#973845 cmake: tar subcommand has no way to disable storing uid/gid in PKZIP format archive

Package:
cmake
Source:
cmake
Description:
cross-platform, open-source make system
Submitter:
Thorsten Glaser
Date:
2020-11-12 21:06:05 UTC
Severity:
wishlist
Tags:
#973845#5
Date:
2020-11-05 22:20:50 UTC
From:
To:
Package: cmake
Version: 3.18.4-1
Severity: wishlist
Tags: upstream
User: reproducible-builds@lists.alioth.debian.org
Usertags: toolchain, username
X-Debbugs-Cc: reproducible-bugs@lists.alioth.debian.org

The musescore3 source package uses the following construct…

    COMMAND "${CMAKE_COMMAND}" -E tar cf "${PATH_OUT_ABS}" --format=zip -- ${FILES_IN}

… to create PKZIP-format archives at build time. The cmake-
builtin “tar” command has options to clamp(? set?) the mtime,
but not to prevent inclusion of the uid/gid into the archive,
producing the following diffoscope output:

··The·central-directory·extra·field·contains:					··The·central-directory·extra·field·contains:
··-·A·subfield·with·ID·0x5455·(universal·time)·and·13·data·bytes.		··-·A·subfield·with·ID·0x5455·(universal·time)·and·13·data·bytes.
····The·local·extra·field·has·UTC/GMT·modification/access/creation·times.	····The·local·extra·field·has·UTC/GMT·modification/access/creation·times.
··-·A·subfield·with·ID·0x7875·(Unix·UID/GID·(any·size))·and·11·data·bytes:	··-·A·subfield·with·ID·0x7875·(Unix·UID/GID·(any·size))·and·11·data·bytes:
····01·04·57·04·00·00·04·57·04·00·00.						····01·04·ae·08·00·00·04·ae·08·00·00.

Basically, the UID changed from 0x0457 to 0x08AE (AFAICT).

Now “zip” from info-zip has the following option:

     -X   Do not save extra file attributes (Extended Attributes
          on OS/2, uid/gid and file times on Unix).

This functionality would be useful to have here, for reproducible
builds. (We also must be able to detect it, so building with older
cmake versions doesn’t fail.) Then I can ask upstream to include
it. (Changing the build to use info-zip is not an option, as upstream
also builds on commercial OSes; extra dependencies are unwanted.)

bye,
//mirabilos