nixpkgs/nixos/lib/make-squashfs.nix
Arnout Engelen 0aeba64fb2
squashfs: use -no-hardlinks for reproducible squashfs images (#114454)
the nix store may contain hardlinks: derivations may output them
directly, or users may be using store optimization which automatically
hardlinks identical files in the nix store.

The presence of these links are intended to be a 'transparent'
optimization. However, when creating a squashfs image, the image
will be different depending on whether hard links were present
on the filesystem, leading to reproducibility problems.

By passing '-no-hardlinks' to mksquashfs the files are stored
as duplicates in the squashfs image. Since squashfs has support
for duplicate files this does not lead to a larger image.

For more details see
https://github.com/NixOS/nixpkgs/issues/114331
2021-02-28 18:03:50 +00:00

28 lines
847 B
Nix

{ stdenv, squashfsTools, closureInfo
, # The root directory of the squashfs filesystem is filled with the
# closures of the Nix store paths listed here.
storeContents ? []
, # Compression parameters.
# For zstd compression you can use "zstd -Xcompression-level 6".
comp ? "xz -Xdict-size 100%"
}:
stdenv.mkDerivation {
name = "squashfs.img";
nativeBuildInputs = [ squashfsTools ];
buildCommand =
''
closureInfo=${closureInfo { rootPaths = storeContents; }}
# Also include a manifest of the closures in a format suitable
# for nix-store --load-db.
cp $closureInfo/registration nix-path-registration
# Generate the squashfs image.
mksquashfs nix-path-registration $(cat $closureInfo/store-paths) $out \
-no-hardlinks -keep-as-directory -all-root -b 1048576 -comp ${comp}
'';
}