note: this was last tested in 2019. things have probably changed.
git clone https://github.com/debuerreotype/debuerreotype
cd debuerreotypeRun this script in the root of the debuerreotype repo. At the end, verify the sha256 sums are identical.
#!/bin/bash
set -e
set -x
arch=amd64
suite=stretch
mkdir -p out
epoch=$(curl -s https://raw.githubusercontent.com/debuerreotype/docker-debian-artifacts/dist-${arch}/${suite}/rootfs.debuerreotype-epoch)
timestamp=$(TZ=UTC date --date=@${epoch} --iso-8601=seconds)
sudo ./build.sh out ${suite} ${timestamp}
id=$(id -u -n)
sudo chown -R $id:$id out/
cd out
cd $(TZ=UTC date --date=@${epoch} +%Y%m%d)
cd ${arch}
cd ${suite}
wget -O .dockerignore https://raw.githubusercontent.com/debuerreotype/docker-debian-artifacts/dist-${arch}/${suite}/.dockerignore
wget -O Dockerfile https://raw.githubusercontent.com/debuerreotype/docker-debian-artifacts/dist-${arch}/${suite}/Dockerfile
sudo docker build -t local-${arch}-${suite} .
cd ../../../
mkdir -p workspace
cd workspace
sudo docker pull debian:${suite}
remote_id=$(sudo docker images --format "table {{.Repository}}:{{.Tag}}\t{{.ID}}" | grep "debian:${suite} " | awk '{print $2}')
local_id=$(sudo docker images | grep local-${arch}-${suite} | awk '{print $3}')
sudo docker save ${local_id} > local-${arch}-${suite}.tar
sudo docker save ${remote_id} > official-${arch}-${suite}.tar
mkdir -p local-${arch}-${suite}
mkdir -p official-${arch}-${suite}
tar -xf local-${arch}-${suite}.tar -C local-${arch}-${suite}
tar -xf official-${arch}-${suite}.tar -C official-${arch}-${suite}
local_layer=$(find local-${arch}-${suite} -iname "layer.tar")
official_layer=$(find official-${arch}-${suite} -iname "layer.tar")
# verify!
# this should output identical hashes
sha256sum ${local_layer} ${official_layer}