From bc2f314f7355531c1f5cb780b04442df269b903a Mon Sep 17 00:00:00 2001 From: Brian McKenna Date: Thu, 14 Apr 2016 22:04:39 +1000 Subject: [PATCH] dockerTools: make tars deterministic There were two sources of non-determinisim coming into the images. The first was tar mtimes, the second was pigz/gzip times. An example image now passes with the --check flag. --- pkgs/build-support/docker/default.nix | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/pkgs/build-support/docker/default.nix b/pkgs/build-support/docker/default.nix index 1a7ed88223b..f874354b15e 100644 --- a/pkgs/build-support/docker/default.nix +++ b/pkgs/build-support/docker/default.nix @@ -151,7 +151,7 @@ EOF postMount = '' echo Packing raw image - tar -C mnt -cf $out . + tar -C mnt --mtime=0 -cf $out . ''; }; @@ -176,7 +176,7 @@ EOF echo Packing layer mkdir $out - tar -C layer -cf $out/layer.tar . + tar -C layer --mtime=0 -cf $out/layer.tar . ts=$(${tarsum} < $out/layer.tar) cat ${baseJson} | jshon -s "$ts" -i checksum > $out/json echo -n "1.0" > $out/VERSION @@ -216,7 +216,7 @@ EOF echo Packing layer mkdir $out - tar -C layer -cf $out/layer.tar . + tar -C layer --mtime=0 -cf $out/layer.tar . ts=$(${tarsum} < $out/layer.tar) cat ${baseJson} | jshon -s "$ts" -i checksum > $out/json echo -n "1.0" > $out/VERSION @@ -297,7 +297,7 @@ EOF tar -tf temp/layer.tar >> baseFiles sed 's/^\.//' -i baseFiles comm <(sort -n baseFiles|uniq) <(sort -n layerFiles|uniq|grep -v ${layer}) -1 -3 > newFiles - tar -rpf temp/layer.tar --no-recursion --files-from newFiles 2>/dev/null || true + tar -rpf temp/layer.tar --mtime=0 --no-recursion --files-from newFiles 2>/dev/null || true echo Adding meta @@ -320,7 +320,7 @@ EOF chmod -R a-w image echo Cooking the image - tar -C image -c . | pigz > $out + tar -C image --mtime=0 -c . | pigz -nT > $out ''; in