skip to Main Content

Is there a way to create a clean Debian-based image (I want it for a container, but it could also be for a virtual) with custom selection of packages that would be binary exactly the same as long as the installed packages and debconf parameters are the same?

There would be basically two uses for this:

  • An image that specifies what exact versions of packages it contains could be independently verified (using snapshots or rebuilding packages as far as Debian managed to make those builds reproducible)
  • Easy checking whether any of the packages has a new version, as the image could be simply rebuilt nightly and its checksum would only change once there were actual changes in the packages.

It could be built from a debian-published base image (e.g. the docker image debian:stable) and apt or using debootstrap (IIRC the base Debian image is built with debootstrap as well) or other suitable builder.

2

Answers


  1. If you would like to guarantee that, build your image once, save it using docker save or docker push it somewhere and from then use that image as the base image.

    docker save: https://docs.docker.com/engine/reference/commandline/save/
    docker push: https://docs.docker.com/engine/reference/commandline/push/

    EDIT: This wouldn’t work, see comments below.

    Login or Signup to reply.
  2. You can use mmdebstrap, which is supposed to create reproducible installations by default (if the SOURCE_DATE_EPOCH environment variable is set), if not I think that would be considered a bug.

    Or you can use debuerreotype

    There’s also a wiki page tracking this for other tools in Debian at https://wiki.debian.org/ReproducibleInstalls.

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search