CPack: create 'stable' archives
When creating Archive with CPack the generated checksum packages will differ from one build to another. I have been using .zip, assuming to be similar with other formats.
At least the the following issues occur:
- The timestamp may be updated if the files are touched. Workaround: Set env var SOURCE_DATE_EPOCH to set the time stamps. (This is undocumented, included in 3.18 !4842 (merged).)
- Files may be stored in different order. No workaround. A solution could be to sort the files, see below.
- UID/GID may be set in the archive (?) No workaround other than forcing uid in Docker etc?
Would a patch like below be accepted?
diff --git a/Source/CPack/cmCPackGenerator.cxx b/Source/CPack/cmCPackGenerator.cxx
index 7ddb1039df..f1d1856530 100644
--- a/Source/CPack/cmCPackGenerator.cxx
+++ b/Source/CPack/cmCPackGenerator.cxx
@@ -1103,6 +1103,9 @@ int cmCPackGenerator::DoPackage()
// The files to be installed
this->files = gl.GetFiles();
+ // Add files in a reproducible order
+ std::sort(this->files.begin(), this->files.end());
+
this->packageFileNames.clear();
/* Put at least one file name into the list of
* wanted packageFileNames. The specific generator