Merge pull request #165892 from tpwrules/fix-initrd-dirlinks

make-initrd: fix reproducibility problems
2 years ago · 98ff3e401c
parent d9309f43b3 7fd6cea253
commit 98ff3e401c
3 changed files with 5 additions and 5 deletions
--- a/nixos/modules/system/boot/stage-1.nix
+++ b/nixos/modules/system/boot/stage-1.nix
@ -420,7 +420,7 @@ let
        ${lib.optionalString (config.boot.initrd.secrets == {})
            "exit 0"}

-        export PATH=${pkgs.coreutils}/bin:${pkgs.cpio}/bin:${pkgs.gzip}/bin:${pkgs.findutils}/bin
+        export PATH=${pkgs.coreutils}/bin:${pkgs.libarchive}/bin:${pkgs.gzip}/bin:${pkgs.findutils}/bin

        function cleanup {
          if [ -n "$tmp" -a -d "$tmp" ]; then
@ -440,7 +440,7 @@ let
          ) config.boot.initrd.secrets)
         }

-        (cd "$tmp" && find . -print0 | sort -z | cpio --quiet -o -H newc -R +0:+0 --reproducible --null) | \
+        (cd "$tmp" && find . -print0 | sort -z | bsdtar --uid 0 --gid 0 -cnf - -T - | bsdtar --null -cf - --format=newc @-) | \
          ${compressorExe} ${lib.escapeShellArgs initialRamdisk.compressorArgs} >> "$1"
      '';

--- a/pkgs/build-support/kernel/make-initrd.nix
+++ b/pkgs/build-support/kernel/make-initrd.nix
@ -18,7 +18,7 @@ let
  # compression type and filename extension.
  compressorName = fullCommand: builtins.elemAt (builtins.match "([^ ]*/)?([^ ]+).*" fullCommand) 1;
 in
-{ stdenvNoCC, perl, cpio, ubootTools, lib, pkgsBuildHost
+{ stdenvNoCC, perl, libarchive, ubootTools, lib, pkgsBuildHost
 # Name of the derivation (not of the resulting file!)
 , name ? "initrd"

@ -82,7 +82,7 @@ in stdenvNoCC.mkDerivation rec {

  builder = ./make-initrd.sh;

-  nativeBuildInputs = [ perl cpio ]
+  nativeBuildInputs = [ perl libarchive ]
    ++ lib.optional makeUInitrd ubootTools;

  compress = "${_compressorExecutable} ${lib.escapeShellArgs _compressorArgsReal}";
--- a/pkgs/build-support/kernel/make-initrd.sh
+++ b/pkgs/build-support/kernel/make-initrd.sh
@ -40,7 +40,7 @@ for PREP in $prepend; do
  cat $PREP >> $out/initrd
 done
 (cd root && find * .[^.*] -exec touch -h -d '@1' '{}' +)
-(cd root && find * .[^.*] -print0 | sort -z | cpio -o -H newc -R +0:+0 --reproducible --null | eval -- $compress >> "$out/initrd")
+(cd root && find * .[^.*] -print0 | sort -z | bsdtar --uid 0 --gid 0 -cnf - -T - | bsdtar --null -cf - --format=newc @- | eval -- $compress >> "$out/initrd")

 if [ -n "$makeUInitrd" ]; then
    mkimage -A "$uInitrdArch" -O linux -T ramdisk -C "$uInitrdCompression" -d "$out/initrd" $out/initrd.img