Merge pull request #57559 from Ekleog/iso-image-reproducibilization

iso-image: make reproducible by not relying on mcopy's readdir
author: Graham Christensen <graham@grahamc.com> 2019-03-29 08:02:56 -0400
committer: GitHub <noreply@github.com> 2019-03-29 08:02:56 -0400
commit: bb32e322a5aa81203eb3494081539eea8a70adcb (patch)
tree: 24784d78575f97af488d7309065b1f2263e4a5a5 /nixos/modules/installer
parent: e0b4356c0dc7d35d9ee17d23b53d8c2020d4e618 (diff)
parent: f7fb88c32426ef0fc7ff075a1af70c207da5dc5a (diff)
download: nixpkgs-bb32e322a5aa81203eb3494081539eea8a70adcb.tar
nixpkgs-bb32e322a5aa81203eb3494081539eea8a70adcb.tar.gz
nixpkgs-bb32e322a5aa81203eb3494081539eea8a70adcb.tar.bz2
nixpkgs-bb32e322a5aa81203eb3494081539eea8a70adcb.tar.lz
nixpkgs-bb32e322a5aa81203eb3494081539eea8a70adcb.tar.xz
nixpkgs-bb32e322a5aa81203eb3494081539eea8a70adcb.tar.zst
nixpkgs-bb32e322a5aa81203eb3494081539eea8a70adcb.zip
1 files changed, 13 insertions, 2 deletions
diff --git a/nixos/modules/installer/cd-dvd/iso-image.nix b/nixos/modules/installer/cd-dvd/iso-image.nix
index fd780be2082..12b8d85edf3 100644
--- a/nixos/modules/installer/cd-dvd/iso-image.nix
+++ b/nixos/modules/installer/cd-dvd/iso-image.nix
@@ -338,8 +338,10 @@ let
 
   efiImg = pkgs.runCommand "efi-image_eltorito" { buildInputs = [ pkgs.mtools pkgs.libfaketime ]; }
     # Be careful about determinism: du --apparent-size,
-    #   dates (cp -p, touch, mcopy -m, faketime for label), IDs (mkfs.vfat -i)
+    #   dates (cp -p, touch, mcopy -m, faketime for label), IDs (mkfs.vfat -i),
+    #   mcopy's write order (-s uses `readdir` order)
     ''
+      # Prepare the ./EFI and ./boot directories
       mkdir ./contents && cd ./contents
       cp -rp "${efiDir}"/EFI .
       mkdir ./boot
@@ -347,6 +349,7 @@ let
         "${config.system.build.initialRamdisk}/${config.system.boot.loader.initrdFile}" ./boot/
       touch --date=@0 ./EFI ./boot
 
+      # Prepare the image file
       usage_size=$(du -sb --apparent-size . | tr -cd '[:digit:]')
       # Make the image 110% as big as the files need to make up for FAT overhead
       image_size=$(( ($usage_size * 110) / 100 ))
@@ -356,8 +359,16 @@ let
       echo "Usage size: $usage_size"
       echo "Image size: $image_size"
       truncate --size=$image_size "$out"
+
+      # Make the filesystem
       ${pkgs.libfaketime}/bin/faketime "2000-01-01 00:00:00" ${pkgs.dosfstools}/sbin/mkfs.vfat -i 12345678 -n EFIBOOT "$out"
-      mcopy -psvm -i "$out" ./EFI ./boot ::
+
+      # Copy the files
+      # Note: we can't use mcopy's recursive copying as it uses `readdir` order.
+      # So just copy file-after-file
+      find ./EFI ./boot -type f -print0 | sort -z | \
+        xargs -0I '{}' mcopy -pvm -i "$out" '{}' ::
+
       # Verify the FAT partition.
       ${pkgs.dosfstools}/sbin/fsck.vfat -vn "$out"
     ''; # */
author	Graham Christensen <graham@grahamc.com>	2019-03-29 08:02:56 -0400
committer	GitHub <noreply@github.com>	2019-03-29 08:02:56 -0400
commit	bb32e322a5aa81203eb3494081539eea8a70adcb (patch)
tree	24784d78575f97af488d7309065b1f2263e4a5a5 /nixos/modules/installer
parent	e0b4356c0dc7d35d9ee17d23b53d8c2020d4e618 (diff)
parent	f7fb88c32426ef0fc7ff075a1af70c207da5dc5a (diff)
download	nixpkgs-bb32e322a5aa81203eb3494081539eea8a70adcb.tar nixpkgs-bb32e322a5aa81203eb3494081539eea8a70adcb.tar.gz nixpkgs-bb32e322a5aa81203eb3494081539eea8a70adcb.tar.bz2 nixpkgs-bb32e322a5aa81203eb3494081539eea8a70adcb.tar.lz nixpkgs-bb32e322a5aa81203eb3494081539eea8a70adcb.tar.xz nixpkgs-bb32e322a5aa81203eb3494081539eea8a70adcb.tar.zst nixpkgs-bb32e322a5aa81203eb3494081539eea8a70adcb.zip