Package: strip-nondeterminism
Version: 0.031-1
Zip archives may contain Unix metadata about its member files, including
ownership, mode, and so forth.
strip-nondeterminism fails to correct for ownership, allowing for
archives to be created and maintained with basically arbitrary and
unpredictable UIDs/GIDs, normally the UIDs/GIDs of the user the archive
is being created under. Example run (starting out with an empty
directory):
chungy@turanga:sn$ fakeroot
root@turanga:sn# mkdir 1 2
root@turanga:sn# touch {1,2}/{root,user}
root@turanga:sn# chown 1000:1001 1/user && chown 1001:1002 2/user
root@turanga:sn# chmod 700 1/root 2/root
root@turanga:sn# zip -qj 1.zip 1/root 1/user && zip -qj 2.zip 2/user
2/root
root@turanga:sn# bsdtar -tvf 1.zip
-rwx------ 0 0 0 0 Mar 22 03:44 root
-rw-r--r-- 0 1000 1001 0 Mar 22 03:44 user
root@turanga:sn# bsdtar -tvf 2.zip
-rw-r--r-- 0 1001 1002 0 Mar 22 03:44 user
-rwx------ 0 0 0 0 Mar 22 03:44 root
root@turanga:sn# strip-nondeterminism ?.zip
root@turanga:sn# bsdtar -tvf 1.zip
-rwxr-xr-x 0 0 0 0 Mar 22 03:44 root
-rw-r--r-- 0 1000 1001 0 Mar 22 03:44 user
root@turanga:sn# bsdtar -tvf 2.zip
-rwxr-xr-x 0 0 0 0 Mar 22 03:44 root
-rw-r--r-- 0 1001 1002 0 Mar 22 03:44 user
What I expect to see, and believe should happen, is all UIDs and GIDs in
the zip archive become 0, owned by root.
_______________________________________________
Reproducible-builds mailing list
Reproducible-builds@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reproducible-builds
