rikonor/Dockerfile

## commands.txt
# Create buildkit builder
docker buildx create \
    --use \
    --name builder \
    --platform linux/amd64 \
    --driver docker-container

# Prune cache
docker buildx prune -f

# Build archive image
docker buildx build \
    -f Dockerfile \
    -t tmp \
    --platform linux/amd64 \
    --build-arg SOURCE_DATE_EPOCH=0 \
    --output type=docker,dest=archive.tar,rewrite-timestamp=true \
        .

# Load into Docker daemon
docker load -i archive.tar

## Dockerfile
FROM debian:trixie-20230904-slim

ENV DEBIAN_FRONTEND=noninteractive

# https://snapshot.debian.org/archive/debian/20240515T144351Z/
ARG SNAPSHOT=20240515T144351Z

RUN \
  --mount=type=cache,target=/var/cache/apt,sharing=locked \
  --mount=type=cache,target=/var/lib/apt,sharing=locked \
    : "Enabling snapshot" && \
    sed -i -e '/Types: deb/ a\Snapshot: true' /etc/apt/sources.list.d/debian.sources && \
    : "Enabling cache" && \
    rm -f /etc/apt/apt.conf.d/docker-clean && \
    echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' >/etc/apt/apt.conf.d/keep-cache && \
    : "Fetching the snapshot and installing ca-certificates in one command" && \
    apt install --update --snapshot "${SNAPSHOT}" -o Acquire::Check-Valid-Until=false -o Acquire::https::Verify-Peer=false -y ca-certificates && \
    : "Clean up for improving reproducibility (optional)" && \
    rm -rf /var/log/* /var/cache/ldconfig/aux-cache
	# Create buildkit builder
	docker buildx create \
	--use \
	--name builder \
	--platform linux/amd64 \
	--driver docker-container

	# Prune cache
	docker buildx prune -f

	# Build archive image
	docker buildx build \
	-f Dockerfile \
	-t tmp \
	--platform linux/amd64 \
	--build-arg SOURCE_DATE_EPOCH=0 \
	--output type=docker,dest=archive.tar,rewrite-timestamp=true \
	.

	# Load into Docker daemon
	docker load -i archive.tar
	FROM debian:trixie-20230904-slim

	ENV DEBIAN_FRONTEND=noninteractive

	# https://snapshot.debian.org/archive/debian/20240515T144351Z/
	ARG SNAPSHOT=20240515T144351Z

	RUN \
	--mount=type=cache,target=/var/cache/apt,sharing=locked \
	--mount=type=cache,target=/var/lib/apt,sharing=locked \
	: "Enabling snapshot" && \
	sed -i -e '/Types: deb/ a\Snapshot: true' /etc/apt/sources.list.d/debian.sources && \
	: "Enabling cache" && \
	rm -f /etc/apt/apt.conf.d/docker-clean && \
	echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' >/etc/apt/apt.conf.d/keep-cache && \
	: "Fetching the snapshot and installing ca-certificates in one command" && \
	apt install --update --snapshot "${SNAPSHOT}" -o Acquire::Check-Valid-Until=false -o Acquire::https::Verify-Peer=false -y ca-certificates && \
	: "Clean up for improving reproducibility (optional)" && \
	rm -rf /var/log/* /var/cache/ldconfig/aux-cache