diff options
author | Ludovic Courtès <ludo@gnu.org> | 2017-03-16 21:56:10 +0100 |
---|---|---|
committer | Ludovic Courtès <ludo@gnu.org> | 2017-03-16 22:50:15 +0100 |
commit | 54241dc8e62c8616dcd72effe816e6e570607055 (patch) | |
tree | c77296e4841ed4055eb2abd17b92d6b60c859697 | |
parent | 84dda5a9c0772b2507fab3209938ead9da2a3442 (diff) | |
download | patches-54241dc8e62c8616dcd72effe816e6e570607055.tar patches-54241dc8e62c8616dcd72effe816e6e570607055.tar.gz |
docker: Build images in a reproducible fashion.
* guix/docker.scm (%tar-determinism-options): New variable.
(build-docker-image): Use it on the two 'tar' invocations.
-rw-r--r-- | guix/docker.scm | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/guix/docker.scm b/guix/docker.scm index 5614ab2115..9b7a28f6f3 100644 --- a/guix/docker.scm +++ b/guix/docker.scm @@ -84,6 +84,11 @@ (rootfs . ((type . "layers") (diff_ids . (,(layer-diff-id layer))))))) +(define %tar-determinism-options + ;; GNU tar options to produce archives deterministically. + '("--sort=name" "--mtime=@1" + "--owner=root:0" "--group=root:0")) + (define* (build-docker-image image path #:key closure compressor (creation-time (current-time time-utc))) @@ -119,7 +124,8 @@ creation time in metadata." (let ((items (call-with-input-file closure read-reference-graph))) (and (zero? (apply system* "tar" "-cf" "layer.tar" - (cons "../bin" items))) + (append %tar-determinism-options + (cons "../bin" items)))) (delete-file "../bin")))) (with-output-to-file "config.json" @@ -134,7 +140,8 @@ creation time in metadata." (scm->json (repositories path id))))) (and (zero? (apply system* "tar" "-C" directory "-cf" image - `(,@(if compressor + `(,@%tar-determinism-options + ,@(if compressor (list "-I" (string-join compressor)) '()) "."))) |