Commit b318b8a3 authored by Jon Hermansen's avatar Jon Hermansen
Browse files

k3s: fix build reproducibility 

The upstream build script's tar produces non-deterministic output due to
filesystem file ordering and build-time timestamps. Add --sort=name and
--mtime=@0 to make the embedded data tarball reproducible.

Fixes #430225
parent ea7bf5de

pkgs/applications/networking/cluster/k3s/builder.nix

+4 −0
Original line number Diff line number Diff line
@@ -393,6 +393,10 @@ buildGoModule (finalAttrs: { 
      --replace-fail '"$LDFLAGS $STATIC" -o' \

                '"$LDFLAGS" -o'



    # Ensure the embedded tarball is reproducible: sort file order and clamp timestamps

    substituteInPlace scripts/package-cli \

      --replace-fail 'tar cvf' 'tar c --sort=name --mtime=@0 -vf'



    # Add the -e flag to process "errornous" packages. We need to modify this because the upstream

    # build-time version detection doesn't work with a vendor directory.

    substituteInPlace scripts/version.sh \