New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: make image generation deterministic by default #51
Conversation
Some users do not like seeing timestamps of 1970 in things like |
I'm ok with supporting |
Yes, a global option |
256e5a7
to
d591f1f
Compare
fda699c
to
fc75e9f
Compare
rebased on the main branch and fixed the merge conflicts 🎉 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM!
Ugh, I'm a dummy, it's supposed to be seconds since epoch, not RFC3339: https://github.com/google/ko/blob/3fc720f912ac5192cff518a31fa6621e4a0dba51/pkg/commands/config.go#L129 Sorry for the confusion. I won't be able to send a PR until maybe tonight, but I'll happily review anything. |
Extra dumb! That's exactly what you have. Ignore me, it's the Fridays. |
This PR makes image generation deterministic by default:
apk
is writing a tar archive tolib/apk/db/scripts.tar
, to support reproducible builds the timestamps inside the archive needs to be deterministic/zeroed.Note: according to the spec of
SOURCE_DATE_EPOCH
(https://reproducible-builds.org/specs/source-date-epoch/):Since
time.Now
has been replaced with the zero value (January 1, year 1, 00:00:00.000000000 UTC) there's no need forSOURCE_DATE_EPOCH
.Note: reproducible image generation has been tested with https://diffoscope.org/
Closes #48
cc @imjasonh