By default, dracut operates with both --hardlink and --reproducible enabled. However, the former can break the latter and cause non-reproducible builds.

Specifically, some dracut modules, e.g. 95iscsi from dracut-network, generate multiple identical files dynamically. These files have very slightly different mtimes, and hardlink deduplicates based on mtime match amongst other things. Therefore, whether or not they get deduplicated depends on whether their mtimes cross a second boundary, since hardlink only has one-second granularity. This results in non-reproducible output - sometimes they get deduplicated, sometimes they don't.

I have raised an upstream PR with a proposed fix: https://github.com/dracut-ng/dracut-ng/pull/1429