diff --git a/Makefile b/Makefile index 9f8417f..072d06e 100644 --- a/Makefile +++ b/Makefile @@ -1,7 +1,10 @@ +# Fixed TZ to ensure consistency +export TZ := UTC + OCITOOL=podman # or docker BUILDDIR=$(shell pwd)/build OUTPUTDIR=$(shell pwd)/output -ARCHIVE_SNAPSHOT=$(shell date -d "-1 day" +"%Y/%m/%d") +ARCHIVE_SNAPSHOT=$(shell date -u -d "-1 day" +"%Y/%m/%d") SOURCE_DATE_EPOCH=$(shell date -u -d "00:00:00" +"%s") .PHONY: clean diff --git a/REPRO.md b/REPRO.md index 0aa0733..357b0bd 100644 --- a/REPRO.md +++ b/REPRO.md @@ -56,7 +56,7 @@ export BUILD_VERSION="20260331.0.508794" the image against. This is based on the date included in the image's `BUILD_VERSION`: ```bash -export ARCHIVE_SNAPSHOT=$(date -d "${BUILD_VERSION%%.*} -1 day" +"%Y/%m/%d") +export ARCHIVE_SNAPSHOT=$(date -u -d "${BUILD_VERSION%%.*} -1 day" +"%Y/%m/%d") ``` * `SOURCE_DATE_EPOCH`: The value to normalize timestamps with during the build. @@ -66,7 +66,14 @@ This is based on the date included in the image's `BUILD_VERSION`: export SOURCE_DATE_EPOCH=$(date -u -d "${BUILD_VERSION%%.*} 00:00:00" +"%s") ``` -Then clone the [archlinux-docker](https://gitlab.archlinux.org/archlinux/archlinux-docker) +Then pull the original image you're aiming to reproduce and set its revision value in your environment (needed to correctly set the revision annotation in the Dockerfile): + +```bash +podman pull docker.io/archlinux/archlinux:repro-$BUILD_VERSION +export CI_COMMIT_SHA=$(podman inspect --format '{{ index .Config.Labels "org.opencontainers.image.revision" }}' archlinux/archlinux:repro-$BUILD_VERSION) +``` + +Finally, clone the [archlinux-docker](https://gitlab.archlinux.org/archlinux/archlinux-docker) repository and move into it: ```bash @@ -86,6 +93,8 @@ make \ ARCHIVE_SNAPSHOT="$ARCHIVE_SNAPSHOT" \ SOURCE_DATE_EPOCH="$SOURCE_DATE_EPOCH" \ $PWD/output/Dockerfile.repro + +scripts/make-dockerfile.sh repro.tar.zst repro output/ "true" "repro" "$SOURCE_DATE_EPOCH" ``` The following resulting artifacts will be located in `$PWD/output`: @@ -135,13 +144,7 @@ The built image will be accessible in your local podman container storage under ## Check the image reproducibility -Pull the image you're aiming to reproduce from Docker Hub: - -```bash -podman pull docker.io/archlinux/archlinux:repro-$BUILD_VERSION -``` - -Compare the digest of the image pulled from Docker Hub to the digest of the image you built +Compare the digest of the original image pulled from Docker Hub to the digest of the image you built locally: ```bash diff --git a/scripts/make-dockerfile.sh b/scripts/make-dockerfile.sh index afee8a4..2691268 100755 --- a/scripts/make-dockerfile.sh +++ b/scripts/make-dockerfile.sh @@ -2,6 +2,9 @@ set -euo pipefail +# Fixed TZ to ensure consistency +export TZ=UTC + declare -r ROOTFS_FILE="$1" declare -r GROUP="$2" declare -r OUTPUTDIR="$3" diff --git a/scripts/make-rootfs.sh b/scripts/make-rootfs.sh index 1f39f3b..7ea1b81 100755 --- a/scripts/make-rootfs.sh +++ b/scripts/make-rootfs.sh @@ -2,6 +2,9 @@ set -euo pipefail +# Fixed TZ to ensure consistency +export TZ=UTC + declare -r WRAPPER="fakechroot -- fakeroot" declare -r GROUP="$1"