Skip to content

Commit e5f4efd

Browse files
author
Graham Jenson
authored
[Fix] force a specific order in manifest for hermetic builds (#745)
* [Fix] force a specific order in manifest for hermetic builds * sort all contents
1 parent a849933 commit e5f4efd

File tree

1 file changed

+27
-4
lines changed

1 file changed

+27
-4
lines changed

pkg/legacy/tarball/write.go

Lines changed: 27 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -22,6 +22,7 @@ import (
2222
"encoding/json"
2323
"fmt"
2424
"io"
25+
"sort"
2526
"strings"
2627

2728
"github.com/google/go-containerregistry/pkg/legacy"
@@ -194,12 +195,14 @@ func MultiWrite(refToImage map[name.Reference]v1.Image, w io.Writer) error {
194195
tf := tar.NewWriter(w)
195196
defer tf.Close()
196197

197-
imageToTags := dedupRefToImage(refToImage)
198+
sortedImages, imageToTags := dedupRefToImage(refToImage)
198199
var m tarball.Manifest
199200
repos := make(repositoriesTarDescriptor)
200201

201202
seenLayerIDs := make(map[string]struct{})
202-
for img, tags := range imageToTags {
203+
for _, img := range sortedImages {
204+
tags := imageToTags[img]
205+
203206
// Write the config.
204207
cfgName, err := img.ConfigName()
205208
if err != nil {
@@ -301,6 +304,7 @@ func MultiWrite(refToImage map[name.Reference]v1.Image, w io.Writer) error {
301304
if err != nil {
302305
return err
303306
}
307+
304308
if err := writeTarEntry(tf, "manifest.json", bytes.NewReader(mBytes), int64(len(mBytes))); err != nil {
305309
return err
306310
}
@@ -314,7 +318,7 @@ func MultiWrite(refToImage map[name.Reference]v1.Image, w io.Writer) error {
314318
return nil
315319
}
316320

317-
func dedupRefToImage(refToImage map[name.Reference]v1.Image) map[v1.Image][]string {
321+
func dedupRefToImage(refToImage map[name.Reference]v1.Image) ([]v1.Image, map[v1.Image][]string) {
318322
imageToTags := make(map[v1.Image][]string)
319323

320324
for ref, img := range refToImage {
@@ -331,7 +335,26 @@ func dedupRefToImage(refToImage map[name.Reference]v1.Image) map[v1.Image][]stri
331335
}
332336
}
333337

334-
return imageToTags
338+
// Force specific order on tags
339+
imgs := []v1.Image{}
340+
for img, tags := range imageToTags {
341+
sort.Strings(tags)
342+
imgs = append(imgs, img)
343+
}
344+
345+
sort.Slice(imgs, func(i, j int) bool {
346+
cfI, err := imgs[i].ConfigName()
347+
if err != nil {
348+
return false
349+
}
350+
cfJ, err := imgs[j].ConfigName()
351+
if err != nil {
352+
return false
353+
}
354+
return cfI.Hex < cfJ.Hex
355+
})
356+
357+
return imgs, imageToTags
335358
}
336359

337360
// Writes a file to the provided writer with a corresponding tar header

0 commit comments

Comments
 (0)