From 4420d42422ac6a7994e3f897a3e54693a6db0194 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
Date: Mon, 31 Mar 2025 10:49:10 +0200
Subject: [PATCH] nixos: make squashfs reproducible

---
 nixos/lib/make-squashfs.nix                     | 3 ++-
 pkgs/build-support/portable-service/default.nix | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/nixos/lib/make-squashfs.nix b/nixos/lib/make-squashfs.nix
index 98c75286a7a7..49c926760106 100644
--- a/nixos/lib/make-squashfs.nix
+++ b/nixos/lib/make-squashfs.nix
@@ -55,7 +55,8 @@ stdenv.mkDerivation {
     + ''
 
       # Generate the squashfs image.
-      mksquashfs nix-path-registration $(cat $closureInfo/store-paths) $imgPath ${pseudoFilesArgs} \
+      # We have to set SOURCE_DATE_EPOCH to 0 here for reproducibility (https://github.com/NixOS/nixpkgs/issues/390696)
+      SOURCE_DATE_EPOCH=0 mksquashfs nix-path-registration $(cat $closureInfo/store-paths) $imgPath ${pseudoFilesArgs} \
         -no-hardlinks ${lib.optionalString noStrip "-no-strip"} -keep-as-directory -all-root -b 1048576 ${compFlag} \
         -processors $NIX_BUILD_CORES -root-mode 0755
     ''
diff --git a/pkgs/build-support/portable-service/default.nix b/pkgs/build-support/portable-service/default.nix
index 7fd592df3b31..ea45249d5bbc 100644
--- a/pkgs/build-support/portable-service/default.nix
+++ b/pkgs/build-support/portable-service/default.nix
@@ -107,7 +107,8 @@ stdenv.mkDerivation {
 
     mkdir -p $out
     # the '.raw' suffix is mandatory by the portable service spec
-    mksquashfs nix ${rootFsScaffold}/* $out/"${pname}_${version}.raw" \
+    # We have to set SOURCE_DATE_EPOCH to 0 here for reproducibility (https://github.com/NixOS/nixpkgs/issues/390696)
+    SOURCE_DATE_EPOCH=0 mksquashfs nix ${rootFsScaffold}/* $out/"${pname}_${version}.raw" \
       -quiet -noappend \
       -exit-on-error \
       -keep-as-directory \