Set rewrite-timestamp=true

Part of docker-library/official-images issue 16044 This exporter option rewrites the timestamps of the files inside image layers to use $SOURCE_DATE_EPOCH so as to increase reproducibility. https://github.com/moby/buildkit/blob/v0.15.2/docs/build-repro.md#source_date_epoch Signed-off-by: Akihiro Suda <[email protected]>
docker-library · Aug 17, 2024 · 14f59ab · 14f59ab
1 parent bba9660
commit 14f59ab
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 3 deletions.
diff --git a/.test/meta-commands/out.sh b/.test/meta-commands/out.sh
@@ -6,7 +6,7 @@
 SOURCE_DATE_EPOCH=1700741054 \
 	docker buildx build --progress=plain \
 	--provenance=mode=max \
-	--output '"type=oci","dest=temp.tar"' \
+	--output '"type=oci","dest=temp.tar","rewrite-timestamp=true"' \
 	--annotation 'org.opencontainers.image.source=https://github.com/docker-library/docker.git#6d541d27b5dd12639e5a33a675ebca04d3837d74:24/cli' \
 	--annotation 'org.opencontainers.image.revision=6d541d27b5dd12639e5a33a675ebca04d3837d74' \
 	--annotation 'org.opencontainers.image.created=2023-11-23T12:04:14Z' \
@@ -146,7 +146,7 @@ SOURCE_DATE_EPOCH=1709081058 \
 	--provenance=false \
 	--build-arg BUILDKIT_DOCKERFILE_CHECK=skip=all \
 	--sbom=generator="$BASHBREW_BUILDKIT_SBOM_GENERATOR" \
-	--output 'type=oci,tar=false,dest=sbom' \
+	--output 'type=oci,tar=false,dest=sbom,rewrite-timestamp=true' \
 	--platform 'linux/amd64' \
 	--build-context "fake=oci-layout://$PWD/temp@$originalImageManifest" \
 	- <<<'FROM fake'

diff --git a/meta.jq b/meta.jq
@@ -154,6 +154,7 @@ def build_command:
 						[
 							"type=oci",
 							"dest=temp.tar", # TODO choose/find a good "safe" place to put this (temporarily)
+							"rewrite-timestamp=true",
 							empty
 						]
 						| @csv
@@ -335,7 +336,7 @@ def build_command:
 						"--load=false", "--provenance=false", # explicitly disable a few features we want to avoid
 						"--build-arg BUILDKIT_DOCKERFILE_CHECK=skip=all", # disable linting (https://github.com/moby/buildkit/pull/4962)
 						"--sbom=generator=\"$BASHBREW_BUILDKIT_SBOM_GENERATOR\"",
-						"--output 'type=oci,tar=false,dest=sbom'",
+						"--output 'type=oci,tar=false,dest=sbom,rewrite-timestamp=true'",
 						# TODO also add appropriate "--tag" lines (which would give us a mostly correct "subject" block in the generated SBOM, but we'd then need to replace instances of ${sbomImageManifest#*:} with ${originalImageManifest#*:} for their values to be correct)
 						@sh "--platform \(.source.arches[.build.arch].platformString)",
 						"--build-context \"fake=oci-layout://$PWD/temp@$originalImageManifest\"",