GNU bug report logs -
#75090
Make 'guix pack -f docker' tarballs reproducible?
Previous Next
Full log
View this message in rfc822 format
[Message part 1 (text/plain, inline)]
Your bug report
#75090: Make 'guix pack -f docker' tarballs reproducible?
which was filed against the guix package, has been closed.
The explanation is attached below, along with your original report.
If you require more details, please reply to 75090 <at> debbugs.gnu.org.
--
75090: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=75090
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems
[Message part 2 (message/rfc822, inline)]
Ludovic Courtès <ludo <at> gnu.org> skribis:
> Fixes <https://issues.guix.gnu.org/75090>.
>
> * guix/docker.scm (tar): New procedure.
> (create-empty-tar, build-docker-image): Use it instead of calling
> ‘invoke’ directly.
>
> Reported-by: Simon Josefsson <simon <at> josefsson.org>
> Change-Id: Ia899c43ed6a3809ff845de0953e3d38cccf24609
Pushed as 646202bf73f90de4f9b7cc66248b8f8e6e381014.
Ludo’.
[Message part 3 (message/rfc822, inline)]
[Message part 4 (text/plain, inline)]
Hi
I am creating docker archives using:
guix pack guix bash-minimal coreutils-minimal net-base --save-provenance -S /bin=bin -S /share=share -f docker --image-tag=guix --max-layers=8 --verbosity=2
To my surprise the output was not reproducible between re-runs.
The reason is because of the timestamp and ownership information in the
outer tarball. The internals are identical and reproducible. See
diffoscope output below.
I tried to work around it by wrapping either the 'guix pack' or
'guix-daemon' commands with this environment variable, which I suggest
for inspiration as additional parameters to tar:
TAR_OPTIONS="--owner=0 --group=0 --numeric-owner --sort=name --mode=go+u,go-w --mtime=@0"
I would prefer 'guix pack' produced reproducible archives by default.
Alternatively, provide a way to allow me as user to specify some
parameters for 'guix pack' to make that happen.
/Simon
jas <at> kaka:~/src/guix-container$ diffoscope stage1-docker-pack.tar.gz-1 stage1-docker-pack.tar.gz-2
--- stage1-docker-pack.tar.gz-1
+++ stage1-docker-pack.tar.gz-2
│ --- stage1-docker-pack.tar.gz-1-content
├── +++ stage1-docker-pack.tar.gz-2-content
│ ├── file list
│ │ @@ -1,10 +1,10 @@
│ │ --rw-r--r-- 0 nixbld (997) nixbld (999) 421457920 2024-12-25 16:31:15.000000 sha256:e69812bf459ea0fba42d1d6fd518410a4e588ddd4e4c007ddb4dd48c9c04293a/layer.tar
│ │ --rw-r--r-- 0 nixbld (997) nixbld (999) 56330240 2024-12-25 16:31:16.000000 sha256:45e67bf9fcad2f255f20dc614224b9e4260da1b63f2a361c2479e1ed64a9210a/layer.tar
│ │ --rw-r--r-- 0 nixbld (997) nixbld (999) 37632000 2024-12-25 16:31:16.000000 sha256:a8d1b46be57ba5a41051dedcf2d8d7bb2f13a9d58078729a962d04f5178274ba/layer.tar
│ │ --rw-r--r-- 0 nixbld (997) nixbld (999) 41523200 2024-12-25 16:31:16.000000 sha256:0756f500c123ba4f34cda21e5232932799fd36c15243f7fcb1ef38ff6ec7533d/layer.tar
│ │ --rw-r--r-- 0 nixbld (997) nixbld (999) 37806080 2024-12-25 16:31:17.000000 sha256:bf18d11d88b81af3f6fb49b7d4b092d479b7967ac8dc4980cc381170997c6ccf/layer.tar
│ │ --rw-r--r-- 0 nixbld (997) nixbld (999) 17582080 2024-12-25 16:31:17.000000 sha256:9263a9904763737f9e8bdf08ca52cede34c2fa9e99abe7f9ef273111752cb2ca/layer.tar
│ │ --rw-r--r-- 0 nixbld (997) nixbld (999) 147763200 2024-12-25 16:31:20.000000 sha256:3d9a70bc298db46d9fdd95badacd3ec5586f3965110bb85b748be6bcfc57b171/layer.tar
│ │ --rw-r--r-- 0 nixbld (997) nixbld (999) 10240 2024-12-25 16:31:14.000000 sha256:3fb6718bc797283e8283fe1b843596ace2e62db47d5b38d228a64a6bbb7c3564/layer.tar
│ │ --rw-r--r-- 0 nixbld (997) nixbld (999) 736 2024-12-25 16:31:21.000000 manifest.json
│ │ --rw-r--r-- 0 nixbld (997) nixbld (999) 842 2024-12-25 16:31:21.000000 config.json
│ │ +-rw-r--r-- 0 nixbld (997) nixbld (999) 421457920 2024-12-25 16:41:20.000000 sha256:e69812bf459ea0fba42d1d6fd518410a4e588ddd4e4c007ddb4dd48c9c04293a/layer.tar
│ │ +-rw-r--r-- 0 nixbld (997) nixbld (999) 56330240 2024-12-25 16:41:21.000000 sha256:45e67bf9fcad2f255f20dc614224b9e4260da1b63f2a361c2479e1ed64a9210a/layer.tar
│ │ +-rw-r--r-- 0 nixbld (997) nixbld (999) 37632000 2024-12-25 16:41:22.000000 sha256:a8d1b46be57ba5a41051dedcf2d8d7bb2f13a9d58078729a962d04f5178274ba/layer.tar
│ │ +-rw-r--r-- 0 nixbld (997) nixbld (999) 41523200 2024-12-25 16:41:22.000000 sha256:0756f500c123ba4f34cda21e5232932799fd36c15243f7fcb1ef38ff6ec7533d/layer.tar
│ │ +-rw-r--r-- 0 nixbld (997) nixbld (999) 37806080 2024-12-25 16:41:22.000000 sha256:bf18d11d88b81af3f6fb49b7d4b092d479b7967ac8dc4980cc381170997c6ccf/layer.tar
│ │ +-rw-r--r-- 0 nixbld (997) nixbld (999) 17582080 2024-12-25 16:41:23.000000 sha256:9263a9904763737f9e8bdf08ca52cede34c2fa9e99abe7f9ef273111752cb2ca/layer.tar
│ │ +-rw-r--r-- 0 nixbld (997) nixbld (999) 147763200 2024-12-25 16:41:25.000000 sha256:3d9a70bc298db46d9fdd95badacd3ec5586f3965110bb85b748be6bcfc57b171/layer.tar
│ │ +-rw-r--r-- 0 nixbld (997) nixbld (999) 10240 2024-12-25 16:41:19.000000 sha256:3fb6718bc797283e8283fe1b843596ace2e62db47d5b38d228a64a6bbb7c3564/layer.tar
│ │ +-rw-r--r-- 0 nixbld (997) nixbld (999) 736 2024-12-25 16:41:26.000000 manifest.json
│ │ +-rw-r--r-- 0 nixbld (997) nixbld (999) 842 2024-12-25 16:41:26.000000 config.json
jas <at> kaka:~/src/guix-container$
[signature.asc (application/pgp-signature, inline)]
This bug report was last modified 101 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.