ostree-ext: make OCI history reproducible

OciDir push_layer() calls push_layer_full() with created = chrono::offset::Utc::now() Signed-off-by: Etienne Champetier <e.champetier@ateme.com>
2026-02-05 15:45:53 +01:00 · 2025-05-28 19:04:03 -04:00
parent 9698500302
commit 20bf08689e
3 changed files with 43 additions and 7 deletions
--- a/ostree-ext/src/container/encapsulate.rs
+++ b/ostree-ext/src/container/encapsulate.rs
@@ -133,8 +133,20 @@ pub(crate) fn export_chunked(
        .uncompressed_sha256
        .clone();

+    let created = imgcfg
+        .created()
+        .as_deref()
+        .and_then(bootc_utils::try_deserialize_timestamp)
+        .unwrap_or_default();
    // Add the ostree layer
-    ociw.push_layer(manifest, imgcfg, ostree_layer, description, None);
+    ociw.push_layer_full(
+        manifest,
+        imgcfg,
+        ostree_layer,
+        None::<HashMap<String, String>>,
+        description,
+        created,
+    );
    // Add the component/content layers
    let mut buf = [0; 8];
    let sep = COMPONENT_SEPARATOR.encode_utf8(&mut buf);
@@ -142,12 +154,13 @@ pub(crate) fn export_chunked(
        let mut annotation_component_layer = HashMap::new();
        packages.sort();
        annotation_component_layer.insert(CONTENT_ANNOTATION.to_string(), packages.join(sep));
-        ociw.push_layer(
+        ociw.push_layer_full(
            manifest,
            imgcfg,
            layer,
-            name.as_str(),
            Some(annotation_component_layer),
+            name.as_str(),
+            created,
        );
    }

--- a/ostree-ext/src/container/store.rs
+++ b/ostree-ext/src/container/store.rs
@@ -1490,12 +1490,22 @@ pub(crate) fn export_to_oci(
            .get(i)
            .and_then(|h| h.comment().as_deref())
            .unwrap_or_default();
-        dest_oci.push_layer(
+
+        let previous_created = srcinfo
+            .configuration
+            .history()
+            .get(i)
+            .and_then(|h| h.created().as_deref())
+            .and_then(bootc_utils::try_deserialize_timestamp)
+            .unwrap_or_default();
+
+        dest_oci.push_layer_full(
            &mut new_manifest,
            &mut new_config,
            layer,
-            previous_description,
            previous_annotations,
+            previous_description,
+            previous_created,
        )
    }

--- a/ostree-ext/src/fixture.rs
+++ b/ostree-ext/src/fixture.rs
@@ -26,6 +26,7 @@ use ocidir::cap_std::fs::{DirBuilder, DirBuilderExt as _};
 use ocidir::oci_spec::image::ImageConfigurationBuilder;
 use regex::Regex;
 use std::borrow::Cow;
+use std::collections::HashMap;
 use std::ffi::CString;
 use std::fmt::Write as _;
 use std::io::{self, Write};
@@ -1014,8 +1015,20 @@ impl NonOstreeFixture {
        let bw = bw.into_inner()?;
        let new_layer = bw.complete()?;

-        self.src_oci
-            .push_layer(&mut manifest, &mut config, new_layer, "root", None);
+        let created = config
+            .created()
+            .as_deref()
+            .and_then(bootc_utils::try_deserialize_timestamp)
+            .unwrap_or_default();
+
+        self.src_oci.push_layer_full(
+            &mut manifest,
+            &mut config,
+            new_layer,
+            None::<HashMap<String, String>>,
+            "root",
+            created,
+        );
        let config = self.src_oci.write_config(config)?;

        manifest.set_config(config);