42 lines
1.8 KiB
Bash
42 lines
1.8 KiB
Bash
#!/hint/bash -euE
|
|
# Copyright (C) 2023-2024 Umorpha Systems
|
|
# SPDX-License-Identifier: AGPL-3.0-or-later
|
|
|
|
post_install+=(79:reproducible:rm)
|
|
reproducible:rm() {
|
|
local arg_mountpoint=$1
|
|
|
|
# Base images are not currently reproducible, because of the files:
|
|
|
|
# - /etc/machine-id
|
|
# source: /var/lib/pacman/local/systemd-*/install -> systemd:/usr/bin/systemd-machine-id-setup
|
|
# solution: should probably have a machine-id config option
|
|
rm -f -- "$arg_mountpoint"/etc/machine-id
|
|
|
|
# - /etc/ssl/certs/java/cacerts
|
|
# source: ca-certificate-utils:/usr/share/libalpm/hooks/40-update-ca-trust.hook -> ca-certificate-utils:/usr/bin/update-ca-trust -> p11-kit:/usr/bin/trust
|
|
# solution: should contribute a patch to p11-kit to make it reproducible
|
|
rm -f -- "$arg_mountpoint"/etc/ssl/certs/java/cacerts
|
|
|
|
# - /var/cache/ldconfig/aux-cache
|
|
# source: /var/lib/pacman/local/glibc-*/install -> glibc:/usr/bin/ldconfig
|
|
# solution: should contribute a patch to glibc to make it reproducible
|
|
rm -f -- "$arg_mountpoint"/var/cache/ldconfig/aux-cache
|
|
|
|
# - /var/log/pacman.log
|
|
# source: duh
|
|
# solution: IDK yet. Part of me thinks I should just `rm`
|
|
# it. Part of me thinks that I should fuss with the
|
|
# bootstrap pacman config to have it not be generated.
|
|
# Part of me thinks I should figure out how to get the
|
|
# file to be reproducible. If we do keep the file, but
|
|
# make it reproducible, there are 3 things that need to happen:
|
|
# 1. Have the pre-downloading runs not log to it.
|
|
# Reproducible-wise, they include tmpdir paths, but
|
|
# also they just don't belong.
|
|
# 2. Clamp the leading timestamps to SOURCE_DATE_EPOCH.
|
|
# 3. Sanitize the tmpdir path from the "Running 'pacman
|
|
# -r …'" line from the `pacstrap` run.
|
|
rm -f -- "$arg_mountpoint"/var/log/pacman.log
|
|
}
|