Skip to content

FR: a reliable way to fetch the script #11

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
fenollp opened this issue Dec 2, 2023 · 7 comments
Open

FR: a reliable way to fetch the script #11

fenollp opened this issue Dec 2, 2023 · 7 comments
Labels
documentation Improvements or additions to documentation

Comments

@fenollp
Copy link

fenollp commented Dec 2, 2023

Hi! Thanks for your great work :)

The README mentions

# SOURCE_DATE_EPOCH is set to 1691114774 (i.e., 20230804T020614Z, timestamp of /etc/apt/sources.list)
FROM ubuntu:jammy-20230804
ENV DEBIAN_FRONTEND=noninteractive
RUN \
  --mount=type=cache,target=/var/cache/apt,sharing=locked \
  --mount=type=cache,target=/var/lib/apt,sharing=locked \
  --mount=type=bind,source=./repro-sources-list.sh,target=/usr/local/bin/repro-sources-list.sh \   # <-- THIS LINE HERE
  repro-sources-list.sh && \
  apt-get update && \
  apt-get install -y gcc

What do you think about showing an example Dockerfile that fetches /repro-sources-list.sh?

I'm thinking this repo could be maintaining a docker image that only contains the script in a scratch image. This could make the setup even simpler:

# SOURCE_DATE_EPOCH is set to 1691114774 (i.e., 20230804T020614Z, timestamp of /etc/apt/sources.list)
FROM ubuntu:jammy-20230804
ENV DEBIAN_FRONTEND=noninteractive
RUN \
  --mount=type=cache,target=/var/cache/apt,sharing=locked \
  --mount=type=cache,target=/var/lib/apt,sharing=locked \
  --mount=from=reproducible-containers/repro-sources-list.sh:v1@sha256:...,type=bind,source=/repro-sources-list.sh,target=/usr/local/bin/repro-sources-list.sh \   # <-- THIS LINE HERE
  repro-sources-list.sh && \
  apt-get update && \
  apt-get install -y gcc

The scratch image Dockerfile could be:

# Tag as reproducible-containers/repro-sources-list.sh:v1
FROM scratch
COPY ./repro-sources-list.sh /

Thoughts?
@fenollp
Copy link
Author

fenollp commented Dec 3, 2023

Well I guess this could do:

# SOURCE_DATE_EPOCH is set to 1691114774 (i.e., 20230804T020614Z, timestamp of /etc/apt/sources.list)
FROM ubuntu:jammy-20230804
ENV DEBIAN_FRONTEND=noninteractive
RUN \
  --mount=type=cache,target=/var/cache/apt,sharing=locked \
  --mount=type=cache,target=/var/lib/apt,sharing=locked \
  --mount=from=repro_sources_list,source=/repro-sources-list.sh,target=/usr/local/bin/repro-sources-list.sh \
  repro-sources-list.sh && \
  apt-get update && \
  apt-get install -y gcc
docker buildx build \
  --build-context repro_sources_list=https://github.com/reproducible-containers/repro-sources-list.sh.git#v0.1.0 \
  .

@AkihiroSuda
Copy link
Member

AkihiroSuda commented Dec 24, 2023
edited
Loading

Example:

ADD --chmod=0755 --checksum=sha256:4c97fd03a3b181996b1473f3a99b69a1efc6ecaf2b4ede061b6bd60a96b9325a \
  https://raw.githubusercontent.com/reproducible-containers/repro-sources-list.sh/v0.1.0/repro-sources-list.sh \
  /usr/local/bin/repro-sources-list.sh

I guess this does not need to be a container image.

@AkihiroSuda AkihiroSuda added the documentation Improvements or additions to documentation label Dec 24, 2023
@fenollp
Copy link
Author

fenollp commented Dec 24, 2023

Magnificent! Thank you @AkihiroSuda and happy new year :)

@jjmaestro
Copy link

jjmaestro commented Feb 11, 2025
edited
Loading

I guess this does not need to be a container image.

I understand that I can just pin the exact version and checksum via that ADD command but would you be open to having the Dockerfile in the repos be turned into base images so that people could just do

FROM reproducible-containers:debian-12@sha256:4c97fd03a3b181996b1473f3a99b69a1efc6ecaf2b4ede061b6bd60a96b9325a

RUN apt-get install -y gcc && \
  : "Clean up for improving reproducibility (optional)" && \
  rm -rf /var/log/* /var/cache/ldconfig/aux-cache

As far as I can tell, the only work would be to cleanup the Dockerfile files in the repo to have two stages, one for the base image that will be pushed to the repository and one for the example that installs gcc. The push can probably be made conditional on the second stage building correctly, which I think is the spirit of the Dockerfiles and the workflow (a basic CI test).

@AkihiroSuda what do you think? Would you be open to such a PR?

Thanks!!

@AkihiroSuda
Copy link
Member

FROM reproducible-containers:debian-12

These images will need to be updated and pushed very frequently, so I don't think this should happen in this repo.

It could be better added to the upstream debian images?

@jjmaestro
Copy link

jjmaestro commented Feb 11, 2025
edited
Loading

FROM reproducible-containers:debian-12

These images will need to be updated and pushed very frequently, so I don't think this should happen in this repo.

It could be better added to the upstream debian images?

Much better! 🥳 Can't wait to have the base Debian images packing the repro-sources-list script :)

@AkihiroSuda
Copy link
Member

FROM reproducible-containers:debian-12

These images will need to be updated and pushed very frequently, so I don't think this should happen in this repo.
It could be better added to the upstream debian images?

Much better! 🥳 Can't wait to have the base Debian images packing the repro-sources-list script :)

This can be proposed to https://github.com/debuerreotype/debuerreotype/issues if you like

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
documentation Improvements or additions to documentation
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@fenollp @jjmaestro @AkihiroSuda