Set rewrite-timestamp=true

[AkihiroSuda]

Part of:

• Reproducible builds official-images#16044

This exporter option rewrites the timestamps of the files inside image layers to use $SOURCE_DATE_EPOCH so as to increase reproducibility.

https://github.com/moby/buildkit/blob/v0.15.2/docs/build-repro.md#source_date_epoch

[tianon]

moby/buildkit#4576 (comment)

Regarding enabling rewrite-timestamp=true, are there any side effects? In other words, why is the behavior opt-in instead of opt-out or even just enabled by default and/or automatically enabled when an appropriate SOURCE_DATE_EPOCH is set? What are the downsides, and how do we communicate them to our users when they ask us about the metadata of the images we publish? (Which is a thing that's already surprised quite a few people in our images since we've started setting SOURCE_DATE_EPOCH and the timestamps on the metadata of layers of an image were no longer necessarily always linear, which is technically correct, but also surprising behavior, especially after ~10 years of that not being the way this works.)

You replied that it's incompatible with unpack=true - should I know what unpack is for? Having to enable this by default if it's generally sane, reasonable, and safe still feels really backwards/wrong and makes me question whether it really is generally sane, reasonable, and safe.

[AkihiroSuda]

unpack=true means unpacking image blobs as containerd snapshots.
I'll try to implement the support for unpack=true, but it does not relate to docker-library/meta-scripts.

[AkihiroSuda]

ping?