diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index ca46fce..a1f7a4a 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -122,9 +122,6 @@ image:build: - pacman -Syu --noconfirm podman - podman login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" "$CI_REGISTRY" - 'echo -e "default-docker:\n use-sigstore-attachments: true" > /etc/containers/registries.d/sigstore.yaml' - artifacts: - paths: - - output/* image:build:secure: extends: .image @@ -140,9 +137,6 @@ image:build:secure: - pacman -Syu --noconfirm podman - podman login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" "$CI_REGISTRY" - 'echo -e "default-docker:\n use-sigstore-attachments: true" > /etc/containers/registries.d/sigstore.yaml' - artifacts: - paths: - - output/* # Build and publish to the Arch Linux group namespaces: # https://hub.docker.com/r/archlinux/archlinux diff --git a/Makefile b/Makefile index 7304954..482707d 100644 --- a/Makefile +++ b/Makefile @@ -1,14 +1,12 @@ OCITOOL=podman # or docker BUILDDIR=$(shell pwd)/build -REPRO_BUILDDIR=$(shell pwd)/repro-build OUTPUTDIR=$(shell pwd)/output -REPRO_OUTPUTDIR=$(shell pwd)/repro-output ARCHIVE_SNAPSHOT=$(shell date -d "-1 day" +"%Y/%m/%d") SOURCE_DATE_EPOCH=$(shell date -u -d "$(echo "$ARCHIVE_SNAPSHOT")" +"%s") .PHONY: clean clean: - rm -rf $(BUILDDIR) $(REPRO_BUILDDIR) $(OUTPUTDIR) $(REPRO_OUTPUTDIR) + rm -rf $(BUILDDIR) $(OUTPUTDIR) .PRECIOUS: $(OUTPUTDIR)/%.tar.zst $(OUTPUTDIR)/%.tar.zst: @@ -18,11 +16,6 @@ $(OUTPUTDIR)/%.tar.zst: $(OUTPUTDIR)/Dockerfile.%: $(OUTPUTDIR)/%.tar.zst scripts/make-dockerfile.sh "$(*).tar.zst" $(*) $(OUTPUTDIR) "true" "Dev" -# The following aims to rebuild a "repro" tagged image and verify the reproducibility status - -repro: - scripts/make-repro.sh $(*) $(OUTPUTDIR) $(REPRO_BUILDDIR) $(REPRO_OUTPUTDIR) $(ARCHIVE_SNAPSHOT) $(SOURCE_DATE_EPOCH) - # The following is for local builds only, it is not used by the CI/CD pipeline all: image-base image-base-devel image-multilib-devel image-repro diff --git a/scripts/make-repro-image.sh b/scripts/make-repro-image.sh deleted file mode 100755 index 6a07da6..0000000 --- a/scripts/make-repro-image.sh +++ /dev/null @@ -1,17 +0,0 @@ -#!/bin/bash - -set -euo pipefail - -declare -r ORIG_OUTPUTDIR="$1" -declare -r REPRO_BUILDDIR="$2" -declare -r REPRO_OUTPUTDIR="$3" -declare -r ARCHIVE_SNAPSHOT="$4" -declare -rx SOURCE_DATE_EPOCH="$5" - -echo -e "\n-- Testing the image reproducibility --\n" -make BUILDDIR="$REPRO_BUILDDIR" OUTPUTDIR="$REPRO_OUTPUTDIR" ARCHIVE_SNAPSHOT="$ARCHIVE_SNAPSHOT" SOURCE_DATE_EPOCH="$SOURCE_DATE_EPOCH" -echo "The sha256 hash of the original image is:" -sha256sums "$ORIG_OUTPUTDIR/" -echo "The sha256 hash of the reproduced image is:" -sha256sums "$REPRO_OUTPUTDIR/" -diffoscope "$ORIG_OUTPUTDIR/" "$REPRO_OUTPUTDIR/" && echo -e "\nImage is reproducible!"