docker: Pass '--hard-dereference' to 'tar' to ensure reproducible builds.

Reported by zimoun at <https://lists.gnu.org/archive/html/guix-devel/2021-02/msg00053.html>. * guix/docker.scm (%tar-determinism-options): Add '--hard-dereference'. Co-authored-by: zimoun <zimon.toutoune@gmail.com>
2021-02-08 22:23:09 +01:00 · 2021-02-08 22:23:09 +01:00 · 18a4882e30
commit 18a4882e30
parent 7c1a30f563
1 changed files with 9 additions and 2 deletions
--- a/guix/docker.scm
+++ b/guix/docker.scm
@ -1,6 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
-;;; Copyright © 2017, 2018, 2019 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2017, 2018, 2019, 2021 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2018 Chris Marusich <cmmarusich@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
@ -113,7 +113,14 @@ Return a version of TAG that follows these rules."
 (define %tar-determinism-options
  ;; GNU tar options to produce archives deterministically.
  '("--sort=name" "--mtime=@1"
-    "--owner=root:0" "--group=root:0"))
+    "--owner=root:0" "--group=root:0"
+
+    ;; When 'build-docker-image' is passed store items, the 'nlink' of the
+    ;; files therein leads tar to store hard links instead of actual copies.
+    ;; However, the 'nlink' count depends on deduplication in the store; it's
+    ;; an "implicit input" to the build process.  '--hard-dereference'
+    ;; eliminates it.
+    "--hard-dereference"))

 (define directive-file
  ;; Return the file or directory created by a 'evaluate-populate-directive'