cmd/commit: add flag omit-timestamp to allow for deterministic builds

By default, a field called "createdAt" is written into the image manifest. However, even if my image build process is perfectly deterministic, the image sha256 hash will be different every time, even if my sources are exactly the same. In many cases it is desirable that the same input results in the exactly same output. This commit introduces the flag --omit-timestamp to the commit command. If set to true, the timestamp is set to epoch 0, instead of the current timestamp (which causes different results every time commit is invoked). Signed-off-by: Johannes Brüderl <johannes.bruederl@gmail.com> Closes: #1294 Approved by: nalind
2025-07-31 15:24:26 +03:00 · 2019-01-18 18:39:49 +01:00
parent 23ed59594b
commit 4bcddb7cbe
5 changed files with 24 additions and 2 deletions
--- a/commit.go
+++ b/commit.go
@ -67,6 +67,10 @@ type CommitOptions struct {
 	OnBuild []string
 	// Parent is the base image that this image was created by.
 	Parent string
+
+	// OmitTimestamp forces epoch 0 as created timestamp to allow for
+	// deterministic, content-addressable builds.
+	OmitTimestamp bool
 }

 // PushOptions can be used to alter how an image is copied somewhere.
@ -140,7 +144,7 @@ func (b *Builder) Commit(ctx context.Context, dest types.ImageReference, options
 			}
 		}
 	}
-	src, err := b.makeImageRef(options.PreferredManifestType, options.Parent, exportBaseLayers, options.Squash, options.BlobDirectory, options.Compression, options.HistoryTimestamp)
+	src, err := b.makeImageRef(options.PreferredManifestType, options.Parent, exportBaseLayers, options.Squash, options.BlobDirectory, options.Compression, options.HistoryTimestamp, options.OmitTimestamp)
 	if err != nil {
 		return imgID, nil, "", errors.Wrapf(err, "error computing layer digests and building metadata for container %q", b.ContainerID)
 	}