d7f3186b48
PR #58431 added /nix/store to each layer.tar. However, the timestamp was not explicitly set while adding /nix and /nix/store to the archive. This resulted in different SHA256 hashes of layer.tar between image builds. This change sets time and owner when tar'ing /nix/store.
27 lines
732 B
Bash
Executable file
27 lines
732 B
Bash
Executable file
#!@shell@
|
|
|
|
set -eu
|
|
|
|
layerNumber=$1
|
|
shift
|
|
|
|
layerPath="./layers/$layerNumber"
|
|
echo "Creating layer #$layerNumber for $@"
|
|
|
|
mkdir -p "$layerPath"
|
|
tar --no-recursion -rf "$layerPath/layer.tar" \
|
|
--mtime="@$SOURCE_DATE_EPOCH" \
|
|
--owner=0 --group=0 /nix /nix/store
|
|
tar -rpf "$layerPath/layer.tar" --hard-dereference --sort=name \
|
|
--mtime="@$SOURCE_DATE_EPOCH" \
|
|
--owner=0 --group=0 "$@"
|
|
|
|
# Compute a checksum of the tarball.
|
|
tarhash=$(tarsum < $layerPath/layer.tar)
|
|
|
|
# Add a 'checksum' field to the JSON, with the value set to the
|
|
# checksum of the tarball.
|
|
cat ./generic.json | jshon -s "$tarhash" -i checksum > $layerPath/json
|
|
|
|
# Indicate to docker that we're using schema version 1.0.
|
|
echo -n "1.0" > $layerPath/VERSION
|