I'm wondering how much effort it would be to wire up the lockfile support that exists for apko build so that it works for build-minirootfs and build-cpio too?
I get the impression that apko targets OCI production first and foremost so maybe build-minirootfs gets less attention. But it's an incredibly useful feature and it'd be nice if locking support worked there too.
I'm trying to work towards building a workflow that allows building fully-reproducible bootable Alpine images (without needing to bring in the whole of bootc and systemd), and locking support would go a long way towards making that workflow very smooth.
Ideal workflow:
- Define packageset etc in
config.yaml
- Lock with
apko lock config.yaml
- Version config & lockfile together with Git
- Build reproducibly using
apko build-minirootfs --lockfile config.json config.yaml output.tar
If there's no objections to the feature, I might have a go at trying to build it myself but I definitely need to brush up on my Go skills first.
Edit: Edited the above to indicate that it makes a lot of sense for this to also be available in the currently-undocumented build-cpio that was originally introduced in #1177
I'm wondering how much effort it would be to wire up the lockfile support that exists for
apko buildso that it works forbuild-minirootfsandbuild-cpiotoo?I get the impression that
apkotargets OCI production first and foremost so maybebuild-minirootfsgets less attention. But it's an incredibly useful feature and it'd be nice if locking support worked there too.I'm trying to work towards building a workflow that allows building fully-reproducible bootable Alpine images (without needing to bring in the whole of bootc and systemd), and locking support would go a long way towards making that workflow very smooth.
Ideal workflow:
config.yamlapko lock config.yamlapko build-minirootfs --lockfile config.json config.yaml output.tarIf there's no objections to the feature, I might have a go at trying to build it myself but I definitely need to brush up on my Go skills first.
Edit: Edited the above to indicate that it makes a lot of sense for this to also be available in the currently-undocumented
build-cpiothat was originally introduced in #1177