I have started using the following code to set the mtimes of files written after the build timestamp. It assumes that SOURCE_DATE_EPOCH of packages are never in the future.

# Set to empty to allow custom function below to run
REPRODUCIBLE_TIMESTAMP_ROOTFS ?= ""

# Use DATETIME of build as SOURCE_DATE_EPOCH for image
export SOURCE_DATE_EPOCH = "${@int( time.mktime( time.strptime('${DATETIME}', '%Y%m%d%H%M%S') ) ) }"

reproducible_final_image_task () {
    if [ "${BUILD_REPRODUCIBLE_BINARIES}" = "1" ]; then
        if [ "$REPRODUCIBLE_TIMESTAMP_ROOTFS" = "" ]; then
            # Use commit time of tuxzilla root in usual Syntux build
            REPRODUCIBLE_TIMESTAMP_ROOTFS=`git -C "${COREBASE}/../" log -1 --pretty=%ct 2>/dev/null`
            if [ "$REPRODUCIBLE_TIMESTAMP_ROOTFS" = "" ]; then
                REPRODUCIBLE_TIMESTAMP_ROOTFS=`stat -c%Y ${@bb.utils.which(d.getVar("BBPATH"), "conf/bitbake.conf")}`
            fi
        fi
        # Set mtime of all files to a reproducible value
        bbnote "reproducible_final_image_task: mtime set to $REPRODUCIBLE_TIMESTAMP_ROOTFS"
        # Files with mtime after build stamp should be part of rootfs creation
        DAYS_SINCE_BUILD=`python3 -c "import time; print((time.time() - ${SOURCE_DATE_EPOCH}) / 86400)"`
        find ${IMAGE_ROOTFS} -mtime -$DAYS_SINCE_BUILD -exec touch -h --date=@$REPRODUCIBLE_TIMESTAMP_ROOTFS {} \;
    fi
}

On Tue, Dec 1, 2020 at 12:16 PM Ross Burton <ross@burtonini.com> wrote:

On Tue, 1 Dec 2020 at 15:45, Richard Purdie
<richard.purdie@linuxfoundation.org> wrote:
> I'm not convinced this is correct as it could mess up the timestamps of
> stamps set in other recipes?
>
> It's also tar specific and should really be across all image types?

Yes, it most likely should be done at rootfs time instead.

Ross