From 8cefb71233e2e12fb75161934e03e42508b3181a Mon Sep 17 00:00:00 2001
From: Robin Candau <antiz@archlinux.org>
Date: Mon, 30 Mar 2026 23:23:14 +0200
Subject: [PATCH] Remove non-relevant digest checks

The container registry is always going to rewrite parts of the image in an uncontrollable way. As far as we know, it's not possible to download a 1:1 copy of a build output from the container registry (until someone figures this out).

As far as I understand it, it also explains why `diffoci --semantic` is a thing and why it's generally considered "good enough" (give current constraints).
---
 .gitlab-ci.yml | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 522fe66..bd856a0 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -163,10 +163,6 @@ image:build:secure:
         -t "archlinux:repro-rebuild-$CI_COMMIT_REF_SLUG" \
         "$CI_PROJECT_DIR/repro-output"
     - podman pull "$CI_REGISTRY_IMAGE:repro-$CI_COMMIT_REF_SLUG"
-    - echo "Digest of the original image is:"
-    - podman inspect --format '{{.Digest}}' "$CI_REGISTRY_IMAGE:repro-$CI_COMMIT_REF_SLUG"
-    - echo "Digest of the rebuilt image is:"
-    - podman inspect --format '{{.Digest}}' "localhost/archlinux:repro-rebuild-$CI_COMMIT_REF_SLUG"
     - diffoci diff --semantic podman://$CI_REGISTRY_IMAGE:repro-$CI_COMMIT_REF_SLUG podman://localhost/archlinux:repro-rebuild-$CI_COMMIT_REF_SLUG
     - echo "Image is reproducible!"
   artifacts: