muuki88
commented
2 months ago This is awesome! Thanks a lot @stevedlawrence and thanks for your patience on this. Will try to release this ASAP
Closed stevedlawrence closed 2 months ago
muuki88
commented
2 months ago This is awesome! Thanks a lot @stevedlawrence and thanks for your patience on this. Will try to release this ASAP
We currently use the ZipArchiveEntry(File, String) constructor when creating a zip file entry for Universal/packageBin. This constructor reads mtime, atime, and ctime from the File and adds them to the 5455 extended header in the zip file. When we call setTime on the entry, it only changes the mtime field--the atime and ctime are the same values from the file and are likely to be different across builds and break reproducibility.
To fix this, we use the ZipArchiveEntry(String) constructor which does not read any file metadata, and only uses information we directly provided to it. We now provie the source epoch via setLastModifiedTime since that continues to use the 5455 extended header but only for mtime. We also ensure directories have a trailing slash in the entry name, since that was previously done by the other constructor.
With this change, when using SOURCE_DATE_EPOCH, zip files created with Universal/packageBin are now byte-for-byte exactly the same.