Accepting request 536268 from home:cyphar:containers:boo1064781_docker_version
- Correctly set `docker version` information, including the version, git commit, and SOURCE_DATE_EPOCH (requires a backport). This should *effectively* make Docker builds reproducible, with minimal cost. boo#1064781 + bsc1064781-0001-Allow-to-override-build-date.patch OBS-URL: https://build.opensuse.org/request/show/536268 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=208
This commit is contained in:
parent
2b837c69aa
commit
91fa19e925
33
bsc1064781-0001-Allow-to-override-build-date.patch
Normal file
33
bsc1064781-0001-Allow-to-override-build-date.patch
Normal file
@ -0,0 +1,33 @@
|
|||||||
|
From 760763e9957840f1983a5006f4e66d6920ec496e Mon Sep 17 00:00:00 2001
|
||||||
|
From: "Bernhard M. Wiedemann" <bwiedemann@suse.de>
|
||||||
|
Date: Wed, 19 Jul 2017 06:17:19 +0200
|
||||||
|
Subject: [PATCH] Allow to override build date
|
||||||
|
|
||||||
|
in order to make builds reproducible.
|
||||||
|
See https://reproducible-builds.org/ for why this is good
|
||||||
|
and https://reproducible-builds.org/specs/source-date-epoch/
|
||||||
|
for the definition of this variable.
|
||||||
|
|
||||||
|
SUSE-Bugfix: https://bugzilla.suse.com/show_bug.cgi?id=1064781
|
||||||
|
Signed-off-by: Bernhard M. Wiedemann <bwiedemann@suse.de>
|
||||||
|
Signed-off-by: Aleksa Sarai <asarai@suse.de>
|
||||||
|
---
|
||||||
|
hack/make.sh | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/hack/make.sh b/hack/make.sh
|
||||||
|
index b7d59ba94a00..7d18d649b540 100755
|
||||||
|
--- a/hack/make.sh
|
||||||
|
+++ b/hack/make.sh
|
||||||
|
@@ -68,7 +68,7 @@ DEFAULT_BUNDLES=(
|
||||||
|
)
|
||||||
|
|
||||||
|
VERSION=$(< ./VERSION)
|
||||||
|
-! BUILDTIME=$(date --rfc-3339 ns 2> /dev/null | sed -e 's/ /T/')
|
||||||
|
+! BUILDTIME=$(date -u -d "@${SOURCE_DATE_EPOCH:-$(date +%s)}" --rfc-3339 ns 2> /dev/null | sed -e 's/ /T/')
|
||||||
|
if [ "$DOCKER_GITCOMMIT" ]; then
|
||||||
|
GITCOMMIT="$DOCKER_GITCOMMIT"
|
||||||
|
elif command -v git &> /dev/null && [ -d .git ] && git rev-parse &> /dev/null; then
|
||||||
|
--
|
||||||
|
2.14.2
|
||||||
|
|
@ -1,3 +1,11 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Oct 24 06:50:29 UTC 2017 - asarai@suse.com
|
||||||
|
|
||||||
|
- Correctly set `docker version` information, including the version, git
|
||||||
|
commit, and SOURCE_DATE_EPOCH (requires a backport). This should
|
||||||
|
*effectively* make Docker builds reproducible, with minimal cost. boo#1064781
|
||||||
|
+ bsc1064781-0001-Allow-to-override-build-date.patch
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon Oct 16 11:06:22 UTC 2017 - asarai@suse.com
|
Mon Oct 16 11:06:22 UTC 2017 - asarai@suse.com
|
||||||
|
|
||||||
|
29
docker.spec
29
docker.spec
@ -22,14 +22,22 @@
|
|||||||
%global docker_migration_warnfile %{docker_store}/docker-update-message.txt
|
%global docker_migration_warnfile %{docker_store}/docker-update-message.txt
|
||||||
%global docker_plugin_warnfile %{docker_store}/docker-plugin-message.txt
|
%global docker_plugin_warnfile %{docker_store}/docker-plugin-message.txt
|
||||||
%define docker_graph %{docker_store}/graph
|
%define docker_graph %{docker_store}/graph
|
||||||
%define git_version 78d1802
|
|
||||||
%define version_unconverted 17.07.0_ce
|
|
||||||
%define __arch_install_post export NO_BRP_STRIP_DEBUG=true
|
%define __arch_install_post export NO_BRP_STRIP_DEBUG=true
|
||||||
|
|
||||||
|
# Used when generating the "build" information for Docker version. The value of
|
||||||
|
# git_commit_epoch is unused here (we use SOURCE_DATE_EPOCH, which rpm
|
||||||
|
# helpfully injects into our build environment from the changelog). If you want
|
||||||
|
# to generate a new git_commit_epoch, use this:
|
||||||
|
# $ date --date="$(git show --format=fuller --date=iso $COMMIT_ID | grep -oP '(?<=^CommitDate: ).*')" '+%s'
|
||||||
|
%define git_version 87847530f717
|
||||||
|
%define git_commit_epoch 1508266293
|
||||||
|
|
||||||
# When upgrading to a new version requires the service not to be restarted
|
# When upgrading to a new version requires the service not to be restarted
|
||||||
# Due to a long migration process update last_migration_version to the new version
|
# Due to a long migration process update last_migration_version to the new version
|
||||||
# that will first perform the migration, last time this was needed was version
|
# that will first perform the migration, last time this was needed was version
|
||||||
# 1.10.1
|
# 1.10.1
|
||||||
%global last_migration_version 1.10.1
|
%global last_migration_version 1.10.1
|
||||||
|
|
||||||
Name: docker
|
Name: docker
|
||||||
Version: 17.07.0_ce
|
Version: 17.07.0_ce
|
||||||
Release: 0
|
Release: 0
|
||||||
@ -58,6 +66,8 @@ Patch201: secrets-0002-SUSE-implement-SUSE-container-secrets.patch
|
|||||||
Patch401: bsc1055676-0001-daemon-oci-obey-CL_UNPRIVILEGED-for-user-namespaced-.patch
|
Patch401: bsc1055676-0001-daemon-oci-obey-CL_UNPRIVILEGED-for-user-namespaced-.patch
|
||||||
# SUSE-BACKPORT: Backport of https://github.com/moby/moby/pull/34573. bsc#1045628
|
# SUSE-BACKPORT: Backport of https://github.com/moby/moby/pull/34573. bsc#1045628
|
||||||
Patch402: bsc1045628-0001-devicemapper-remove-container-rootfs-mountPath-after.patch
|
Patch402: bsc1045628-0001-devicemapper-remove-container-rootfs-mountPath-after.patch
|
||||||
|
# SUSE-BACKPORT: Backport of https://github.com/moby/moby/pull/34176. boo#1064781
|
||||||
|
Patch403: bsc1064781-0001-Allow-to-override-build-date.patch
|
||||||
BuildRequires: audit
|
BuildRequires: audit
|
||||||
BuildRequires: bash-completion
|
BuildRequires: bash-completion
|
||||||
BuildRequires: ca-certificates
|
BuildRequires: ca-certificates
|
||||||
@ -179,6 +189,8 @@ Test package for docker. It contains the source code and the tests.
