Package: strip-nondeterminism Version: 0.031-1 Zip archives may contain Unix metadata about its member files, including ownership, mode, and so forth.
strip-nondeterminism fails to correct for ownership, allowing for archives to be created and maintained with basically arbitrary and unpredictable UIDs/GIDs, normally the UIDs/GIDs of the user the archive is being created under. Example run (starting out with an empty directory): chungy@turanga:sn$ fakeroot root@turanga:sn# mkdir 1 2 root@turanga:sn# touch {1,2}/{root,user} root@turanga:sn# chown 1000:1001 1/user && chown 1001:1002 2/user root@turanga:sn# chmod 700 1/root 2/root root@turanga:sn# zip -qj 1.zip 1/root 1/user && zip -qj 2.zip 2/user 2/root root@turanga:sn# bsdtar -tvf 1.zip -rwx------ 0 0 0 0 Mar 22 03:44 root -rw-r--r-- 0 1000 1001 0 Mar 22 03:44 user root@turanga:sn# bsdtar -tvf 2.zip -rw-r--r-- 0 1001 1002 0 Mar 22 03:44 user -rwx------ 0 0 0 0 Mar 22 03:44 root root@turanga:sn# strip-nondeterminism ?.zip root@turanga:sn# bsdtar -tvf 1.zip -rwxr-xr-x 0 0 0 0 Mar 22 03:44 root -rw-r--r-- 0 1000 1001 0 Mar 22 03:44 user root@turanga:sn# bsdtar -tvf 2.zip -rwxr-xr-x 0 0 0 0 Mar 22 03:44 root -rw-r--r-- 0 1001 1002 0 Mar 22 03:44 user What I expect to see, and believe should happen, is all UIDs and GIDs in the zip archive become 0, owned by root. _______________________________________________ Reproducible-builds mailing list Reproducible-builds@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reproducible-builds