From 4c944bb5080ae4ee70815bfe31b5b879ccdb346f Mon Sep 17 00:00:00 2001
From: Evan Lezar <elezar@nvidia.com>
Date: Thu, 13 Jun 2024 13:36:07 +0200
Subject: [PATCH] Remove provenance information from image manifests

Tools such as oc mirror do not support the provenence metadata
added to the image manifests with newer docker buildx versions.

This change disables the addition of provenance information.

Signed-off-by: Evan Lezar <elezar@nvidia.com>
---
 CHANGELOG.md                   | 1 +
 deployments/container/Makefile | 1 +
 2 files changed, 2 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 66ab1550..3b27d9e6 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,6 +6,7 @@
 * Add `RUNTIME_CONFIG_OVERRIDE` (`--runtime-config-override`) to the `nvidia-ctk runtime configure` command and the toolkit container to allow for containerd runtime options to be set directly. This can be used to override the `SystemdCroup` option explicitly, for example.
 * Ensure consistent construction of libraries for CDI spec generation.
 * Ensure that `nvidia-ctk cdi transform` creates specs with world-readable permissions.
+* Remove provenance information from published images.
 
 ## v1.15.0
 
diff --git a/deployments/container/Makefile b/deployments/container/Makefile
index 9bc2d8d9..bd990bd1 100644
--- a/deployments/container/Makefile
+++ b/deployments/container/Makefile
@@ -92,6 +92,7 @@ ARTIFACTS_ROOT ?= $(shell realpath --relative-to=$(CURDIR) $(DIST_DIR))
 $(BUILD_TARGETS): build-%: $(ARTIFACTS_ROOT)
 	DOCKER_BUILDKIT=1 \
 		$(DOCKER) $(BUILDX) build --pull \
+		--provenance=false --sbom=false \
 		$(DOCKER_BUILD_OPTIONS) \
 		$(DOCKER_BUILD_PLATFORM_OPTIONS) \
 		--tag $(IMAGE) \