From 2c19b5c809ba3126ae1c87084e270ef427e06631 Mon Sep 17 00:00:00 2001
From: morguldir <morguldir@protonmail.com>
Date: Mon, 15 Apr 2024 16:55:28 +0200
Subject: [PATCH] Set the time of the HEAD commit as the OCI created field

Apparently it uses `date -Iseconds` to parse, so we can use @ with a timestamp

Also it doesn't parse `created` in buildImage, only buildLayeredImage

Signed-off-by: morguldir <morguldir@protonmail.com>
---
 flake.nix | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/flake.nix b/flake.nix
index 46efdc4d..7b100a10 100644
--- a/flake.nix
+++ b/flake.nix
@@ -194,10 +194,12 @@
       };
 
       mkOciImage = pkgs: package: allocator:
-        pkgs.dockerTools.buildImage {
+        pkgs.dockerTools.buildLayeredImage {
           name = package.pname;
           tag = "main";
-          copyToRoot = [
+          # Debian makes builds reproducible through using the HEAD commit's date
+          created = "@${toString self.lastModified}";
+          contents = [
             pkgs.dockerTools.caCertificates
           ];
           config = {