Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

internal/mkcw/embed/entrypoint.gz: compress with -n9 #5195

Merged
merged 3 commits into from
Nov 29, 2023

Conversation

nalind
Copy link
Member

@nalind nalind commented Nov 28, 2023

What type of PR is this?

/kind other

What this PR does / why we need it:

Compress the unencrypted entry point binary for confidential workload images using gzip's -n flag, to omit the original file's timestamp from the compressed copy.

How to verify it

Tests should continue to pass, and we should see the newly-renamed internal/mkcw/embed/entrypoint_amd64.gz being updated less often in other pull requests.

Which issue(s) this PR fixes:

Should fix #5191.

Special notes for your reviewer:

Does this PR introduce a user-facing change?

None

Copy link
Contributor

openshift-ci bot commented Nov 28, 2023

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: nalind

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@rhatdan
Copy link
Member

rhatdan commented Nov 28, 2023

LGTM, but you either need a test or NO NEW TESTS NEEDED.

@bmwiedemann
Copy link
Contributor

I tested that the added -n fixes reproducible builds / #5191 .

However I would have split out the other changes into a separate commit, because then you can also properly explain the "Why" in that commit message to help readers better understand the motivation for that change.

Copy link

Ephemeral COPR build failed. @containers/packit-build please check.

Compress the unencrypted entry point binary for confidential workload
images using gzip's `-n` flag, to omit the original file's timestamp
from the compressed copy.  Add a -f and -9 to always overwrite the
output file and sacrifice speed to shave off a few more bytes.

[NO NEW TESTS NEEDED]

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Include the arch in the name of the static entrypoint binary, in case we
find ourselves needing to support other architectures in the same area
in the future.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
When creating a container using a prefetched image, use --quiet and
--pull=false for the pair of tests which didn't, bringing them in line
with the rest of the tests in the file.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
@rhatdan
Copy link
Member

rhatdan commented Nov 29, 2023

/lgtm

@openshift-ci openshift-ci bot added the lgtm label Nov 29, 2023
@openshift-merge-bot openshift-merge-bot bot merged commit 4176dba into containers:main Nov 29, 2023
@nalind nalind deleted the entrypoint branch November 29, 2023 14:26
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Feb 28, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

[reproducible builds] timestamp varies in buildah/internal/mkcw
3 participants