Setting the "Created" Timestamp

[jg-cantaa]

Currently, nix2container does not set the Created timestamp. Is there a way to enable nix2conatiner to set the timestamp?

I am asking because GitLabs cleanup policies utilize the created timestamp to decide which containers to keep. In our case, this results in no Images being cleaned up, as Gitlab eternally interprets this as "Published just now".

[nlewo]

We could implement the same thing than in nixpkgs.dockerTools: the buildImage function could have the additional argument created which default to the epoch time. This argument could take a date or now. When the value is now, the date would be set at build time. Note we would have to add a big warning in the documentation, since now would break the build reproducibility :confused:

(Another approach would be to set now in the image JSON file and set the date a push time: the build iwould be reproducible but the "push" would not be, which can be pretty annoying in practice)

[jg-cantaa]

That sounds good. Can this be done solely in the nix code or does it require adjustments to the Go Programs? I could take this on, does this plan look reasonable?

• add created param to the config of buildImage which gets passed to nix2container here
• add handle the created timestamp in here?

[nlewo]

You would need to add an optional argument to nix2container to be able to specify the created date and propagate this value to this function.

Then, you could add an argument to the buildImage Nix function to support the now value and set the nix2container binary created argument.

[bbigras]

If we use created = builtins.substring 0 8 lastModifiedDate; where lastModifierDate is self.lastModifiedDate from flake.nix, it's reproducible, right?

[nlewo]

@bbigras If the date comes from the flake.nix or flake.lock files then, yes it is reproducible (and you would have to manually run something to update this date).