docker: Build images in a reproducible fashion.

* guix/docker.scm (%tar-determinism-options): New variable.
(build-docker-image): Use it on the two 'tar' invocations.
This commit is contained in:
Ludovic Courtès 2017-03-16 21:56:10 +01:00
parent 84dda5a9c0
commit 54241dc8e6
No known key found for this signature in database
GPG Key ID: 090B11993D9AEBB5
1 changed files with 9 additions and 2 deletions

View File

@ -84,6 +84,11 @@
(rootfs . ((type . "layers") (rootfs . ((type . "layers")
(diff_ids . (,(layer-diff-id layer))))))) (diff_ids . (,(layer-diff-id layer)))))))
(define %tar-determinism-options
;; GNU tar options to produce archives deterministically.
'("--sort=name" "--mtime=@1"
"--owner=root:0" "--group=root:0"))
(define* (build-docker-image image path (define* (build-docker-image image path
#:key closure compressor #:key closure compressor
(creation-time (current-time time-utc))) (creation-time (current-time time-utc)))
@ -119,7 +124,8 @@ creation time in metadata."
(let ((items (call-with-input-file closure (let ((items (call-with-input-file closure
read-reference-graph))) read-reference-graph)))
(and (zero? (apply system* "tar" "-cf" "layer.tar" (and (zero? (apply system* "tar" "-cf" "layer.tar"
(cons "../bin" items))) (append %tar-determinism-options
(cons "../bin" items))))
(delete-file "../bin")))) (delete-file "../bin"))))
(with-output-to-file "config.json" (with-output-to-file "config.json"
@ -134,7 +140,8 @@ creation time in metadata."
(scm->json (repositories path id))))) (scm->json (repositories path id)))))
(and (zero? (apply system* "tar" "-C" directory "-cf" image (and (zero? (apply system* "tar" "-C" directory "-cf" image
`(,@(if compressor `(,@%tar-determinism-options
,@(if compressor
(list "-I" (string-join compressor)) (list "-I" (string-join compressor))
'()) '())
"."))) ".")))