mirrors/archlinux-docker
1
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/archlinux-docker.git synced 2026-04-02 05:41:35 +02:00
Code Issues Projects Releases Wiki Activity

Remove non-relevant digest checks

Browse Source 
The container registry is always going to rewrite parts of the image in an uncontrollable way. As far as we know, it's not possible to download a 1:1 copy of a build output from the container registry (until someone figures this out).

As far as I understand it, it also explains why `diffoci --semantic` is a thing and why it's generally considered "good enough" (give current constraints).
This commit is contained in:
Robin Candau 2026-03-30 23:23:14 +02:00
parent 9a4c205f52
commit 8cefb71233
No known key found for this signature in database
GPG Key ID: FDC3040B92ACA748
1 changed files with 0 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.gitlab-ci.yml
View File

@ -163,10 +163,6 @@ image:build:secure:
-t "archlinux:repro-rebuild-$CI_COMMIT_REF_SLUG" \
"$CI_PROJECT_DIR/repro-output"
- podman pull "$CI_REGISTRY_IMAGE:repro-$CI_COMMIT_REF_SLUG"
- echo "Digest of the original image is:"
- podman inspect --format '{{.Digest}}' "$CI_REGISTRY_IMAGE:repro-$CI_COMMIT_REF_SLUG"
- echo "Digest of the rebuilt image is:"
- podman inspect --format '{{.Digest}}' "localhost/archlinux:repro-rebuild-$CI_COMMIT_REF_SLUG"
- diffoci diff --semantic podman://$CI_REGISTRY_IMAGE:repro-$CI_COMMIT_REF_SLUG podman://localhost/archlinux:repro-rebuild-$CI_COMMIT_REF_SLUG
- echo "Image is reproducible!"
artifacts: