Comments (5)
This is all by design (which sounds horrible), let me explain.
The former is because we omit timestamps in the config files, and Docker picks some random time (not the Unix epoch) out of thin air.
Both are in pursuit of reproducible builds. I believe you'd also see the latter if you looked inside of a JAR file Bazel produces.
Ultimately the decision comes down to a trade-off between something largely cosmetic (timestamp) and something that fundamentally improves numerous things, including:
- Repeatable builds are the holy grail of provenance
- Same input => same layer means better distributed caching
- Same input => same layer means better push / pull incrementality
I could go on, but these are some of the highlights.
I think our best case would be for Docker to do something more sensible when this is omitted.
from rules_docker.
With stamping, we could allow timestamps to creep in, but Skylark doesn't yet support this well. What we have with stamp = true
is essentially a workaround.
from rules_docker.
Your explanation re reproducible builds makes total sense - thank you again.
from rules_docker.
@mattmoor I now have an issue where I want to create a docker image with bazel installed. I now get it to install as discussed here: bazelbuild/bazel#4492
But now the problem is bazel itself checks the creation dates of those files and errors out with: Error: corrupt installation: file '/opt/bazel/_embedded_binaries/A-server.jar' modified. Please remove '/opt/bazel' and try again.
I can run touch -m -t 202801010101 $(find /opt/bazel -type f)
as a first command but that takes 6-8s, making it again less suitable for CI.
Seems like this issue could also be fixed with the stamping feature, by allowing a separate timestamp for tar extraction.
from rules_docker.
So, Docker are punting on this because OCI mandates it; and pointing at https://github.com/opencontainers/image-spec/issues as the place to push this forward.
from rules_docker.
Related Issues (20)
- When sandbox network is disabled rules_docker rules cannot communicate with docker daemon HOT 1
- Multi-Architecture Support for container_run_and_commit HOT 1
- Shelless invocation for container_run_and_commit HOT 1
- Support multiple python versions in py3_image's py_binary HOT 1
- Support image labels/annotations HOT 1
- Default to Bazel target architecture HOT 2
- Bad timezone for Marocco with @go_image_base//image
- Use binary output from go_binary for go_image
- `container_run_and_extract` does not work with Podman HOT 1
- How to properly use dockerfile_image? HOT 4
- How to get the coredump file in container?
- Sporadic failures of `wrong number of hex digits for sha256`
- The `workdir` for `cc_image` is not the runfiles directory by default.
- go_image always builds for linux/amd64 irrespective of host platform
- rules_nodejs and rules_docker conflict
- container_pull failed for images layers with MediaType "application/vnd.docker.image.rootfs.diff.tar"
- portable_mtime for py3_image
- Support Native Bazel Tags for Build Querying
- py3_image: No Matching Toolchains Found
- rules_docker fails to build with HEAD bazel
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from rules_docker.