2021-07-09 01:30:26 -05:00
|
|
|
# This script is for reproducible build.
|
|
|
|
# Reproducible build for docker enabled: Before build docker image, this script will change image:tag to image:sha256 in DOCKERFILE.
|
|
|
|
# And record image sha256 to a target file.
|
|
|
|
#!/bin/bash
|
|
|
|
|
|
|
|
IMAGENAME=$1
|
|
|
|
DOCKERFILE=$2
|
|
|
|
ARCH=$3
|
|
|
|
DOCKERFILE_TARGE=$4
|
|
|
|
DISTRO=$5
|
|
|
|
|
|
|
|
version_file=files/build/versions/default/versions-docker
|
|
|
|
new_version_file=target/versions/default/versions-docker
|
|
|
|
mkdir -p target/versions/default
|
|
|
|
|
|
|
|
. src/sonic-build-hooks/buildinfo/config/buildinfo.config
|
|
|
|
|
|
|
|
image_tag=`grep "^FROM " $DOCKERFILE | awk '{print$2}'`
|
2022-03-14 05:09:20 -05:00
|
|
|
image_tag_noprefix=$image_tag
|
|
|
|
[ -n "$DEFAULT_CONTAINER_REGISTRY" ] && image_tag_noprefix=$(echo $image_tag | sed "s#$DEFAULT_CONTAINER_REGISTRY##")
|
2021-07-09 01:30:26 -05:00
|
|
|
image=`echo $image_tag | cut -f1 -d:`
|
|
|
|
tag=`echo $image_tag | cut -f2 -d:`
|
|
|
|
|
|
|
|
if [[ ",$SONIC_VERSION_CONTROL_COMPONENTS," == *,all,* ]] || [[ ",$SONIC_VERSION_CONTROL_COMPONENTS," == *,docker,* ]]; then
|
2021-08-09 21:55:49 -05:00
|
|
|
# if docker image not in white list, exit
|
2022-03-31 00:07:46 -05:00
|
|
|
if [[ "$image_tag" != */debian:* ]] && [[ "$image_tag" != debian:* ]] && [[ "$image_tag" != multiarch/debian-debootstrap:* ]];then
|
2021-08-09 21:55:49 -05:00
|
|
|
exit 0
|
|
|
|
fi
|
2021-07-09 01:30:26 -05:00
|
|
|
if [ -f $version_file ];then
|
2022-03-14 05:09:20 -05:00
|
|
|
hash_value=`grep "${ARCH}:${image_tag_noprefix}" $version_file | awk -F== '{print$2}'`
|
2021-07-09 01:30:26 -05:00
|
|
|
fi
|
|
|
|
if [ -z $hash_value ];then
|
|
|
|
hash_value=unknown
|
2021-08-26 05:21:18 -05:00
|
|
|
echo "$image_tag sha256 value is unknown" >> ${new_version_file}.log
|
|
|
|
exit 0
|
2021-07-09 01:30:26 -05:00
|
|
|
fi
|
|
|
|
oldimage=${image_tag//\//\\/}
|
|
|
|
newimage="${oldimage}@$hash_value"
|
2021-08-26 05:21:18 -05:00
|
|
|
echo "sed -i \"s/$oldimage/$newimage/\" $DOCKERFILE" >> ${new_version_file}.log
|
2021-07-09 01:30:26 -05:00
|
|
|
sed -i "s/$oldimage/$newimage/" $DOCKERFILE
|
|
|
|
else
|
2021-08-26 05:21:18 -05:00
|
|
|
hash_value=`docker pull $image_tag 2> ${new_version_file}.log | grep Digest | awk '{print$2}'`
|
2022-03-31 00:07:46 -05:00
|
|
|
if [ -z "$hash_value" ];then
|
2021-08-09 21:55:49 -05:00
|
|
|
hash_value=unknown
|
|
|
|
fi
|
2021-07-09 01:30:26 -05:00
|
|
|
fi
|
|
|
|
if [[ "$hash_value" != "unknown" ]];then
|
2022-03-14 05:09:20 -05:00
|
|
|
echo -e "${ARCH}:${image_tag_noprefix}==$hash_value" >> $new_version_file
|
2021-07-09 01:30:26 -05:00
|
|
|
fi
|