docker: Pass '--hard-dereference' to 'tar' to ensure reproducible builds.

Reported by zimoun at
<https://lists.gnu.org/archive/html/guix-devel/2021-02/msg00053.html>.

* guix/docker.scm (%tar-determinism-options): Add '--hard-dereference'.

Co-authored-by: zimoun <zimon.toutoune@gmail.com>
This commit is contained in:
Ludovic Courtès 2021-02-08 22:23:09 +01:00
parent 7c1a30f563
commit 18a4882e30
No known key found for this signature in database
GPG key ID: 090B11993D9AEBB5

View file

@ -1,6 +1,6 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
;;; Copyright © 2017, 2018, 2019 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2017, 2018, 2019, 2021 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2018 Chris Marusich <cmmarusich@gmail.com>
;;;
;;; This file is part of GNU Guix.
@ -113,7 +113,14 @@ (define* (config layer time arch #:key entry-point (environment '()))
(define %tar-determinism-options
;; GNU tar options to produce archives deterministically.
'("--sort=name" "--mtime=@1"
"--owner=root:0" "--group=root:0"))
"--owner=root:0" "--group=root:0"
;; When 'build-docker-image' is passed store items, the 'nlink' of the
;; files therein leads tar to store hard links instead of actual copies.
;; However, the 'nlink' count depends on deduplication in the store; it's
;; an "implicit input" to the build process. '--hard-dereference'
;; eliminates it.
"--hard-dereference"))
(define directive-file
;; Return the file or directory created by a 'evaluate-populate-directive'