osi-tools/test/mod-reproducible.sh

42 lines
1.8 KiB
Bash

#!/hint/bash -euE
# Copyright (C) 2023-2024 Umorpha Systems
# SPDX-License-Identifier: AGPL-3.0-or-later
post_install+=(79:reproducible:rm)
reproducible:rm() {
local arg_mountpoint=$1
# Base images are not currently reproducible, because of the files:
# - /etc/machine-id
# source: /var/lib/pacman/local/systemd-*/install -> systemd:/usr/bin/systemd-machine-id-setup
# solution: should probably have a machine-id config option
rm -f -- "$arg_mountpoint"/etc/machine-id
# - /etc/ssl/certs/java/cacerts
# source: ca-certificate-utils:/usr/share/libalpm/hooks/40-update-ca-trust.hook -> ca-certificate-utils:/usr/bin/update-ca-trust -> p11-kit:/usr/bin/trust
# solution: should contribute a patch to p11-kit to make it reproducible
rm -f -- "$arg_mountpoint"/etc/ssl/certs/java/cacerts
# - /var/cache/ldconfig/aux-cache
# source: /var/lib/pacman/local/glibc-*/install -> glibc:/usr/bin/ldconfig
# solution: should contribute a patch to glibc to make it reproducible
rm -f -- "$arg_mountpoint"/var/cache/ldconfig/aux-cache
# - /var/log/pacman.log
# source: duh
# solution: IDK yet. Part of me thinks I should just `rm`
# it. Part of me thinks that I should fuss with the
# bootstrap pacman config to have it not be generated.
# Part of me thinks I should figure out how to get the
# file to be reproducible. If we do keep the file, but
# make it reproducible, there are 3 things that need to happen:
# 1. Have the pre-downloading runs not log to it.
# Reproducible-wise, they include tmpdir paths, but
# also they just don't belong.
# 2. Clamp the leading timestamps to SOURCE_DATE_EPOCH.
# 3. Sanitize the tmpdir path from the "Running 'pacman
# -r …'" line from the `pacstrap` run.
rm -f -- "$arg_mountpoint"/var/log/pacman.log
}