Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

image/save: set a stable timestamp for assets #48611

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

stevvooe
Copy link
Contributor

@stevvooe stevvooe commented Oct 9, 2024

When saving a docker image with docker save, output may have the current timestamp, resulting in slightly changed content each time the save command gets run. This patch attemtps to stabilize that effort to clean up some spots where we've missed setting the timestamps.

It's not totally clear that setting these timestamps to 0 is the correct behavior but it will fix the hash stability problem on output.

We still need some better testing for this and might need some discussion around which timestamp we actually use.

@stevvooe stevvooe force-pushed the sjd/stable-save-timestamps branch 2 times, most recently from 74bf9dd to a5d5914 Compare October 9, 2024 15:39
return distribution.Descriptor{}, errors.Wrap(err, "could not set layer timestamp")
}
for _, fname := range []string{outDir, layerPath} {
// todo: maybe save layer created timestamp?
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This TODO was added back in 2015 by @tonistiigi in 01ba0a9#diff-9ac2cf7826d0cfc8316ca97dceae47447f431bc510fd4a4622ebeb53cc74d08aR295

I wonder if it's still clear what it's about, or if we should just drop it 🤔

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not quite sure. This just does the nil check once but shouldn't change the behavior here. This PR still defers on a timestamp methodology, other than fixing the issue with the particular assets identified in docker/cli#5515.

The other approach here would be to do a full walk and set them all to the same value after assembling the save file.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, was mostly wondering if we had a specific reason to preserve the layer timestamp, because if not, we might as well remove the TODO comment here.

Resetting to the image's timestamp (what I saw you did in this PR) makes sense to me; at least it makes things stable for the same image

Comment on lines +642 to +645
// mkdirAllWithChtimes is nearly an identical copy to the os.MkdirAll but
// tracks created directories and applies the provided mtime and atime using
// system.Chtimes.
func mkdirAllWithChtimes(path string, perm os.FileMode, atime, mtime time.Time) error {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Having a copy of os.MkdirAll feels meh.. But I can't think of a better way to do it.

Perhaps it's worth adding the specific Go tag the code was copied from. That would make it easier to update this code to match the Go's MkdirAll in case it changes.

@vvoland vvoland added kind/enhancement Enhancements are not bugs or new features but can improve usability or performance. area/images labels Oct 16, 2024
@vvoland vvoland added this to the 28.0.0 milestone Oct 16, 2024
When saving a docker image with `docker save`, output may have the
current timestamp, resulting in slightly changed content each time the
`save` command gets run. This patch attemtps to stabilize that effort to
clean up some spots where we've missed setting the timestamps.

It's not totally clear that setting these timestamps to 0 is the correct
behavior but it will fix the hash stability problem on output.

Signed-off-by: Stephen Day <[email protected]>
@thaJeztah thaJeztah force-pushed the sjd/stable-save-timestamps branch from a5d5914 to 1f34fbf Compare December 14, 2024 16:12
@thaJeztah
Copy link
Member

Did a quick rebase of this PR; I'll have a look at Pawel's comments about referencing the upstream source; I'm considering moving the copied code to a separate file to match https://cs.opensource.google/go/go/+/refs/tags/go1.23.4:src/os/path.go;l=19, which can make comparing with upstream easier, and to add a comment about the reference taken as starting point.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area/images impact/changelog kind/enhancement Enhancements are not bugs or new features but can improve usability or performance. status/2-code-review
Projects
None yet
Development

Successfully merging this pull request may close these issues.

docker save - how to make it reproducible? docker changes the image shasum while saving it
3 participants