ostree-ext: make OCI history reproducible

champtar · champtar · commit 20bf08689e15 · 2025-05-29T08:06:58.000-04:00
OciDir push_layer() calls push_layer_full() with
created = chrono::offset::Utc::now()

Signed-off-by: Etienne Champetier &lt;e.champetier@ateme.com&gt;
diff --git a/ostree-ext/src/container/encapsulate.rs b/ostree-ext/src/container/encapsulate.rs
@@ -133,21 +133,34 @@ pub(crate) fn export_chunked(
         .uncompressed_sha256
         .clone();
 
+    let created = imgcfg
+        .created()
+        .as_deref()
+        .and_then(bootc_utils::try_deserialize_timestamp)
+        .unwrap_or_default();
     // Add the ostree layer
-    ociw.push_layer(manifest, imgcfg, ostree_layer, description, None);
+    ociw.push_layer_full(
+        manifest,
+        imgcfg,
+        ostree_layer,
+        None::<HashMap<String, String>>,
+        description,
+        created,
+    );
     // Add the component/content layers
     let mut buf = [0; 8];
     let sep = COMPONENT_SEPARATOR.encode_utf8(&mut buf);
     for (layer, name, mut packages) in layers {
         let mut annotation_component_layer = HashMap::new();
         packages.sort();
         annotation_component_layer.insert(CONTENT_ANNOTATION.to_string(), packages.join(sep));
-        ociw.push_layer(
+        ociw.push_layer_full(
             manifest,
             imgcfg,
             layer,
-            name.as_str(),
             Some(annotation_component_layer),
+            name.as_str(),
+            created,
         );
     }
 
diff --git a/ostree-ext/src/container/store.rs b/ostree-ext/src/container/store.rs
@@ -1490,12 +1490,22 @@ pub(crate) fn export_to_oci(
             .get(i)
             .and_then(|h| h.comment().as_deref())
             .unwrap_or_default();
-        dest_oci.push_layer(
+
+        let previous_created = srcinfo
+            .configuration
+            .history()
+            .get(i)
+            .and_then(|h| h.created().as_deref())
+            .and_then(bootc_utils::try_deserialize_timestamp)
+            .unwrap_or_default();
+
+        dest_oci.push_layer_full(
             &mut new_manifest,
             &mut new_config,
             layer,
-            previous_description,
             previous_annotations,
+            previous_description,
+            previous_created,
         )
     }
 
diff --git a/ostree-ext/src/fixture.rs b/ostree-ext/src/fixture.rs
@@ -26,6 +26,7 @@ use ocidir::cap_std::fs::{DirBuilder, DirBuilderExt as _};
 use ocidir::oci_spec::image::ImageConfigurationBuilder;
 use regex::Regex;
 use std::borrow::Cow;
+use std::collections::HashMap;
 use std::ffi::CString;
 use std::fmt::Write as _;
 use std::io::{self, Write};
@@ -1014,8 +1015,20 @@ impl NonOstreeFixture {
         let bw = bw.into_inner()?;
         let new_layer = bw.complete()?;
 
-        self.src_oci
-            .push_layer(&mut manifest, &mut config, new_layer, "root", None);
+        let created = config
+            .created()
+            .as_deref()
+            .and_then(bootc_utils::try_deserialize_timestamp)
+            .unwrap_or_default();
+
+        self.src_oci.push_layer_full(
+            &mut manifest,
+            &mut config,
+            new_layer,
+            None::<HashMap<String, String>>,
+            "root",
+            created,
+        );
         let config = self.src_oci.write_config(config)?;
 
         manifest.set_config(config);
