diff --git a/linux/build/scripts/build-inner.sh b/linux/build/scripts/build-inner.sh
index bff27fa..7f2497e 100755
--- a/linux/build/scripts/build-inner.sh
+++ b/linux/build/scripts/build-inner.sh
@@ -181,7 +181,22 @@ post_process_for_reproducibility() {
         "${chroot_dir}/etc/nvme/hostnqn" \
         "${chroot_dir}/var/cache/apt/pkgcache.bin" \
         "${chroot_dir}/var/cache/apt/srcpkgcache.bin" \
-        "${chroot_dir}/var/cache/ldconfig/aux-cache"
+        "${chroot_dir}/var/cache/ldconfig/aux-cache" \
+        "${chroot_dir}/var/log/dpkg.log" \
+        "${chroot_dir}/var/log/alternatives.log"
+    # /var/log/apt/* — apt history/term logs, every line stamped with
+    # wall-clock time of the build. Regenerated on first use.
+    sudo --non-interactive rm -f "${chroot_dir}"/var/log/apt/*.log
+    # /var/lib/apt/lists/* — downloaded apt index files. The signed
+    # InRelease for each repo carries the repo's signing timestamp
+    # (FastTrack re-signs every 24h or so; the local kicksecure repo
+    # built by 2100_create-debian-packages stamps with reprepro's
+    # wall-clock time). Regenerated on first `apt-get update`.
+    # Keep `lock` and `partial/` so apt's own metadata structure
+    # survives.
+    sudo --non-interactive find "${chroot_dir}/var/lib/apt/lists" \
+        -mindepth 1 -maxdepth 1 -not -name lock -not -name partial \
+        -exec rm -rf {} + 2>/dev/null || true
     sudo --non-interactive find "${chroot_dir}/var/lib/dkms" \
         -mindepth 1 -type d -name log -prune -exec rm -rf {} + \
         2>/dev/null || true