Skip to content
This repository was archived by the owner on Apr 12, 2021. It is now read-only.
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs-channels
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 032a3286fd88
Choose a base ref
...
head repository: NixOS/nixpkgs-channels
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 5df02d9783e0
Choose a head ref
  • 2 commits
  • 1 file changed
  • 1 contributor

Commits on Mar 21, 2018

  1. dockerTools: dereference hard links in tar archives 

    This is to improve image creation reproducibility. Since the nar
format doesn't support hard link, the tar stream of a layer can be
different if a dependency of a layer has been built locally or if it
has been fetched from a binary cache.

If the dependency has been build locally, it can contain hard links
which are encoded in the tar stream. If the dependency has been
fetched from a binary cache, the tar stream doesn't contain any hard
link. So even if the content is the same, tar streams are different.

(cherry picked from commit 346996c)
    @nlewo
    nlewo committed Mar 21, 2018

    Verified

    This commit was signed with the committer’s verified signature.
    NeQuissimus Tim Steinbach
    GPG key ID: 472BFCCA96BD0EDA
    Verified
    Learn about vigilant mode
    Copy the full SHA
    e28a58f View commit details

  2. dockerTools: add --sort=name options on all tar calls 

    This is to go to a reproducible image build.
Note without this options image are identical from the Docker point of
view but generated docker archives could have different hashes.

(cherry picked from commit ac0c491)
    @nlewo
    nlewo committed Mar 21, 2018
    Copy the full SHA
    5df02d9 View commit details
Showing with 5 additions and 5 deletions.
  1. +5 −5 pkgs/build-support/docker/default.nix
10 changes: 5 additions & 5 deletions pkgs/build-support/docker/default.nix
View file
Original file line number Diff line number Diff line change
@@ -212,7 +212,7 @@ rec {

postMount = ''
echo "Packing raw image..."
tar -C mnt --mtime="@$SOURCE_DATE_EPOCH" -cf $out .
tar -C mnt --hard-dereference --sort=name --mtime="@$SOURCE_DATE_EPOCH" -cf $out .
'';
};

@@ -277,7 +277,7 @@ rec {
# Tar up the layer and throw it into 'layer.tar'.
echo "Packing layer..."
mkdir $out
tar -C layer --mtime="@$SOURCE_DATE_EPOCH" --owner=${toString uid} --group=${toString gid} -cf $out/layer.tar .
tar -C layer --hard-dereference --sort=name --mtime="@$SOURCE_DATE_EPOCH" --owner=${toString uid} --group=${toString gid} -cf $out/layer.tar .
# Compute a checksum of the tarball.
echo "Computing layer checksum..."
@@ -359,7 +359,7 @@ rec {
echo "Packing layer..."
mkdir $out
tar -C layer --mtime="@$SOURCE_DATE_EPOCH" -cf $out/layer.tar .
tar -C layer --hard-dereference --sort=name --mtime="@$SOURCE_DATE_EPOCH" -cf $out/layer.tar .
# Compute the tar checksum and add it to the output json.
echo "Computing checksum..."
@@ -489,7 +489,7 @@ rec {
comm <(sort -n baseFiles|uniq) \
<(sort -n layerFiles|uniq|grep -v ${layer}) -1 -3 > newFiles
# Append the new files to the layer.
tar -rpf temp/layer.tar --mtime="@$SOURCE_DATE_EPOCH" \
tar -rpf temp/layer.tar --hard-dereference --sort=name --mtime="@$SOURCE_DATE_EPOCH" \
--owner=0 --group=0 --no-recursion --files-from newFiles
echo "Adding meta..."
@@ -537,7 +537,7 @@ rec {
chmod -R a-w image
echo "Cooking the image..."
tar -C image --mtime="@$SOURCE_DATE_EPOCH" --owner=0 --group=0 --xform s:'./':: -c . | pigz -nT > $out
tar -C image --hard-dereference --sort=name --mtime="@$SOURCE_DATE_EPOCH" --owner=0 --group=0 --xform s:'./':: -c . | pigz -nT > $out
echo "Finished."
'';