0aeba64fb2
the nix store may contain hardlinks: derivations may output them directly, or users may be using store optimization which automatically hardlinks identical files in the nix store. The presence of these links are intended to be a 'transparent' optimization. However, when creating a squashfs image, the image will be different depending on whether hard links were present on the filesystem, leading to reproducibility problems. By passing '-no-hardlinks' to mksquashfs the files are stored as duplicates in the squashfs image. Since squashfs has support for duplicate files this does not lead to a larger image. For more details see https://github.com/NixOS/nixpkgs/issues/114331
28 lines
847 B
Nix
28 lines
847 B
Nix
{ stdenv, squashfsTools, closureInfo
|
|
|
|
, # The root directory of the squashfs filesystem is filled with the
|
|
# closures of the Nix store paths listed here.
|
|
storeContents ? []
|
|
, # Compression parameters.
|
|
# For zstd compression you can use "zstd -Xcompression-level 6".
|
|
comp ? "xz -Xdict-size 100%"
|
|
}:
|
|
|
|
stdenv.mkDerivation {
|
|
name = "squashfs.img";
|
|
|
|
nativeBuildInputs = [ squashfsTools ];
|
|
|
|
buildCommand =
|
|
''
|
|
closureInfo=${closureInfo { rootPaths = storeContents; }}
|
|
|
|
# Also include a manifest of the closures in a format suitable
|
|
# for nix-store --load-db.
|
|
cp $closureInfo/registration nix-path-registration
|
|
|
|
# Generate the squashfs image.
|
|
mksquashfs nix-path-registration $(cat $closureInfo/store-paths) $out \
|
|
-no-hardlinks -keep-as-directory -all-root -b 1048576 -comp ${comp}
|
|
'';
|
|
}
|