Reproducible build add docker image debian* to white list. (#8330)

#### Why I did it
1. Add version control for debian* docker image to white list.
2. Always record docker image sha256 value, regardless of white list.
This commit is contained in:
Shilong Liu 2021-08-10 10:55:49 +08:00 committed by GitHub
parent 504de9f305
commit ab75260d20
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -19,12 +19,11 @@ image_tag=`grep "^FROM " $DOCKERFILE | awk '{print$2}'`
image=`echo $image_tag | cut -f1 -d:` image=`echo $image_tag | cut -f1 -d:`
tag=`echo $image_tag | cut -f2 -d:` tag=`echo $image_tag | cut -f2 -d:`
if [[ ",$SONIC_VERSION_CONTROL_COMPONENTS," == *,all,* ]] || [[ ",$SONIC_VERSION_CONTROL_COMPONENTS," == *,docker,* ]]; then
# if docker image not in white list, exit # if docker image not in white list, exit
if [[ "$IMAGENAME" != sonic-slave-* ]] && [[ "$IMAGENAME" != docker-base* ]];then if [[ "$IMAGENAME" != sonic-slave-* ]] && [[ "$IMAGENAME" != docker-base* ]] && [[ "$IMAGENAME" != debian:* ]] && [[ "$IMAGENAME" != multiarch/debian-debootstrap:* ]];then
exit 0 exit 0
fi fi
if [[ ",$SONIC_VERSION_CONTROL_COMPONENTS," == *,all,* ]] || [[ ",$SONIC_VERSION_CONTROL_COMPONENTS," == *,docker,* ]]; then
if [ -f $version_file ];then if [ -f $version_file ];then
hash_value=`grep "${ARCH}:${image_tag}" $version_file | awk -F== '{print$2}'` hash_value=`grep "${ARCH}:${image_tag}" $version_file | awk -F== '{print$2}'`
fi fi
@ -36,6 +35,9 @@ if [[ ",$SONIC_VERSION_CONTROL_COMPONENTS," == *,all,* ]] || [[ ",$SONIC_VERSION
sed -i "s/$oldimage/$newimage/" $DOCKERFILE sed -i "s/$oldimage/$newimage/" $DOCKERFILE
else else
hash_value=`docker pull $image_tag | grep Digest | awk '{print$2}'` hash_value=`docker pull $image_tag | grep Digest | awk '{print$2}'`
if [ -z hash_value ];then
hash_value=unknown
fi
fi fi
if [[ "$hash_value" != "unknown" ]];then if [[ "$hash_value" != "unknown" ]];then
echo -e "${ARCH}:${image_tag}==$hash_value" >> $new_version_file echo -e "${ARCH}:${image_tag}==$hash_value" >> $new_version_file