Page MenuHomePureOS Tracker

PureOS Container Images
Updated 1,408 Days AgoPublic

PureOS reproducible containers

PureOS uses a tool call Debuerreotype to create auditable, reproducible tarballs of root file systems. These root file systems (rootfs) are turned into containers and uploaded to Docker Hub and quay.io. Containers are useful for testing and building software in PureOS on any hardware that can run docker or similar.

Debuerreotype is a set of shell scripts that reuse debootstrap to build a rootfs. These shell scripts use an "epoch" file (debuerreotype-epoch) which is useful for adjusting the various timestamps in build tools. These timestamps change at build time and can have an affect on hashsums which are used to determine bit for bit reproducibility of a build from the same source code.

You can use these instructions and you should be able to verify that you build a bit for bit identical container image. First, install debuerreotype;

$ apt install debuerreotype

Then we create two separate builds in two separate directories;

sudo /usr/sbin/debuerreotype-init --non-debian ./1111/byzantium byzantium http://repo.pureos.net/pureos 2021-01-01T00:00:00Z
sudo /usr/sbin/debuerreotype-init --non-debian ./0000/byzantium byzantium http://repo.pureos.net/pureos 2021-01-01T00:00:00Z
sudo /usr/sbin/debuerreotype-tar 0000/byzantium - | sha256sum
baf307869422a4fdf26c7229ab00d1c9c540b89dba8f801aea01518a81f153cb  -
sudo /usr/sbin/debuerreotype-tar 1111/byzantium - | sha256sum
baf307869422a4fdf26c7229ab00d1c9c540b89dba8f801aea01518a81f153cb  -

The hashsums match.

Git repos and source code for building reproducible containers is available here.

Last Author
jeremiah.foster
Last Edited
Feb 11 2021, 05:45

Event Timeline

jeremiah.foster created this document.Aug 21 2019, 16:06
jeremiah.foster edited the content of this document. (Show Details)
jeremiah.foster edited the content of this document. (Show Details)Aug 21 2019, 16:54
jeremiah.foster changed the title from Pureos Docker Images to Pureos Container Images.Jan 20 2021, 17:02
jeremiah.foster changed the title from Pureos Docker Images to Pureos Container Images.
jeremiah.foster edited the content of this document. (Show Details)
jeremiah.foster edited the content of this document. (Show Details)Jan 20 2021, 17:04
jeremiah.foster changed the title from Pureos Container Images to PureOS Container Images.Jan 21 2021, 13:08
jeremiah.foster edited the content of this document. (Show Details)Jan 21 2021, 13:10
jeremiah.foster edited the content of this document. (Show Details)Feb 11 2021, 05:38
jeremiah.foster edited the content of this document. (Show Details)Feb 11 2021, 05:45