Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix dockerTools.pullImage #30191

Closed
wants to merge 1 commit into from
Closed

Fix dockerTools.pullImage #30191

wants to merge 1 commit into from

Conversation

moretea
Copy link
Contributor

@moretea moretea commented Oct 7, 2017
edited

The docker save command does include the current timestamp at it's
'outer layer'. By unpacking, resetting the timestamps to 1 and repacking
we can work around this impurity.

What went wrong / how to reproduce.

$ nix-repl
Welcome to Nix version 1.11.6. Type :? for help.

nix-repl> :l <nixpkgs>
Added 7812 variables.

nix-repl> :b dockerTools.pullImage { imageName = "kubernetes/pause"; sha256 = "139mcmylkljrqg16z4c5mc0li5zljws3alibd8c9fnz5i5v10k4i"; }
these derivations will be built:
  /nix/store/84i0rc6vsk0waw8v6868lks0jf5k7p38-docker-image-kubernetes-pause-latest.tar.drv

...
 
latest: Pulling from kubernetes/pause
a3ed95caeb02: Pull complete 
f72a00a23f01: Pull complete 
Digest: sha256:2088df8eb02f10aae012e6d4bc212cabb0ada93cb05f09e504af0c9811e0ca14
Status: Downloaded newer image for kubernetes/pause:latest
[    6.623318] reboot: Power down
output path ‘/nix/store/5z6fb9fwa62ac0ppvhq5v89pji9iypcx-docker-image-kubernetes-pause-latest.tar’ has sha256 hash ‘1r8hdgrkskwbridrq6q5bm4s8811biy533ljnvbrvi75am2pwnql’ when ‘139mcmylkljrqg16z4c5mc0li5zljws3alibd8c9fnz5i5v10k4i’ was expected
error: build of ‘/nix/store/84i0rc6vsk0waw8v6868lks0jf5k7p38-docker-image-kubernetes-pause-latest.tar.drv’ failed

found hash = 1r8hdgrkskwbridrq6q5bm4s8811biy533ljnvbrvi75am2pwnql

nix-repl> :b dockerTools.pullImage { imageName = "kubernetes/pause"; sha256 = "139mcmylkljrqg16z4c5mc0li5zljws3alibd8c9fnz5i5v10k4i"; }
these derivations will be built:
  /nix/store/84i0rc6vsk0waw8v6868lks0jf5k7p38-docker-image-kubernetes-pause-latest.tar.drv

...
output path ‘/nix/store/5z6fb9fwa62ac0ppvhq5v89pji9iypcx-docker-image-kubernetes-pause-latest.tar’ has sha256 hash ‘1160s5v645h3n0r9rhmpccwg2ddb0x76w98x7xyq05y1lxf6kdgz’ when ‘139mcmylkljrqg16z4c5mc0li5zljws3alibd8c9fnz5i5v10k4i’ was expected
error: build of ‘/nix/store/84i0rc6vsk0waw8v6868lks0jf5k7p38-docker-image-kubernetes-pause-latest.tar.drv’ failed

found hash = 1160s5v645h3n0r9rhmpccwg2ddb0x76w98x7xyq05y1lxf6kdgz

Output after fix

$ nix-repl
Welcome to Nix version 1.11.6. Type :? for help.

nix-repl> :l .
Added 7941 variables.

nix-repl> :b dockerTools.pullImage { imageName = "kubernetes/pause"; sha256 = "139mcmylkljrqg16z4c5mc0li5zljws3alibd8c9fnz5i5v10k3i"; }
these derivations will be built:
  /nix/store/xfw1lncaix5fh0rbpvhdb9dg6iqsydya-docker-image-kubernetes-pause-latest.tar.drv

.....

this derivation produced the following outputs:
  out -> /nix/store/if4kdlkany0sk7k9431zy3gcs9jwj838-docker-image-kubernetes-pause-latest.tar

nix-repl>

@moretea
Fix dockerTools.pullImage
62c6798 
The `docker save` command does include the current timestamp at it's
'outer layer'. By unpacking, resetting the timestamps to 1 and repacking
we can work around this impurity.
@moretea
Copy link
Contributor Author

moretea commented Oct 8, 2017

/cc @globin given that you touched this file last before me

@srghma
Copy link
Contributor

srghma commented Mar 24, 2018

Any updates?

@globin
Copy link
Member

globin commented Apr 25, 2018

@moretea could you rebase if this is still necessary?

@nlewo
Copy link
Member

nlewo commented Oct 29, 2018

Triage.
I close this PR since we are no longer use the pull.sh which has been replaced by Skopeo.
Also, I didn't observe this kind of issue with Skopeo (while I'm using image reproducible on images based on a pulled image).

@nlewo nlewo closed this Oct 29, 2018
@silvanshade silvanshade mentioned this pull request Apr 4, 2024
Closed
13 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@moretea @srghma @globin @nlewo