From 2467b9d81f42198c475450bc5a4db9501f8b2847 Mon Sep 17 00:00:00 2001
From: Aaron Ball <nullspoon@oper.io>
Date: Mon, 26 Feb 2018 00:01:04 -0700
Subject: Fixed tar timestamping issue.

The tar command always stores last modified timestamps. Because we are
streaming the data to tar via stdin, this data is not given to tar, so
timestamp is set to the time the package is built. This causes the
package checksums to *always* differ, which is horrible for reproducible
builds.

Since we don't really care that much about source system timestamps
since the installer becomes the source of truth, we now set last
modified timestamp to 1970-01-01. This ensures that a package built at
different times but with no modifications will yield the same checksum.
---
 pkgself.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgself.sh b/pkgself.sh
index eea1718..c47a713 100755
--- a/pkgself.sh
+++ b/pkgself.sh
@@ -131,7 +131,7 @@ main() {
   printf "Reticulating splines...\n"
 
   # Package up the libinstall libraries
-  tar -C "${tmp}" -c libinstall \
+  tar -C "${tmp}" -c --mtime='1970-01-01' libinstall \
     | ${COMPRESS} > ${tmp}/libinstall.tar.${COMPRESSEXT}
   libinstallsize=$(wc -c < ${tmp}/libinstall.tar.${COMPRESSEXT})
 
@@ -140,7 +140,7 @@ main() {
   runsize="$(wc -c < ${tmp}/run.sh.${COMPRESSEXT})"
 
   # Compress and calculate byte size for payload
-  tar -c "$(basename ${PKG})" \
+  tar -c --mtime='1970-01-01' "$(basename ${PKG})" \
     | ${COMPRESS} -v > ${PKG}.tar.${COMPRESSEXT}
   payloadsize="$(wc -c < ${PKG}.tar.${COMPRESSEXT})"
 
-- 
cgit v1.2.3