oci_tarball: set time, user and group to reproducible values for Linux #381
Conversation
|
Follow up for #380. |
|
this is a gnu tar flag, this won't work on other tars...for reference bsd/mac tar uses --uname and --gname |
|
We'll fix this after we have bazel-contrib/bazel-lib#468 so the same hermetic |
Applied suggestion for Linux from: http://h2.jaguarpaw.co.uk/posts/reproducible-tar/ Left out MacOS and other systems for now (waiting for tar toolchain). MacOS does not have the same options for tar, for now fixing this only for Linux.
gergelyfabian
force-pushed
the
oci_tarball_fix_username_and_group
branch
from
005a4d4
to
f27f47d
Compare
gergelyfabian
changed the title
|
Rebased PR with the revert for #380. |
|
Sorry, I'd rather not merge a fix that's only for one platform, that just leaves both the original bug and also some tech debt for us to remove. #385 is probably the better change, though it may take a couple weeks to land. I suggest you apply this patch in your own repo for now. |
|
Sure. Is #385 already dealing with reproducible tars or it's just starting
to use the tar toolchain?
|
|
The However in that PR I'm just using the toolchain directly, so it will need some flags set, you're right. |
|
okay I updated that PR with halfway working implementation that uses an mtree file to exactly specify deterministic content of the tar file. Not sure when @thesayyn or I will get time to finish it... |
|
Thank you! Let me know if I can help in any way (I could contribute
something if necessary).
Surely I will test this implementation.
|
|
Can confirm that #385 already implements reproducible tars. |
Applied suggestion for Linux from:
http://h2.jaguarpaw.co.uk/posts/reproducible-tar/
Left out MacOS and other systems for now (waiting for tar toolchain).
MacOS does not have the same options for tar, for now fixing this only
for Linux.