From 18a4882e3029a084d2f0c63d9d0148682a854546 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@gnu.org>
Date: Mon, 8 Feb 2021 22:23:09 +0100
Subject: [PATCH] docker: Pass '--hard-dereference' to 'tar' to ensure
 reproducible builds.

Reported by zimoun at
<https://lists.gnu.org/archive/html/guix-devel/2021-02/msg00053.html>.

* guix/docker.scm (%tar-determinism-options): Add '--hard-dereference'.

Co-authored-by: zimoun <zimon.toutoune@gmail.com>
---
 guix/docker.scm | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/guix/docker.scm b/guix/docker.scm
index 97ac6d982b..889aaeacb5 100644
--- a/guix/docker.scm
+++ b/guix/docker.scm
@@ -1,6 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
-;;; Copyright © 2017, 2018, 2019 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2017, 2018, 2019, 2021 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2018 Chris Marusich <cmmarusich@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
@@ -113,7 +113,14 @@ (define* (config layer time arch #:key entry-point (environment '()))
 (define %tar-determinism-options
   ;; GNU tar options to produce archives deterministically.
   '("--sort=name" "--mtime=@1"
-    "--owner=root:0" "--group=root:0"))
+    "--owner=root:0" "--group=root:0"
+
+    ;; When 'build-docker-image' is passed store items, the 'nlink' of the
+    ;; files therein leads tar to store hard links instead of actual copies.
+    ;; However, the 'nlink' count depends on deduplication in the store; it's
+    ;; an "implicit input" to the build process.  '--hard-dereference'
+    ;; eliminates it.
+    "--hard-dereference"))
 
 (define directive-file
   ;; Return the file or directory created by a 'evaluate-populate-directive'