[wp-meta] [Making WordPress.org] #7667: core release process: Verify ZIP recreation is intended
Making WordPress.org
noreply at wordpress.org
Mon Dec 9 04:18:51 UTC 2024
#7667: core release process: Verify ZIP recreation is intended
-----------------------------+---------------------
Reporter: dd32 | Owner: (none)
Type: task (blessed) | Status: closed
Priority: normal | Milestone:
Component: Version Control | Resolution: fixed
Keywords: |
-----------------------------+---------------------
Comment (by dd32):
Syncing a comment from me on https://github.com/roots/wordpress-no-
content/issues/7#issuecomment-2526852529 over here:
>> If the ZIPs were regenerated with the exact same content inside, why is
the hash different?
>
> For some history on this; neither ZIP nor TAR are deterministic
compression formats. Although they can be forced to be.
> - SVN export sets the file timestamps to the last-commit date, but
directories are created with the current timestamp.
> - ZIPs store modification dates, including of directories (see above).
> - ZIPs store additional metadata about the file, which are not needed
and could be excluded.
> - TARs `gnu` format can change between versions of TAR, although usually
doesn't.
> - TARs include additional Metadata about the files, such as the UserID /
GroupID / UserName / GroupName of the creator, and Access+Creation in
addition to Modification timestamps.
> - TARs when compressed with gzip via `-z` include the Tar ProcessID and
current timestamp in the GZIP Checksums.
>
> Changes to the packaging UI should reduce any potential accidental
rebuilds, and I've applied some changes to the packaging scripts to force
the `.zip` and `.tar.gz`'s to be more expected as above.
--
Ticket URL: <https://meta.trac.wordpress.org/ticket/7667#comment:5>
Making WordPress.org <https://meta.trac.wordpress.org/>
Making WordPress.org
More information about the wp-meta
mailing list