GNU bug report logs - #75090
Make 'guix pack -f docker' tarballs reproducible?

Previous Next

Package: guix;

Reported by: Simon Josefsson <simon <at> josefsson.org>

Date: Wed, 25 Dec 2024 17:13:01 UTC

Severity: normal

Done: Ludovic Courtès <ludo <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Ludovic Courtès <ludo <at> gnu.org>
To: Simon Josefsson <simon <at> josefsson.org>
Cc: 75090 <at> debbugs.gnu.org
Subject: bug#75090: Make 'guix pack -f docker' tarballs reproducible?
Date: Tue, 07 Jan 2025 23:57:41 +0100

Hi Simon,

Simon Josefsson <simon <at> josefsson.org> skribis:

> I am creating docker archives using:
>
> guix pack guix bash-minimal coreutils-minimal net-base --save-provenance -S /bin=bin -S /share=share -f docker --image-tag=guix --max-layers=8 --verbosity=2
>
> To my surprise the output was not reproducible between re-runs.
>
> The reason is because of the timestamp and ownership information in the
> outer tarball.  The internals are identical and reproducible.  See
> diffoscope output below.
>
> I tried to work around it by wrapping either the 'guix pack' or
> 'guix-daemon' commands with this environment variable, which I suggest
> for inspiration as additional parameters to tar:
>
> TAR_OPTIONS="--owner=0 --group=0 --numeric-owner --sort=name --mode=go+u,go-w --mtime=@0"
>
> I would prefer 'guix pack' produced reproducible archives by default.

Indeed.  I sent a fix based on your suggestion:
<https://issues.guix.gnu.org/75426>.

Thanks,
Ludo’.

This bug report was last modified 101 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #75090 Make 'guix pack -f docker' tarballs reproducible?

GNU bug report logs - #75090
Make 'guix pack -f docker' tarballs reproducible?