|
|||||||
%patch401 -p1 -d components/engine
|
%patch401 -p1 -d components/engine
|
||||||
# bsc#1045628
|
# bsc#1045628
|
||||||
%patch402 -p1 -d components/engine
|
%patch402 -p1 -d components/engine
|
||||||
|
# boo#1064781
|
||||||
|
%patch403 -p1 -d components/engine
|
||||||
|
|
||||||
cp %{SOURCE7} .
|
cp %{SOURCE7} .
|
||||||
cp %{SOURCE9} .
|
cp %{SOURCE9} .
|
||||||
@ -197,12 +209,19 @@ BUILDTAGS="seccomp $BUILDTAGS"
|
|||||||
(cat <<EOF
|
(cat <<EOF
|
||||||
export AUTO_GOPATH=1
|
export AUTO_GOPATH=1
|
||||||
export DOCKER_BUILDTAGS="$BUILDTAGS"
|
export DOCKER_BUILDTAGS="$BUILDTAGS"
|
||||||
export DOCKER_GITCOMMIT=%{git_version}
|
|
||||||
# Until boo#1038493 is fixed properly we need to do this hack to get the
|
# Until boo#1038493 is fixed properly we need to do this hack to get the
|
||||||
# compiled-into-the-binary GOROOT.
|
# compiled-into-the-binary GOROOT.
|
||||||
export GOROOT="$(GOROOT= go env GOROOT)"
|
export GOROOT="$(GOROOT= go env GOROOT)"
|
||||||
# Make sure we always build PIC code. bsc#1048046
|
# Make sure we always build PIC code. bsc#1048046
|
||||||
export BUILDFLAGS="-buildmode=pie"
|
export BUILDFLAGS="-buildmode=pie"
|
||||||
|
# Specify all of the versioning information. We use SOURCE_DATE_EPOCH if it's
|
||||||
|
# been injected by rpmbuild, otherwise we use the hardcoded git_commit_epoch
|
||||||
|
# generated above. boo#1064781
|
||||||
|
export VERSION="$(cat ./VERSION 2>/dev/null || echo '%{version}')"
|
||||||
|
export DOCKER_GITCOMMIT="%{git_version}"
|
||||||
|
export GITCOMMIT="%{git_version}"
|
||||||
|
export SOURCE_DATE_EPOCH="${SOURCE_DATE_EPOCH:-%{git_commit_epoch}}"
|
||||||
|
export BUILDTIME="$(date -u -d "@$SOURCE_DATE_EPOCH" --rfc-3339 ns 2>/dev/null | sed -e 's/ /T/')"
|
||||||
EOF
|
EOF
|
||||||
) > docker_build_env
|
) > docker_build_env
|
||||||
. ./docker_build_env
|
. ./docker_build_env
|
||||||
@ -301,10 +320,10 @@ PKG_LIST=$(go list ./... \
|
|||||||
| grep -v 'github.com/docker/cli/vendor' \
|
| grep -v 'github.com/docker/cli/vendor' \
|
||||||
| grep -v 'github.com/docker/cli/cli/command/idresolver' \
|
| grep -v 'github.com/docker/cli/cli/command/idresolver' \
|
||||||
| grep -v 'github.com/docker/cli/cli/command/image' \
|
| grep -v 'github.com/docker/cli/cli/command/image' \
|
||||||
| grep -v 'github.com/docker/cli/cli/image'
|
| grep -v 'github.com/docker/cli/cli/image' \
|
||||||
)
|
)
|
||||||
|
|
||||||
go test -buildmode=pie -ldflags -w -tags daemon -a -test.timeout=10m $PKG_LIST
|
go test -buildmode=pie -cover -ldflags -w -tags daemon -a -test.timeout=10m $PKG_LIST
|
||||||
|
|
||||||
%install
|
%install
|
||||||
install -d %{buildroot}%{go_contribdir}
|
install -d %{buildroot}%{go_contribdir}
|
||||||
|
Loading…
Reference in New Issue
Block a user