chore: reproducible builds

* use bldr with support for SOURCE_DATE_EPOCH * use latest tools v1.0.0 * publish `base` image to be re-used in extras and extensions Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
siderolabs · Mar 3, 2022 · f4c3e0f · f4c3e0f
1 parent 325439e
commit f4c3e0f
Show file tree

Hide file tree

Showing 4 changed files with 8 additions and 4 deletions.
diff --git a/Makefile b/Makefile
@@ -4,6 +4,7 @@ SHA ?= $(shell git describe --match=none --always --abbrev=8 --dirty)
 TAG ?= $(shell git describe --tag --always --dirty)
 BRANCH ?= $(shell git rev-parse --abbrev-ref HEAD)
 REGISTRY_AND_USERNAME := $(REGISTRY)/$(USERNAME)
+SOURCE_DATE_EPOCH ?= $(shell git log -1 --pretty=%ct)
 
 BUILD := docker buildx build
 PLATFORM ?= linux/amd64,linux/arm64
@@ -14,12 +15,14 @@ COMMON_ARGS += --progress=$(PROGRESS)
 COMMON_ARGS += --platform=$(PLATFORM)
 COMMON_ARGS += --build-arg=http_proxy=$(http_proxy)
 COMMON_ARGS += --build-arg=https_proxy=$(https_proxy)
+COMMON_ARGS += --build-arg=SOURCE_DATE_EPOCH=$(SOURCE_DATE_EPOCH)
 
 , := ,
 empty :=
 space = $(empty) $(empty)
 
 TARGETS = \
+	base \
 	ca-certificates \
 	cni \
 	containerd \

diff --git a/Pkgfile b/Pkgfile
@@ -1,9 +1,9 @@
-# syntax = ghcr.io/talos-systems/bldr:v0.2.0-alpha.6-frontend
+# syntax = ghcr.io/talos-systems/bldr:v0.2.0-alpha.7-frontend
 
 format: v1alpha2
 
 vars:
-  TOOLS_IMAGE: ghcr.io/talos-systems/tools:v0.10.0-alpha.0-5-g8197edb
+  TOOLS_IMAGE: ghcr.io/talos-systems/tools:v1.0.0
 
 labels:
   org.opencontainers.image.source: https://github.com/talos-systems/pkgs
diff --git a/base/pkg.yaml b/base/pkg.yaml
@@ -4,7 +4,6 @@ shell: /toolchain/bin/bash
 dependencies:
   - image: "{{ .TOOLS_IMAGE }}"
   - stage: musl
-    runtime: yes
 steps:
   - prepare:
       - |

diff --git a/openssl/pkg.yaml b/openssl/pkg.yaml
@@ -9,6 +9,8 @@ steps:
         destination: openssl.tar.gz
         sha256: f89199be8b23ca45fc7cb9f1d8d3ee67312318286ad030f5316aca6462db6c96
         sha512: ba0ef99b321546c13385966e4a607734df38b96f6ed45c4c67063a5f8d1482986855279797a6920d9f86c2ec31ce3e104dcc62c37328caacdd78aec59aa66156
+    env:
+      SOURCE_DATE_EPOCH: "1"
     prepare:
       - |
         mkdir openssl
@@ -41,7 +43,7 @@ steps:
     install:
       - |
         cd openssl
-        make DESTDIR=/rootfs install 
+        make DESTDIR=/rootfs install
         rm -rf /rootfs/usr/share
 finalize:
   - from: /rootfs