Reproduced OCI images (Was: repro-env: Documented and reproducible build environments)

[cen]

> If there's a tool to wrap a single statically linked binary (that I 
> built with repro-env) into an OCI image I would be very curious to 
> know about this tool, but I'm still not sure that would give you "bit 
> for bit identical reproducible builds" in the traditional sense, as 
> soon as you introduce "push and pull from a registry".

I guess building the (static) binary with repro-env and then just copy 
it into a runtime image does help in a sense that you don't need to mess 
around with stage 1 build and setting up the env properly. It's not 
pretty though.

Base image might not be reproducible (yet) but that's a different 
problem. It seems this has progressed quite a bit in the past few years 
so it'll happen eventually.