diff options
author | Thomas Watson <twatson52@icloud.com> | 2022-03-26 18:34:30 -0500 |
---|---|---|
committer | Thomas Watson <twatson52@icloud.com> | 2022-04-14 19:06:30 -0500 |
commit | 7fd6cea253a27d3c0660a4c21774c9697a655661 (patch) | |
tree | 89c62665b61d4a124b198374cccf406bfa96d3a1 /nixos | |
parent | a9414de1228089d5e95eb478b1bb7d150e65600b (diff) | |
download | nixlib-7fd6cea253a27d3c0660a4c21774c9697a655661.tar nixlib-7fd6cea253a27d3c0660a4c21774c9697a655661.tar.gz nixlib-7fd6cea253a27d3c0660a4c21774c9697a655661.tar.bz2 nixlib-7fd6cea253a27d3c0660a4c21774c9697a655661.tar.lz nixlib-7fd6cea253a27d3c0660a4c21774c9697a655661.tar.xz nixlib-7fd6cea253a27d3c0660a4c21774c9697a655661.tar.zst nixlib-7fd6cea253a27d3c0660a4c21774c9697a655661.zip |
make-initrd: fix reproducibility problems
cpio includes the number of directory hard links in archives it creates. Some filesystems, like btrfs, do not count directory hard links the same way as more common filesystems like ext4 or tmpfs, so archives built when /tmp is on such a filesystem do not reproduce. This patch replaces cpio with bsdtar, which does not have this issue. The specific invocation is from this page: https://reproducible-builds.org/docs/archives/
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/system/boot/stage-1.nix | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/nixos/modules/system/boot/stage-1.nix b/nixos/modules/system/boot/stage-1.nix index 8b011d91563f..be700d9767fd 100644 --- a/nixos/modules/system/boot/stage-1.nix +++ b/nixos/modules/system/boot/stage-1.nix @@ -400,7 +400,7 @@ let ${lib.optionalString (config.boot.initrd.secrets == {}) "exit 0"} - export PATH=${pkgs.coreutils}/bin:${pkgs.cpio}/bin:${pkgs.gzip}/bin:${pkgs.findutils}/bin + export PATH=${pkgs.coreutils}/bin:${pkgs.libarchive}/bin:${pkgs.gzip}/bin:${pkgs.findutils}/bin function cleanup { if [ -n "$tmp" -a -d "$tmp" ]; then @@ -420,7 +420,7 @@ let ) config.boot.initrd.secrets) } - (cd "$tmp" && find . -print0 | sort -z | cpio --quiet -o -H newc -R +0:+0 --reproducible --null) | \ + (cd "$tmp" && find . -print0 | sort -z | bsdtar --uid 0 --gid 0 -cnf - -T - | bsdtar --null -cf - --format=newc @-) | \ ${compressorExe} ${lib.escapeShellArgs initialRamdisk.compressorArgs} >> "$1" ''; |