Daniel Edgecumbe · Bernhard M. Wiedemann · Holger Levsen · Holger Levsen · c75dd6bb
--- a/_docs/archives.md
+++ b/_docs/archives.md
@@ -106,6 +106,15 @@ record 0 as values:
 $ tar --owner=0 --group=0 --numeric-owner -cf product.tar build
 {% endhighlight %}

+PAX headers
+-----------
+
+GNU tar defaults to the pax format and if `POSIXLY_CORRECT` is set, that adds files' ctime, atime and the PID of the tar process as non-deterministic metadata.
+
+To avoid this, either `unset POSIXLY_CORRECT` (only works with [tar>1.32](https://git.savannah.gnu.org/cgit/tar.git/commit/?id=ef0f882382f6)) or add to the tar call
+`--pax-option=exthdr.name=%d/PaxHeaders/%f,delete=atime,delete=ctime` or `--format=gnu` (both only available in GNU tar)
+or use `--format=ustar` if the limitations in that format are not a problem.
+
 Full example
 ------------

@@ -117,6 +126,7 @@ The recommended way to create a Tar archive is thus:
 $ tar --sort=name \
      --mtime="@${SOURCE_DATE_EPOCH}" \
      --owner=0 --group=0 --numeric-owner \
+      --pax-option=exthdr.name=%d/PaxHeaders/%f,delete=atime,delete=ctime \
      -cf product.tar build
 {% endhighlight %}
 </div>
@@ -166,3 +176,28 @@ or `objcopy`:
 The above does not fix [file ordering]({{ "/docs/stable-inputs/" | prepend: site.baseurl }}).

 [^distros-with-default]: Debian since [version 2.25-6](https://tracker.debian.org/news/675691)/stretch, Ubuntu since version 2.25-8ubuntu1/artful 17.10. It is the default for Fedora 22 and Fedora 23, but it seems this will be [reverted in Fedora 24](https://bugzilla.redhat.com/show_bug.cgi?id=1195883).
+
+Initramfs images
+----------------
+
+*cpio* archives are commonly used for initramfs images. The *cpio* header
+format (see `man 5 cpio`) can contain device and inode numbers, which whilst
+deterministic, can vary from system to system.
+
+One way to filter these is by piping through bsdtar.
+
+Example of non-deterministic code:
+```
+echo ucode.bin |
+    bsdcpio -o -H newc -R 0:0 > ucode.img
+```
+
+Example of deterministic code:
+```
+echo ucode.bin |
+    bsdtar --uid 0 --gid 0 -cnf - -T - |
+    bsdtar --null -cf - --format=newc @- > ucode.img
+```
+
+Note that other issues such as timestamps may still require rectification prior
+to archival.