Hacker News new | ask | show | jobs
by crb002 2168 days ago
Maybe I am stupid, but is there a problem in Docker build design? By default you should get both a Docker image and an artifacts.zip of binaries that it downloaded so you can pin them? The cache isn't just for speed. It allows for reproducible builds.
2 comments
crb002 2168 days ago
Perhaps mount an external directory and extract all artifacts to it as a zipfile at the end of the build.

https://access.redhat.com/documentation/en-us/red_hat_enterp...

link
crb002 2168 days ago
Also, Docker should have a reproducible flag that creates binary reproducible images. Timestamps and local system info would have to be nerfed to some default or fed in statically with a config file.
link
joombaga 2168 days ago
You can already make reproducible images of e.g. NixOS. I don't know if there's a good way to tackle the problem at the docker level without sacrificing container OS agnosticism.
link
pknopf 2168 days ago
My OS is a docker image, booted bare metal.

https://godarch.com/

link