From a87ee089118ec26656183724c968a9a228cbc002 Mon Sep 17 00:00:00 2001
From: "Lance R. Vick" <lance@lrvick.net>
Date: Tue, 16 Jan 2024 16:41:32 -0800
Subject: [PATCH] deterministic stage0

---
 src/bootstrap/stage0/Dockerfile | 24 +++++++++++++++---------
 1 file changed, 15 insertions(+), 9 deletions(-)

diff --git a/src/bootstrap/stage0/Dockerfile b/src/bootstrap/stage0/Dockerfile
index 82f57ed..cc27fcc 100644
--- a/src/bootstrap/stage0/Dockerfile
+++ b/src/bootstrap/stage0/Dockerfile
@@ -18,10 +18,12 @@ RUN set -eux; \
     echo "${SRC_HASH}  stage0-posix-${VERSION}.tar.gz" | sha256sum -c; \
     tar -xf stage0-posix-${VERSION}.tar.gz
 WORKDIR stage0-posix-${VERSION}
-RUN bootstrap-seeds/POSIX/x86/kaem-optional-seed
-RUN mkdir -p /rootfs && cp -R * /rootfs/
+RUN set -eux; \
+    bootstrap-seeds/POSIX/x86/kaem-optional-seed; \
+    mkdir -p /rootfs && cp -R * /rootfs/
 WORKDIR /rootfs
-RUN sha256sum x86/bin/* > hashes.txt
+RUN sha256sum x86/bin/* > hashes.txt; \
+    find . -exec touch -hcd "@0" "{}" +
 
 FROM archlinux as build2
 ARG VERSION
@@ -36,10 +38,12 @@ RUN set -eux; \
     echo "${SRC_HASH}  stage0-posix-${VERSION}.tar.gz" | sha256sum -c; \
     tar -xf stage0-posix-${VERSION}.tar.gz
 WORKDIR stage0-posix-${VERSION}
-RUN bootstrap-seeds/POSIX/x86/kaem-optional-seed
-RUN mkdir -p /rootfs && cp -R * /rootfs/
+RUN set -eux; \
+    bootstrap-seeds/POSIX/x86/kaem-optional-seed; \
+    mkdir -p /rootfs && cp -R * /rootfs/
 WORKDIR /rootfs
-RUN sha256sum x86/bin/* > hashes.txt
+RUN sha256sum x86/bin/* > hashes.txt; \
+    find . -exec touch -hcd "@0" "{}" +
 
 FROM alpine as build3
 ARG VERSION
@@ -54,10 +58,12 @@ RUN set -eux; \
     echo "${SRC_HASH}  stage0-posix-${VERSION}.tar.gz" | sha256sum -c; \
     tar -xf stage0-posix-${VERSION}.tar.gz
 WORKDIR stage0-posix-${VERSION}
-RUN bootstrap-seeds/POSIX/x86/kaem-optional-seed
-RUN mkdir -p /rootfs && cp -R * /rootfs/
+RUN set -eux; \
+    bootstrap-seeds/POSIX/x86/kaem-optional-seed; \
+    mkdir -p /rootfs && cp -R * /rootfs/
 WORKDIR /rootfs
-RUN sha256sum x86/bin/* > hashes.txt
+RUN sha256sum x86/bin/* > hashes.txt; \
+    find . -exec touch -hcd "@0" "{}" +
 
 FROM scratch as compare
 COPY --from=build1 /rootfs/ /a