diff --git a/scripts/package-cli b/scripts/package-cli
index fbdc3463e69..cd1d4fb8d26 100755
--- a/scripts/package-cli
+++ b/scripts/package-cli
@@ -54,7 +54,8 @@ mkdir -p ./etc
     set -x
 )
 
-tar cvf ./build/out/data-${OS}.tar ./bin ./etc
+# Ensure the embedded tarball is reproducible: sort file order and clamp timestamps
+tar --sort=name --mtime=@0 -cvf ./build/out/data-${OS}.tar ./bin ./etc
 zstd --no-progress -T0 -16 -f --long=25 --rm ./build/out/data-${OS}.tar -o ./build/out/data-${OS}.tar.zst
 HASH=$(sha256sum ./build/out/data-${OS}.tar.zst | awk '{print $1}')