~aasg/haunted-blog

4ed72b228037ce7a2f85a456b5b61def3d7b6114 — Aluísio Augusto Silva Gonçalves 4 months ago 60e2e2a
flake: Make output deterministic

Patch timestamps to align with the timestamp of the latest commit, and
fix a namespace-like URL to not include a random UUID.

I considered using libfaketime but it made reuse hang, and with just two
timestamps it may have been too heavy-handed anyway.

self.rev is not available when the Git worktree is dirty, but that
should not be a problem for published builds.
1 files changed, 9 insertions(+), 1 deletions(-)

M flake.nix
M flake.nix => flake.nix +9 -1
@@ 18,14 18,22 @@
            src = self;

            LANG = "C.UTF-8";
            SOURCE_DATE_EPOCH = toString self.lastModified;

            nativeBuildInputs = with final; [ haunt pandoc reuse ];
            nativeBuildInputs = with final; [ haunt moreutils pandoc reuse xmlstarlet ];
            buildInputs = with final; [ guile guile-json ];
            buildPhase = ''
              cd $src
              export HAUNT_DESTDIR=$out
              haunt build
              reuse spdx -o $out/files/reuse.spdx
              # Patch non-reproducible strings in the output.
              ISO8601_FAKETIME=$(date --utc --date @$SOURCE_DATE_EPOCH '+%FT%TZ')
              xml edit --update '/_:feed/_:updated' -v "$ISO8601_FAKETIME" $out/feed.xml | sponge $out/feed.xml
              sed -i \
                -e "/^Created:/c Created: $ISO8601_FAKETIME" \
                -e "/^DocumentNamespace:/c DocumentNamespace: https://aasg.name/files/reuse.spdx?src=${self.rev or ""}" \
                $out/files/reuse.spdx
            '';

            dontInstall = true;