From 1e075efbe65794de2accbbd3153d3e0a404fca4d Mon Sep 17 00:00:00 2001
From: Felix Abecassis <fabecassis@nvidia.com>
Date: Sat, 4 Apr 2020 00:45:45 -0700
Subject: [PATCH] Add support for reproducible images/bundles

---
 src/docker.sh  | 8 ++++++--
 src/runtime.sh | 8 ++++++--
 2 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/src/docker.sh b/src/docker.sh
index f207c55..493c9f0 100644
--- a/src/docker.sh
+++ b/src/docker.sh
@@ -235,7 +235,7 @@ docker::configure() {
 docker::import() (
     local -r uri="$1"
     local filename="$2" arch="$3"
-    local layers=() config= image= registry= tag= user= tmpdir=
+    local layers=() config= image= registry= tag= user= tmpdir= timestamp=()
 
     common::checkcmd curl grep awk jq parallel tar "${ENROOT_GZIP_PROGRAM}" find mksquashfs zstd
 
@@ -308,11 +308,15 @@ docker::import() (
     zstd -q -d -o config "${ENROOT_CACHE_PATH}/${config}"
     docker::configure "${PWD}/0" config "${arch}"
 
+    if [ -n "${SOURCE_DATE_EPOCH-}" ]; then
+        timestamp=("-mkfs-time" "${SOURCE_DATE_EPOCH}" "-all-time" "${SOURCE_DATE_EPOCH}")
+    fi
+
     # Create the final squashfs filesystem by overlaying all the layers.
     common::log INFO "Creating squashfs filesystem..." NL
     mkdir rootfs
     MOUNTPOINT="${PWD}/rootfs" \
-    enroot-mksquashovlfs "0:$(seq -s: 1 "${#layers[@]}")" "${filename}" -all-root ${TTY_OFF+-no-progress} -processors "${ENROOT_MAX_PROCESSORS}" ${ENROOT_SQUASH_OPTIONS} >&2
+    enroot-mksquashovlfs "0:$(seq -s: 1 "${#layers[@]}")" "${filename}" ${timestamp[@]+"${timestamp[@]}"} -all-root ${TTY_OFF+-no-progress} -processors "${ENROOT_MAX_PROCESSORS}" ${ENROOT_SQUASH_OPTIONS} >&2
 )
 
 docker::daemon::import() (
diff --git a/src/runtime.sh b/src/runtime.sh
index 19752fe..359a952 100644
--- a/src/runtime.sh
+++ b/src/runtime.sh
@@ -559,7 +559,7 @@ runtime::remove() {
 
 runtime::bundle() (
     local image="$1" filename="$2" target="$3" desc="$4"
-    local super= tmpdir= compress=
+    local super= tmpdir= compress= timestamp=
 
     common::checkcmd unsquashfs find awk grep
 
@@ -625,8 +625,12 @@ runtime::bundle() (
         [ -d "${environ_dirs[1]}" ] && cp -Lpr "${environ_dirs[1]}" "${tmpdir}${bundle_usrconf_dir}"
     fi
 
+    if [ -n "${SOURCE_DATE_EPOCH-}" ]; then
+        timestamp="--mtime=@${SOURCE_DATE_EPOCH}"
+    fi
+
     # Make a self-extracting archive with the entrypoint being our bundle script.
-    enroot-makeself --tar-quietly --tar-extra '--numeric-owner --owner=0 --group=0 --ignore-failed-read' \
+    enroot-makeself --tar-quietly --tar-extra "--numeric-owner --owner=0 --group=0 --ignore-failed-read ${timestamp}" \
       --nomd5 --nocrc ${ENROOT_BUNDLE_CHECKSUM:+--sha256} --header "${ENROOT_LIBRARY_PATH}/bundle.sh" "${compress}" \
       --target "${target}" "${tmpdir}" "${filename}" "${desc}" -- \
       "${bundle_bin_dir}" "${bundle_lib_dir}" "${bundle_envconf}" "${bundle_sysconf_dir}" "${bundle_usrconf_dir}" >&2