Report on cached layers that are over a certain age

[erikh]

NOTE: There'll be another ticket about the pragma statement.

Setting this pragma would allow you to set a value; the age of which to warn after a layer has been cached for longer than that.

This allows us to do things like:

pragma layer_warn_age: "1d"

run "apt-get update"
run "apt-get dist-upgrade -y"
run "do something very specific"

In a lot of cases, the last line is the only one that actually changes the image; this causes the cache to be reused perpetually until the base image is updated or box is run with the -n argument. This eventually becomes an operational problem after the apt cache has drifted far enough away from the package repository to be noticeable, but it also hides important security fixes which may not be addressed in the final output image for weeks or months until ... the build breaks.

What this pragma would do really is just print an error or warning-level log message which indicates that a image layer is older than XYZ time; this is baked into the build plan so that all consumers see it, not just ones that pass flags or options to the environment.

[erikh]

Another pragma could also be used as an error or no-cache threshold as well.