From nobody Mon Aug 21 16:23:16 2023 X-Original-To: freebsd-pkgbase@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4RTyT26WnGz4r0X8 for ; Mon, 21 Aug 2023 16:23:18 +0000 (UTC) (envelope-from bapt@freebsd.org) Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4RTyT25k3qz4QM9; Mon, 21 Aug 2023 16:23:18 +0000 (UTC) (envelope-from bapt@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1692634998; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=QbtQjo2YcS5HujwHuPgPA63kp0GRi+VatDregj1xm2E=; b=d+SRZoQdLVFHTCFCTWBjPzquwUTQ3RqlbAkp0ro6ZuslWGpPlAzPwv3RRLvADpNzCTMU/L OC77pv4+sitpShuP3s+gSAk/j0aeWu+uwkiEW2YpQ+JRHYh14xRfguRKA66cfJrBLSIvCN bcxShSQSVNCAgsiXNQOFEqOiXD4HE1FtWcZRYv10GjaxhtOJMux2Q+yCovVCY7qYHxUiRP F3+bNI2mrISBNjvNU+zMpG0+kM6/PbISV3g/vYMt9woj1RCpOyKkDv0+MsJmQXdGvQrsf2 KaxvnTfQxfILGeWMFAr/k7rhlVp6MXQJsT/aG+/gc/nHjF+eu8I9s+btA7+seA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1692634998; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=QbtQjo2YcS5HujwHuPgPA63kp0GRi+VatDregj1xm2E=; b=KhQQaO9+ZmRQhvywokUEBEAezd6ZxELBa4XtgAyFwqrTsFs8oSA9fA3PBr06Db2nArCdOV 8Up2IWENDTrMnCF57D4AQZ8sG53crLWLkzhyi4C8W5KATNodTOlxBRw/n2vnknpftgqdjd tBTlmKD8+1faxYz+KCM1c8t5qO/eOJlvtq2B1YTkhwI0kNfs4Z17WTAJmt/Q0QFOUKYwep FDmA6/FGzvV0DpguW6VXjAb9Xysv/1EVeVGRpGd1s+aow746SNIxgDCERkflesbUr+ylMl ggk0Y+ntw91q4ZDJBZCKjynD4oIyFzUXqR3DgxugW6Zx25WM1BbcnvUCBDs//w== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1692634998; a=rsa-sha256; cv=none; b=Ns/YNEv4kBTUYYmrBs2Eef+dLFOeyY3+GnBPaMj4T6lAlpVgGemJmnj7MAKrVhXe8SDhFg wNO/j5lkIevUFn3AxmxfgW4Grd2wMp4eBFXYK9BWm0cEu1xp6W52yvLzHyn4aosHKHEOr3 2Ie6BECiRhM81bYkVyIwQ87fXe1mkJ9TSz4GZijKk2PkUzyneMY0oPOBE55ISPQlBdmhEG IfJdFFSRDJXnt7+1dQdd4ley4Cwl+zyjPwUJQ24eEOjLe4sv+FugpI7TexA9lyU2bnoRoS 9arDxjOh+80M5Z32M5AlrWvlVJ5YSF25jQs1CPI4czFkRG/KvNJ7hWuF0b7OeA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from aniel.nours.eu (nours.eu [176.31.115.77]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) (Authenticated sender: bapt) by smtp.freebsd.org (Postfix) with ESMTPSA id 4RTyT24BhfzBGb; Mon, 21 Aug 2023 16:23:18 +0000 (UTC) (envelope-from bapt@freebsd.org) Received: by aniel.nours.eu (Postfix, from userid 1001) id 0B130178A37; Mon, 21 Aug 2023 18:23:16 +0200 (CEST) Date: Mon, 21 Aug 2023 18:23:16 +0200 From: Baptiste Daroussin To: Doug Rabson Cc: freebsd-pkgbase@freebsd.org Subject: Re: Repeatable builds using pkgbase Message-ID: References: List-Id: Packaging the FreeBSD base system List-Archive: https://lists.freebsd.org/archives/freebsd-pkgbase List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-pkgbase@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: On Mon, Aug 21, 2023 at 02:33:24PM +0100, Doug Rabson wrote: > While working on build scripts for FreeBSD container images, I wanted to > get to the point where my builds are repeatable, i.e. if I create two > images with the same set of packages installed in the same order, they > should be identical. > > The main stumbling block is timestamps. I can force all the file timestamps > to a fixed value with buildah using the '--timestamp' argument to either > 'buildah commit' or 'buildah build' but even then, the two images have > different hashes. Looking deeper, the difference is in > /var/db/pkg/local.sqlite. If I compare SQL dumps of the databases from each > image, I can see a timestamp embedded in the sqlite file: > > diff dump1 dump2 > > > 4c4 > < INSERT INTO packages > VALUES(1,'base','FreeBSD-zoneinfo','13.2p2','zoneinfo package','zoneinfo > package',NULL,NULL,'FreeBSD:13:amd64','re@FreeBSD.org',' > https://www.FreeBSD.org > ','/',731014,0,0,1,1692446701,'2$2$c9w95oqai9bwhny1k4pcg8mji77xgk43zjxxb69j1duzq5jao18wak4deer85epmfpc8ngyysyt9wu74pg7sczkqc3ekyawkfgwzi8d',NULL,NULL,0); > --- > > INSERT INTO packages > VALUES(1,'base','FreeBSD-zoneinfo','13.2p2','zoneinfo package','zoneinfo > package',NULL,NULL,'FreeBSD:13:amd64','re@FreeBSD.org',' > https://www.FreeBSD.org > ','/',731014,0,0,1,1692622924,'2$2$c9w95oqai9bwhny1k4pcg8mji77xgk43zjxxb69j1duzq5jao18wak4deer85epmfpc8ngyysyt9wu74pg7sczkqc3ekyawkfgwzi8d',NULL,NULL,0); > > > Looking at the pkg source, I can see that the prepared statement for > inserting into the packages table explicitly uses NOW() for this column. > Would it be reasonable to allow changing this, e.g. by adding a command > line argument to pkg to override the default? I haven't tried this to see > if that makes the two databases identical - if not, I guess I'll just > remove pkg metadata altogether. yes this would be reasonable, if you use en env var, please respect SOURCE_DATE_EPOCH. Best regards, Bapt