GoogleContainerTools
diff --type=file does not show changes if tar file(s) inside images have different content but same size
We often use container-diff to inspect images for reproducible Docker builds (the same Dockerfile with the same external dependency versions should yield the same digest) and find changes / files that cause the digest to change (e.g. log files with current date or build caches).
When inspecting images with a differing digest based on Alpine we had trouble finding the changes since a file scripts.tar inside the images had the same size but different contents as we found out by manually inspecting and diffing the individual layer tar files.
Expected behavior
- Images A and B with a tar file of the same size but different content should yield a difference
Actual behavior
- No difference is reported
Information
- container-diff version: v0.15.0
- Operating system: macOS
Steps to reproduce the behavior
- Create two images with a tar file of the same size but differing content
container-diff diff [image-a] [image-b] --type=fileyields no differences
Btw. if performance is a concern here: the check in pkg/util/fs_utils.go:146 could be improved to not read whole files into memory and then compare byte slices but rather compare files step by step using a buffer that is re-used.