mirrors/archlinux-docker
1
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/archlinux-docker.git synced 2026-04-03 22:31:01 +02:00
Code Issues Projects Releases Wiki Activity

WIP

Browse Source
This commit is contained in:
Robin Candau 2026-03-30 13:14:59 +02:00
parent 0e2fd8ee15
commit cd87d3eb61
No known key found for this signature in database
GPG Key ID: FDC3040B92ACA748
3 changed files with 31 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
.gitlab-ci.yml
View File

@ -122,6 +122,9 @@ image:build:
- pacman -Syu --noconfirm podman
- podman login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" "$CI_REGISTRY"
- 'echo -e "default-docker:\n use-sigstore-attachments: true" > /etc/containers/registries.d/sigstore.yaml'
artifacts:
paths:
- output/*
image:build:secure:
extends: .image
@ -137,6 +140,9 @@ image:build:secure:
- pacman -Syu --noconfirm podman
- podman login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" "$CI_REGISTRY"
- 'echo -e "default-docker:\n use-sigstore-attachments: true" > /etc/containers/registries.d/sigstore.yaml'
artifacts:
paths:
- output/*
# Build and publish to the Arch Linux group namespaces:
# https://hub.docker.com/r/archlinux/archlinux

9
Makefile
View File

@ -1,12 +1,14 @@
OCITOOL=podman # or docker
BUILDDIR=$(shell pwd)/build
REPRO_BUILDDIR=$(shell pwd)/repro-build
OUTPUTDIR=$(shell pwd)/output
REPRO_OUTPUTDIR=$(shell pwd)/repro-output
ARCHIVE_SNAPSHOT=$(shell date -d "-1 day" +"%Y/%m/%d")
SOURCE_DATE_EPOCH=$(shell date -u -d "$(echo "$ARCHIVE_SNAPSHOT")" +"%s")
.PHONY: clean
clean:
rm -rf $(BUILDDIR) $(OUTPUTDIR)
rm -rf $(BUILDDIR) $(REPRO_BUILDDIR) $(OUTPUTDIR) $(REPRO_OUTPUTDIR)
.PRECIOUS: $(OUTPUTDIR)/%.tar.zst
$(OUTPUTDIR)/%.tar.zst:
@ -16,6 +18,11 @@ $(OUTPUTDIR)/%.tar.zst:
$(OUTPUTDIR)/Dockerfile.%: $(OUTPUTDIR)/%.tar.zst
scripts/make-dockerfile.sh "$(*).tar.zst" $(*) $(OUTPUTDIR) "true" "Dev"
# The following aims to rebuild a "repro" tagged image and verify the reproducibility status
repro:
scripts/make-repro.sh $(*) $(OUTPUTDIR) $(REPRO_BUILDDIR) $(REPRO_OUTPUTDIR) $(ARCHIVE_SNAPSHOT) $(SOURCE_DATE_EPOCH)
# The following is for local builds only, it is not used by the CI/CD pipeline
all: image-base image-base-devel image-multilib-devel image-repro

17
scripts/make-repro-image.sh Executable file
View File

@ -0,0 +1,17 @@
#!/bin/bash
set -euo pipefail
declare -r ORIG_OUTPUTDIR="$1"
declare -r REPRO_BUILDDIR="$2"
declare -r REPRO_OUTPUTDIR="$3"
declare -r ARCHIVE_SNAPSHOT="$4"
declare -rx SOURCE_DATE_EPOCH="$5"
echo -e "\n-- Testing the image reproducibility --\n"
make BUILDDIR="$REPRO_BUILDDIR" OUTPUTDIR="$REPRO_OUTPUTDIR" ARCHIVE_SNAPSHOT="$ARCHIVE_SNAPSHOT" SOURCE_DATE_EPOCH="$SOURCE_DATE_EPOCH"
echo "The sha256 hash of the original image is:"
sha256sums "$ORIG_OUTPUTDIR/<image>"
echo "The sha256 hash of the reproduced image is:"
sha256sums "$REPRO_OUTPUTDIR/<image>"
diffoscope "$ORIG_OUTPUTDIR/<image>" "$REPRO_OUTPUTDIR/<image>" && echo -e "\nImage is reproducible!"