Closed schildbach closed 3 years ago
It seems a good idea in first, but by doing this, the build is less reproducible from the same commit.
I don't mind having the ability to build the image by itself, but please keep the tagging logic in place and lookup for the last tag at the build time only if the build argument is not present. I'm note sure, but the line you added in the dockerfile seems to override $tor_version
.
I've rebased on current master and added the same logic for torsocks, too.
I reverted the changes to Makefile and docker-compose.build.yml so that it doesn't interfere with your original tagging. The downside of this is the regular expressions are present at two places.
It seems a good idea in first, but by doing this, the build is less reproducible from the same commit.
The Dockerfile is not reproducible and never was. It's installing packages from Alpine.
I don't mind having the ability to build the image by itself, but please keep the tagging logic in place and lookup for the last tag at the build time only if the build argument is not present.
I've added a comment to the build arguments to assert that this is the case.
I'm note sure, but the line you added in the dockerfile seems to override
$tor_version
.
It works like this: If you specify tor_version
and/or torsocks_version
, it will use those versions – like before. If you omit any of those versions, they will be determined from the git tags – this is the new part.
The Dockerfile is not reproducible and never was. It's installing packages from Alpine.
This is why I said "less", as long you can build the same tor version, is good enough.
Thanks for the commit
This moves the logic from last_tor_version.sh into the Dockerfile itself. The Tor version can still be specified with the
tor_version
argument, as before. If that argument is missing, the last tor version is determined by the regular expression.This has a couple of advantages:
1) Users need not have git, make or docker-compose installed to build the image. 2) Users can build the image entirely inside a container which reduces the trust needed in the safety of the build instructions. 3)
git tag
is much quicker thangit ls-remote
since it operates on local data.