Hi Jeremiah,
I impatiently added the SOURCE_DATE_EPOCH to the version of make-live that we use to build PureOS images. It seems to have made a difference
[…]
The leads me to believe that I need to ensure that SOURCE_DATE_EPOCH is being seen when the squashfs file system is written
This is somewhat of non-sequitur to my ears — if it made any difference it surely is being seen in the "last mile" and thus relevant build context? (Regardless, sprinkling in a few debug statements makes sense just as a reassurance so I would go ahead and do this anyway.)
After that I think the next step, or even a step to take anyway, is to run strip-nondeterminism over the resulting ISOs[1.]
Alas, we would part ways here in that I would be against running this. I doubt that would have the desired effect and nor would be a clean and sustainable route going forward.
To elaborate, strip-nondeterminism is not a clairvoyant magic wand for cleaning stuff up, it's more of a surgical strike against quite- specific problems that are currently out-of-scope for me to fix in upstream toolchains right now. That is to say, in an ideal world the tool would be deprecated and removed. Give us time. :)
Just glancing at the diff in order that you can get another "go" at this before the start of the weekend: my gut feel is that we are building with versions of tools that do not have various patches designed to make various outputs reproducible. (Just as use one relevant example, I have made patches to mksquashfs and casper that may not be present in the versions you are using.)
This may (or may not…) be in addition to the aforementioned SOURCE_DATE_EPOCH not being present in the right contexts....
Best wishes,