[GR-4247] Initial Native image Replay bundle Support. #5460
Conversation
oracle-contributor-agreement
bot
added
the
OCA Verified
| If available, docker/podman should be used to run the image builder inside a well-defined container image. **This allows | ||
| us to prevent the builder from using the network during image build**, thus guaranteeing that the image build result did | ||
| not depend on some unknown (and therefore unreproducible) network state. Another advantage is that we can mount | ||
| `input/classes` and `$GRAALVM_HOME` read-only into the container and only allow read-write access to the mounted `out` | ||
| and `build` directories. This will prevent the application code that runs at image build time to mess with anything | ||
| other than those directories. |
There was a problem hiding this comment.
Even in such an environment, the resulting image might be different in that in two runs the result is different. Consider run (a) that runs in a container environment on Linux x86_64 with cgroup v2 (a kernel feature not part of the container) and (b) that runs on a container environment on Linux x86_64 with cgroup v1. This loads different sets of classes, AFAIK. Something to think about, maybe.
There was a problem hiding this comment.
Thanks for the heads up. We should record if cgroup v2 or cgroup v1 was used in a containerized build.
graalvmbot
force-pushed
the
paw/GR-42472
branch
from
58ed450 to
ef96aad
Compare
|
I moved the contents of |
|
One more note: the |
…nd LocatableMultiOptionValue.Paths
graalvmbot
force-pushed
the
paw/GR-42472
branch
from
22f8b1b to
e665713
Compare
Good idea. See #5473 (comment) |
No description provided.