GNU bug report logs -
#48933
[PATCH] build: Make outputs of node-build-system reproducible.
Previous Next
Reported by: Lars-Dominik Braun <lars <at> 6xq.net>
Date: Wed, 9 Jun 2021 12:58:01 UTC
Severity: normal
Tags: patch
Done: Lars-Dominik Braun <lars <at> 6xq.net>
Bug is archived. No further changes may be made.
Full log
View this message in rfc822 format
package.json records two hashes of package.tgz, which change for each
build, resulting in non-reproducible builds.
* guix/build/node-build-system.scm (repack): Add reproducibility options
to tar command.
---
guix/build/node-build-system.scm | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/guix/build/node-build-system.scm b/guix/build/node-build-system.scm
index a55cab237c..9b3de43e24 100644
--- a/guix/build/node-build-system.scm
+++ b/guix/build/node-build-system.scm
@@ -120,7 +120,15 @@
#t)
(define* (repack #:key inputs #:allow-other-keys)
- (invoke "tar" "-czf" "../package.tgz" ".")
+ (invoke "tar"
+ ;; Add options suggested by https://reproducible-builds.org/docs/archives/
+ "--sort=name"
+ (string-append "--mtime=" (getenv "SOURCE_DATE_EPOCH"))
+ "--owner=0"
+ "--group=0"
+ "--numeric-owner"
+ "--pax-option=exthdr.name=%d/PaxHeaders/%f,delete=atime,delete=ctime"
+ "-czf" "../package.tgz" ".")
#t)
(define* (install #:key outputs inputs #:allow-other-keys)
--
2.31.1
This bug report was last modified 4 years and 60 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.