From e3cd6444584dc2d018a39ad7f94769caf043e621 Mon Sep 17 00:00:00 2001
From: Ning Shang <syncom.dev@gmail.com>
Date: Fri, 16 Apr 2021 10:15:25 -0700
Subject: iso-image: Use fixed-order mcopy instead of file globbing

mcopy file globbing is non-deterministic with respect to the underlying file
system. As a result, the current mcopy approach is less likely to reproduce
efi.img on different machines. We replace mcopy file globbing with
fixed-order mmd and mcopy operations for better determinism. We also use
faketime on mmd for the same reason. We use faketime, mmd, and mcopy
directly, becase they are already in PATH.

Thank misuzu@ for the feedback.
---
 nixos/modules/installer/cd-dvd/iso-image.nix | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

(limited to 'nixos/modules/installer/cd-dvd/iso-image.nix')

diff --git a/nixos/modules/installer/cd-dvd/iso-image.nix b/nixos/modules/installer/cd-dvd/iso-image.nix
index 324b38070e4..5910bfc05ac 100644
--- a/nixos/modules/installer/cd-dvd/iso-image.nix
+++ b/nixos/modules/installer/cd-dvd/iso-image.nix
@@ -415,7 +415,24 @@ let
       echo "Image size: $image_size"
       truncate --size=$image_size "$out"
       faketime "2000-01-01 00:00:00" mkfs.vfat -i 12345678 -n EFIBOOT "$out"
-      mcopy -psvm -i "$out" ./EFI ./boot ::
+
+      # Force a fixed order in mcopy for better determinism, and avoid file globbing
+      for d in $(find EFI -type d | sort); do
+        faketime "2000-01-01 00:00:00" mmd -i "$out" "::/$d"
+      done
+
+      for d in $(find boot -type d | sort); do
+        faketime "2000-01-01 00:00:00" mmd -i "$out" "::/$d"
+      done
+
+      for f in $(find EFI -type f | sort); do
+        mcopy -pvm -i "$out" "$f" "::/$f"
+      done
+
+      for f in $(find boot -type f | sort); do
+        mcopy -pvm -i "$out" "$f" "::/$f"
+      done
+
       # Verify the FAT partition.
       fsck.vfat -vn "$out"
     ''; # */
-- 
cgit 1.4.1