diff options
| author | Antoine Eiche <lewo@abesis.fr> | 2018-03-12 18:26:15 +0100 |
|---|---|---|
| committer | Antoine Eiche <lewo@abesis.fr> | 2018-03-13 13:46:47 +0100 |
| commit | ac0c491836a835c43641989ccb4b95a172749806 (patch) | |
| tree | 1fcd142a71a906383ffc97e671c35e842b0ef87a /pkgs/build-support/docker/default.nix | |
| parent | 346996ceecc421577be638b9aac4917925329130 (diff) | |
| download | nixpkgs-ac0c491836a835c43641989ccb4b95a172749806.tar nixpkgs-ac0c491836a835c43641989ccb4b95a172749806.tar.gz nixpkgs-ac0c491836a835c43641989ccb4b95a172749806.tar.bz2 nixpkgs-ac0c491836a835c43641989ccb4b95a172749806.tar.lz nixpkgs-ac0c491836a835c43641989ccb4b95a172749806.tar.xz nixpkgs-ac0c491836a835c43641989ccb4b95a172749806.tar.zst nixpkgs-ac0c491836a835c43641989ccb4b95a172749806.zip | |
dockerTools: add --sort=name options on all tar calls
This is to go to a reproducible image build. Note without this options image are identical from the Docker point of view but generated docker archives could have different hashes.
Diffstat (limited to 'pkgs/build-support/docker/default.nix')
| -rw-r--r-- | pkgs/build-support/docker/default.nix | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/pkgs/build-support/docker/default.nix b/pkgs/build-support/docker/default.nix index 328419d639f..653a651df7b 100644 --- a/pkgs/build-support/docker/default.nix +++ b/pkgs/build-support/docker/default.nix @@ -212,7 +212,7 @@ rec { postMount = '' echo "Packing raw image..." - tar -C mnt --hard-dereference --mtime="@$SOURCE_DATE_EPOCH" -cf $out . + tar -C mnt --hard-dereference --sort=name --mtime="@$SOURCE_DATE_EPOCH" -cf $out . ''; }; @@ -277,7 +277,7 @@ rec { # Tar up the layer and throw it into 'layer.tar'. echo "Packing layer..." mkdir $out - tar -C layer --hard-dereference --mtime="@$SOURCE_DATE_EPOCH" --owner=${toString uid} --group=${toString gid} -cf $out/layer.tar . + tar -C layer --hard-dereference --sort=name --mtime="@$SOURCE_DATE_EPOCH" --owner=${toString uid} --group=${toString gid} -cf $out/layer.tar . # Compute a checksum of the tarball. echo "Computing layer checksum..." @@ -359,7 +359,7 @@ rec { echo "Packing layer..." mkdir $out - tar -C layer --hard-dereference --mtime="@$SOURCE_DATE_EPOCH" -cf $out/layer.tar . + tar -C layer --hard-dereference --sort=name --mtime="@$SOURCE_DATE_EPOCH" -cf $out/layer.tar . # Compute the tar checksum and add it to the output json. echo "Computing checksum..." @@ -489,7 +489,7 @@ rec { comm <(sort -n baseFiles|uniq) \ <(sort -n layerFiles|uniq|grep -v ${layer}) -1 -3 > newFiles # Append the new files to the layer. - tar -rpf temp/layer.tar --hard-dereference --mtime="@$SOURCE_DATE_EPOCH" \ + tar -rpf temp/layer.tar --hard-dereference --sort=name --mtime="@$SOURCE_DATE_EPOCH" \ --owner=0 --group=0 --no-recursion --files-from newFiles echo "Adding meta..." @@ -537,7 +537,7 @@ rec { chmod -R a-w image echo "Cooking the image..." - tar -C image --hard-dereference --mtime="@$SOURCE_DATE_EPOCH" --owner=0 --group=0 --xform s:'./':: -c . | pigz -nT > $out + tar -C image --hard-dereference --sort=name --mtime="@$SOURCE_DATE_EPOCH" --owner=0 --group=0 --xform s:'./':: -c . | pigz -nT > $out echo "Finished." ''; |