It does. it does to this. That’s the docker image not the docker file. You are confusing the spec with the artifact. If you want reproducible dev envs you use a system like compose or any rad of other tools to launch images from your artifact store.

You use them, make sure they are always pristine and cleaned after use, don’t have network connectivity and other things that could affect the build.

Or you could use Nix which builds everything this way.

Notice that you mentioned additional systems to achieve that, you wouldn’t need them if docker was truly providing it.

LOL. We always have this problem if you have people only using spec files and not the artifacts. You are comparing apples to oranges by comparing the dockerfile to a build rpm package. Let me help you:

An rpm package == docker image
An rpm .spec file == dockerfile

You if you only give people spec files and have them rebuild the package you will get different hashes of the rpm file. Similarly you would likely not change your spec file between releases and know your rpm file is going to be different.

But that’s the whole point. A developer wants spec file to ALWAYS generate the same artifact. And most devs even believe that and get frustrated when it doesn’t (like in your example).

Nix basically solves that. It even removes the need for tools like artifactory, because there’s no longer need for it. The code fully defines the final binary. Of course you don’t want to rebuild everything every time, so a cache is introduced.

Before you say that it is just renaming artifactory. It really isn’t. It actually works like a cache. I can remove any piece of it, and the missing pieces will be rebuild if they are needed. It is also used by the builder, so it doesn’t repeat itself. I especially like it when working on feature branch and it completes the code. I eventually merge it, and if my merge did not modify code it won’t waste time rebuilding the same thing.