nixos/dockerTools: make buildImageWithNixDb reproducible

The loaded database contains timestamps of when the nix paths were registered. Depending on the host store, these can differ between runs. Resetting them to a well known values ensures that the produced image is reproducible.
author: pigeon <fnoegip@gmail.com> 2024-02-18 21:15:26 +0100
committer: Jonas Fierlings <fnoegip@gmail.com> 2024-02-18 21:16:35 +0100
commit: 2cea1dce6d9782a735101117dca35909aeabde70 (patch)
tree: a84c7d601705ca5eb33776a01790c96c4145bafc /pkgs/build-support/docker
parent: 0e289490f5b9789fe7cc6856633ee4ec01191e79 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/pkgs/build-support/docker/default.nix b/pkgs/build-support/docker/default.nix
index 3f61ecdb2a461..7af7c7e3ff23e 100644
--- a/pkgs/build-support/docker/default.nix
+++ b/pkgs/build-support/docker/default.nix
@@ -62,6 +62,8 @@ let
       # https://github.com/NixOS/nix/blob/9348f9291e5d9e4ba3c4347ea1b235640f54fd79/src/libutil/util.cc#L478
       export USER=nobody
       ${buildPackages.nix}/bin/nix-store --load-db < ${closureInfo {rootPaths = contentsList;}}/registration
+      # Reset registration times to make the image reproducible
+      ${buildPackages.sqlite}/bin/sqlite3 nix/var/nix/db/db.sqlite "UPDATE ValidPaths SET registrationTime = ''${SOURCE_DATE_EPOCH}"
 
       mkdir -p nix/var/nix/gcroots/docker/
       for i in ${lib.concatStringsSep " " contentsList}; do
author	pigeon <fnoegip@gmail.com>	2024-02-18 21:15:26 +0100
committer	Jonas Fierlings <fnoegip@gmail.com>	2024-02-18 21:16:35 +0100
commit	2cea1dce6d9782a735101117dca35909aeabde70 (patch)
tree	a84c7d601705ca5eb33776a01790c96c4145bafc /pkgs/build-support/docker
parent	0e289490f5b9789fe7cc6856633ee4ec01191e79 (diff)