On 13 Dec 2021 12:30, Sergey Poznyakoff wrote: > Regarding reproducible build concerns, expressed by Paul: I don't > believe it is an issue. Reproducible tarballs in PAX format are > easily made with the following option: > > --pax-option=exthdr.name=%d/PaxHeaders/%f,atime:=0,ctime:=0 > > (btw, it is mentioned in the tar docs as well).
there's also the matter of uid/gid, albeit to a lesser degree. GNU ar has a "deterministic mode" to throw all of these issues into one easy flag for users. maybe GNU tar should grow a similar option ? i think it's pretty error prone to expect people to know the full command line they have to use in order to get something basic like reproducible archives. especially if it changes by format. atm, i think the full command line is: LC_COLLATE=C tar \ --format=pax \ --sort=name \ --owner=0 --group=0 \ --pax-option=exthdr.name=%d/PaxHeaders/%f,atime:=0,ctime:=0 \ -cf foo.tar foo/ use of --mtime=0 is prob debatable. -mike
signature.asc
Description: PGP signature