Expand repro documentation and ensure fixed timezome

Expand the repro documentation with missing bits:

- The Dockerfile needs to be regenerated with the correct group for title annotation to ensure reproducibility.
- The CI_COMMIT_SHA of the original pipeline needs to be honored in the Dockerfile.

Also, set the timezome to UTC in Makefile and scripts to ensure consistency in the generated dates / timestamps (e.g. ARCHIVE_SNAPSHOT / SOURCE_DATE_EPOCH), regardless of the timezone of the environment. Otherwise, someone rebuilding the image locally can unexpectedly end up with a different value for those if the system uses a different timezome.

Makefile

@@ -1,7 +1,10 @@
+# Fixed TZ to ensure consistency
+export TZ := UTC
+
 OCITOOL=podman # or docker
 BUILDDIR=$(shell pwd)/build
 OUTPUTDIR=$(shell pwd)/output
-ARCHIVE_SNAPSHOT=$(shell date -d "-1 day" +"%Y/%m/%d")
+ARCHIVE_SNAPSHOT=$(shell date -u -d "-1 day" +"%Y/%m/%d")
 SOURCE_DATE_EPOCH=$(shell date -u -d "00:00:00" +"%s")
 
 .PHONY: clean

REPRO.md

@@ -56,7 +56,7 @@ export BUILD_VERSION="20260331.0.508794"
 the image against. This is based on the date included in the image's `BUILD_VERSION`:
 
 ```bash
-export ARCHIVE_SNAPSHOT=$(date -d "${BUILD_VERSION%%.*} -1 day" +"%Y/%m/%d")
+export ARCHIVE_SNAPSHOT=$(date -u -d "${BUILD_VERSION%%.*} -1 day" +"%Y/%m/%d")
 ```
 
 * `SOURCE_DATE_EPOCH`: The value to normalize timestamps with during the build.
@@ -66,7 +66,14 @@ This is based on the date included in the image's `BUILD_VERSION`:
 export SOURCE_DATE_EPOCH=$(date -u -d "${BUILD_VERSION%%.*} 00:00:00" +"%s")
 ```
 
-Then clone the [archlinux-docker](https://gitlab.archlinux.org/archlinux/archlinux-docker)
+Then pull the original image you're aiming to reproduce and set its revision value in your environment (needed to correctly set the revision annotation in the Dockerfile):
+
+```bash
+podman pull docker.io/archlinux/archlinux:repro-$BUILD_VERSION
+export CI_COMMIT_SHA=$(podman inspect --format '{{ index .Config.Labels "org.opencontainers.image.revision" }}' archlinux/archlinux:repro-$BUILD_VERSION)
+```
+
+Finally, clone the [archlinux-docker](https://gitlab.archlinux.org/archlinux/archlinux-docker)
 repository and move into it:
 
 ```bash
@@ -86,6 +93,8 @@ make \
     ARCHIVE_SNAPSHOT="$ARCHIVE_SNAPSHOT" \
     SOURCE_DATE_EPOCH="$SOURCE_DATE_EPOCH" \
     $PWD/output/Dockerfile.repro
+
+scripts/make-dockerfile.sh repro.tar.zst repro output/ "true" "repro" "$SOURCE_DATE_EPOCH"
 ```
 
 The following resulting artifacts will be located in `$PWD/output`:
@@ -135,13 +144,7 @@ The built image will be accessible in your local podman container storage under
 
 ## Check the image reproducibility
 
-Pull the image you're aiming to reproduce from Docker Hub:
-
-```bash
-podman pull docker.io/archlinux/archlinux:repro-$BUILD_VERSION
-```
-
-Compare the digest of the image pulled from Docker Hub to the digest of the image you built
+Compare the digest of the original image pulled from Docker Hub to the digest of the image you built
 locally:
 
 ```bash

scripts/make-dockerfile.sh

@@ -2,6 +2,9 @@
 
 set -euo pipefail
 
+# Fixed TZ to ensure consistency
+export TZ=UTC
+
 declare -r ROOTFS_FILE="$1"
 declare -r GROUP="$2"
 declare -r OUTPUTDIR="$3"

scripts/make-rootfs.sh

@@ -2,6 +2,9 @@
 
 set -euo pipefail
 
+# Fixed TZ to ensure consistency
+export TZ=UTC
+
 declare -r WRAPPER="fakechroot -- fakeroot"
 
 declare -r GROUP="$1"