Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support reproducible builds (except packages) #96

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Support reproducible builds (except packages) #96

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 14 additions & 3 deletions 1/alpine/Dockerfile
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

21 changes: 19 additions & 2 deletions 1/debian/Dockerfile
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

25 changes: 21 additions & 4 deletions Dockerfile.template
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,12 @@ FROM alpine:{{ .alpine.version }}
FROM debian:{{ .debian.version }}-slim
{{ ) end -}}

# The global SOURCE_DATE_EPOCH is consumed by commands that are not associated with a source artifact.
# This is not propagated from --build-arg: https://github.com/moby/buildkit/issues/4576#issuecomment-2159501282
ENV SOURCE_DATE_EPOCH 0

# add our user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added
# On Debian, useradd recognizes SOURCE_DATE_EPOCH to reproduce the "lastchanged" field in /etc/shadow.
{{ if env.variant == "alpine" then ( -}}
RUN set -eux; \
addgroup -g 11211 memcache; \
Expand All @@ -24,7 +29,9 @@ RUN set -eux; \
apt-get install -y --no-install-recommends \
libsasl2-modules \
; \
rm -rf /var/lib/apt/lists/*
rm -rf /var/lib/apt/lists/*; \
# clean up for reproducibility
rm -rf /var/log/* /var/cache/ldconfig/aux-cache
{{ ) end -}}

ENV MEMCACHED_VERSION {{ .version }}
Expand All @@ -34,7 +41,7 @@ ENV MEMCACHED_SHA1 {{ .sha1 }}
RUN set -eux; \
\
{{ if env.variant == "alpine" then ( -}}
apk add --no-cache --virtual .build-deps \
apk add --no-cache --virtual .build-deps=0 \
ca-certificates \
coreutils \
cyrus-sasl-dev \
Expand Down Expand Up @@ -67,6 +74,8 @@ RUN set -eux; \
wget \
; \
rm -rf /var/lib/apt/lists/*; \
# clean up for reproducibility
rm -rf /var/log/* /var/cache/ldconfig/aux-cache; \
{{ ) end -}}
\
wget -O memcached.tar.gz "$MEMCACHED_URL"; \
Expand All @@ -78,6 +87,10 @@ RUN set -eux; \
cd /usr/src/memcached; \
\
gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \
SOURCE_DATE_EPOCH="$(find . -type f -exec stat -c '%Y' {} + | sort -nr | head -n1)"; \
export SOURCE_DATE_EPOCH; \
# for logging validation/edification
date --date "@$SOURCE_DATE_EPOCH" --rfc-2822; \
./configure \
--build="$gnuArch" \
--enable-extstore \
Expand Down Expand Up @@ -109,7 +122,7 @@ RUN set -eux; \
| sort -u \
| awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
)"; \
apk add --no-network --virtual .memcached-rundeps $runDeps; \
apk add --no-network --virtual .memcached-rundeps=0 $runDeps; \
apk del --no-network .build-deps; \
{{ ) else ( -}}
apt-mark auto '.*' > /dev/null; \
Expand All @@ -123,9 +136,13 @@ RUN set -eux; \
| xargs -r apt-mark manual \
; \
apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
# clean up for reproducibility
rm -rf /var/log/* /var/cache/ldconfig/aux-cache; \
{{ ) end -}}
\
memcached -V
memcached -V ;\
# clean up for reproducibility
rm -rf /tmp/*

COPY docker-entrypoint.sh /usr/local/bin/
RUN ln -s usr/local/bin/docker-entrypoint.sh /entrypoint.sh # backwards compat
Expand Down