference-graph)))
(and (zero? (apply system* "tar" "-cf" "layer.tar"
- (cons "../bin" items)))
+ (append %tar-determinism-options
+ (cons "../bin" items))))
(delete-file "../bin"))))
(with-output-to-file "config.json"
@@ -134,7 +140,8 @@ creation time in metadata."
(scm->json (repositories path id)))))
(and (zero? (apply system* "tar" "-C" directory "-cf" image
- `(,@(if compressor
+ `(,@%tar-determinism-options
+ ,@(if compressor
(list "-I" (string-join compressor))
'())
".")))