Arch Linux Now Has a Bit-for-Bit Reproducible Docker Image
7 hours ago
- #reproducible builds
- #Docker
- #Arch Linux
- Arch Linux has achieved a bit-for-bit reproducible Docker image under a new 'repro' tag, following a similar milestone for its WSL image.
- A key caveat is that pacman keys are stripped for reproducibility, requiring users to regenerate the keyring with commands like 'pacman-key --init && pacman-key --populate archlinux' before using pacman.
- Distrobox users can set this up via a pre-init hook to automate the keyring initialization in containers.
- Reproducibility is validated through digest equality across builds using tools like diffoci, and builds have deterministic timestamps and removed non-deterministic files like ldconfig cache.
- Further reproducibility efforts may include setting up a rebuilder for automatic periodic verification and public sharing of build logs.