From e29b971accc389bda1f58b51e230a7fa25bf315c Mon Sep 17 00:00:00 2001
From: Julian Andres Klode <julian.klode@canonical.com>
Date: Mon, 14 Nov 2022 12:16:29 +0100
Subject: [PATCH] make-archive: Build reproducible tarball

Remove timestamps, user names, etc. from the tarball so that
it can be built reproducibly by multiple people, on different
machines.

The outer bzip2 layer might still be different, no reproducible
bzip2 known.

Signed-off-by: Julian Andres Klode <julian.klode@canonical.com>
---
 make-archive | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/make-archive b/make-archive
index d4f095f0a..9ae9eef07 100755
--- a/make-archive
+++ b/make-archive
@@ -86,14 +86,16 @@ main() {
 	cd ..
 	if [ "x" = "x${SHIM_GIT_TAG}" ] ; then
 		git archive --format=tar "$(git log -1 --pretty=format:%h)" | ( cd "${ARCHIVE_DIR}/shim-${VERSION}" ; tar x )
+		TIMESTAMP=0
 	else
 		# ORIGIN doesn't yet have this tag
 		git archive --format=tar "${SHIM_GIT_TAG}" | ( cd "${ARCHIVE_DIR}/shim-${VERSION}" ; tar x )
+		TIMESTAMP=$(git log -1 --pretty=%ct "${SHIM_GIT_TAG}")
 	fi
 	git log -1 --pretty=format:%H > "${ARCHIVE_DIR}/shim-${VERSION}/commit"
 	DIR="$PWD"
 	cd "${ARCHIVE_DIR}"
-	tar -c --bzip2 -f "${DIR}/shim-${VERSION}.tar.bz2" "shim-${VERSION}"
+	tar -c --sort=name --mtime="@${TIMESTAMP}" --owner=0 --group=0 --numeric-owner --pax-option=exthdr.name=%d/PaxHeaders/%f,delete=atime,delete=ctime --bzip2 -f "${DIR}/shim-${VERSION}.tar.bz2" "shim-${VERSION}"
 	rm -rf "${ARCHIVE_DIR}"
 	echo "The archive is in shim-${VERSION}.tar.bz2"
 	exit 0