search

rails / sprockets

Rack-based asset packaging system
MIT License
947 stars 788 forks source link

Fix .sprockets-manifest and gzip reproducibility issues #761

Closed ryantm closed 2 years ago

ryantm commented 2 years ago

When building Rails assets with Nix, I found they are almost completely reproducible save the manifest file, and the gzipped files. This commit fixes those issues. For more information about why it is good for a build to be reproducible see:

https://reproducible-builds.org/

Here are the reproducibility issues and how they were fixed:

  1. .sprckets-manifest contained the time when the assets were generated. Instead use timestamp 1.
  2. gzip encoded the file mtime in the archive, which is not reproducible. Instead use timestamp 1.
  3. .sprockets-manifest generating a random path for this file is not reproducible. Instead use the file's data to generate a digest.

Fixes #707

ryantm commented 2 years ago

I'm closing this in favor of separate PRs for each fix.