[Git][reproducible-builds/reproducible-website][master] 3 commits: Correct section about PAX headers.

Chris Lamb (@lamby) gitlab at salsa.debian.org
Thu Apr 16 21:26:47 UTC 2026 


Chris Lamb pushed to branch master at Reproducible Builds / reproducible-website


Commits:
dab45176 by Manuel Jacob at 2026-04-16T14:26:43-07:00
Correct section about PAX headers.

The pax format is not the default on all distributions. E.g. openSUSE defaults to the POSIX 1003.1-2001 (pax) format, while Debian, Ubuntu, Fedora and Arch Linux default to the GNU format.

The "ctime" and "atime" headers are added if the pax format is set [1], regardless of the POSIXLY_CORRECT environment variable. Therefore, unsetting POSIXLY_CORRECT is not sufficient for reproducibility.

I think it does not really make sense to suggest to unset POSIXLY_CORRECT. If it’s set and the pax format is used, the current GNU tar version makes two changes: the tar PID is included by default in the file extended header names and global extended header name. The former is overwritten by the suggested `--pax-option` (which is anyway necessary for reproducibility with the pax format). The latter is only output in specific circumstances, such as adding tar file comments. The previous text didn’t mention that and I think that should be kept.

[1] https://cgit.git.savannah.gnu.org/cgit/tar.git/tree/src/create.c?id=d479b2cc9160d9c2fb61afbc9ee70c2faadf80db#n868

- - - - -
d7c77206 by Manuel Jacob at 2026-04-16T14:26:43-07:00
Add note about tar file portability.

I found the link when doing research for the previous patch. Adding `--pax-option=exthdr.name=%d/PaxHeaders/%f,delete=atime,delete=ctime` automatically sets the pax format, which is less portable than the ustar or GNU formats, so adding this note might be a good idea despite the page being about reproducibility.

- - - - -
50909f64 by Manuel Jacob at 2026-04-16T14:26:43-07:00
Remove information about deterministic archives in historical Fedora versions.

Deterministic archives were enabled in the binutils package in Fedora 22 and Fedora 23, but this was reverted [1] for Fedora 24.

Given that these Fedora versions are about 10 years old, I think it’s not worth it to preserve the now historical information.

[1] https://src.fedoraproject.org/rpms/binutils/c/fe17c525e4894ff9257608944606932c40f386dc

- - - - -


1 changed file:

- _docs/archives.md


Changes:

=====================================
_docs/archives.md
=====================================
@@ -104,11 +104,10 @@ $ tar --owner=0 --group=0 --numeric-owner -cf product.tar build
 PAX headers
 -----------
 
-GNU tar defaults to the pax format and if `POSIXLY_CORRECT` is set, that adds files' ctime, atime and the PID of the tar process as non-deterministic metadata.
+If GNU tar outputs the pax format (which is the default on some distributions), it adds files' ctime and atime. If, in addition, `POSIXLY_CORRECT` is set, it adds the PID of the tar process.
 
-To avoid this, either `unset POSIXLY_CORRECT` (only works with [tar>1.32](https://git.savannah.gnu.org/cgit/tar.git/commit/?id=ef0f882382f6)) or add to the tar call
-`--pax-option=exthdr.name=%d/PaxHeaders/%f,delete=atime,delete=ctime` or `--format=gnu` (both only available in GNU tar)
-or use `--format=ustar` if the limitations in that format are not a problem.
+To avoid this, add to the tar call `--pax-option=exthdr.name=%d/PaxHeaders/%f,delete=atime,delete=ctime` or `--format=gnu` (both only available in GNU tar),
+or use `--format=ustar` if the limitations in that format are not a problem. Use the latter if possible and [portability](https://mgorny.pl/articles/portability-of-tar-features.html) is a concern.
 
 File permissions
 ----------------
@@ -197,7 +196,7 @@ or `objcopy`:
 
 The above does not fix [file ordering]({{ "/docs/stable-inputs/" | relative_url }}).
 
-[^distros-with-default]: Debian since [version 2.25-6](https://tracker.debian.org/news/675691)/stretch, Ubuntu since version 2.25-8ubuntu1/artful 17.10. It is the default for Fedora 22 and Fedora 23, but it seems this will be [reverted in Fedora 24](https://bugzilla.redhat.com/show_bug.cgi?id=1195883).
+[^distros-with-default]: Debian since [version 2.25-6](https://tracker.debian.org/news/675691)/stretch, Ubuntu since version 2.25-8ubuntu1/artful 17.10.
 
 Initramfs images
 ----------------



View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-website/-/compare/ad39bd0638a16c2e75213a52224e616cbee68aa0...50909f6450f5117dedf3fc8319002ba603c2649d

-- 
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-website/-/compare/ad39bd0638a16c2e75213a52224e616cbee68aa0...50909f6450f5117dedf3fc8319002ba603c2649d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.reproducible-builds.org/pipermail/rb-commits/attachments/20260416/ed384286/attachment.htm>

More information about the rb-commits mailing list