diff options
| author | Aaron Ball <nullspoon@oper.io> | 2018-02-26 00:01:04 -0700 |
|---|---|---|
| committer | Aaron Ball <nullspoon@oper.io> | 2018-02-26 00:01:04 -0700 |
| commit | 2467b9d81f42198c475450bc5a4db9501f8b2847 (patch) | |
| tree | b8c28b6ae335ca971317c3330f61ab52c9903356 | |
| parent | f42923bddae7aa98065850f709e4f3bbce870dd2 (diff) | |
| download | pkgself-2467b9d81f42198c475450bc5a4db9501f8b2847.tar.gz pkgself-2467b9d81f42198c475450bc5a4db9501f8b2847.tar.xz | |
Fixed tar timestamping issue.
The tar command always stores last modified timestamps. Because we are
streaming the data to tar via stdin, this data is not given to tar, so
timestamp is set to the time the package is built. This causes the
package checksums to *always* differ, which is horrible for reproducible
builds.
Since we don't really care that much about source system timestamps
since the installer becomes the source of truth, we now set last
modified timestamp to 1970-01-01. This ensures that a package built at
different times but with no modifications will yield the same checksum.
| -rwxr-xr-x | pkgself.sh | 4 |
1 files changed, 2 insertions, 2 deletions
@@ -131,7 +131,7 @@ main() { printf "Reticulating splines...\n" # Package up the libinstall libraries - tar -C "${tmp}" -c libinstall \ + tar -C "${tmp}" -c --mtime='1970-01-01' libinstall \ | ${COMPRESS} > ${tmp}/libinstall.tar.${COMPRESSEXT} libinstallsize=$(wc -c < ${tmp}/libinstall.tar.${COMPRESSEXT}) @@ -140,7 +140,7 @@ main() { runsize="$(wc -c < ${tmp}/run.sh.${COMPRESSEXT})" # Compress and calculate byte size for payload - tar -c "$(basename ${PKG})" \ + tar -c --mtime='1970-01-01' "$(basename ${PKG})" \ | ${COMPRESS} -v > ${PKG}.tar.${COMPRESSEXT} payloadsize="$(wc -c < ${PKG}.tar.${COMPRESSEXT})" |