[
https://issues.apache.org/jira/browse/MSOURCES-120?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16921017#comment-16921017
]
Plamen Totev commented on MSOURCES-120:
---------------------------------------
I think I found the root cause. In order to set the Zip entry timestamp Plexus
Archiver calls \{{java.util.zip.ZipEntry#setTime}}. If you follow the method
logic you'll see it actually calls {{java.util.zip.ZipUtils#javaToDosTime}}
{code:java}
Instant instant = Instant.ofEpochMilli(time);
LocalDateTime ldt = LocalDateTime.ofInstant(
instant, ZoneId.systemDefault());
{code}
So actually the resulting ZIP archive depends on the build machine time zone.
> Reproducible Builds: make entries in output jar files reproducible (order +
> timestamp)
> --------------------------------------------------------------------------------------
>
> Key: MSOURCES-120
> URL: https://issues.apache.org/jira/browse/MSOURCES-120
> Project: Maven Source Plugin
> Issue Type: New Feature
> Affects Versions: 3.0.1
> Reporter: Hervé Boutemy
> Priority: Major
>
> since a jar file is a zip file, entries order and timestamp are a natural
> source of non Reproducible Builds:
> https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=74682318
--
This message was sent by Atlassian Jira
(v8.3.2#803003)
