mergeServiceFiles() breaks reproducible builds

[bfg]

Shadow Version

4.0.0

Gradle Version

4.10.2

Expected Behavior

sha256 checksum of built artifact should stay the same across builds.

Actual Behavior

sha256 checksum of built artifacts differs across builds. This is because service files created by mergeServiceFiles() have different timestamps. Plugin should manually set modification time on created files to some fixed timestamp.

Proof:

--- a.txt       2018-09-27 19:33:52.256247721 +0200
+++ b.txt       2018-09-27 19:33:58.268226509 +0200
@@ -5593,12 +5593,12 @@
 -rw-r--r-- 1 bfg bfg    174 feb  1  1980 ./META-INF/NOTICE
 -rw-r--r-- 1 bfg bfg    316 feb  1  1980 ./META-INF/NOTICE.txt
 -rw-r--r-- 1 bfg bfg      0 feb  1  1980 ./META-INF/service
--rw-r--r-- 1 bfg bfg     88 sep 27 19:30 ./META-INF/services/com.fasterxml.jackson.core.JsonFactory
--rw-r--r-- 1 bfg bfg     43 sep 27 19:30 ./META-INF/services/com.fasterxml.jackson.core.ObjectCodec
--rw-r--r-- 1 bfg bfg    224 sep 27 19:30 ./META-INF/services/com.github.tsc4j.cli.CliCommand
--rw-r--r-- 1 bfg bfg    343 sep 27 19:30 ./META-INF/services/com.github.tsc4j.core.Tsc4jLoader
--rw-r--r-- 1 bfg bfg     65 sep 27 19:30 ./META-INF/services/javax.servlet.ServletContainerInitializer
--rw-r--r-- 1 bfg bfg    249 sep 27 19:30 ./META-INF/services/org.apache.commons.logging.LogFactory
+-rw-r--r-- 1 bfg bfg     88 sep 27 19:31 ./META-INF/services/com.fasterxml.jackson.core.JsonFactory
+-rw-r--r-- 1 bfg bfg     43 sep 27 19:31 ./META-INF/services/com.fasterxml.jackson.core.ObjectCodec
+-rw-r--r-- 1 bfg bfg    224 sep 27 19:31 ./META-INF/services/com.github.tsc4j.cli.CliCommand
+-rw-r--r-- 1 bfg bfg    343 sep 27 19:31 ./META-INF/services/com.github.tsc4j.core.Tsc4jLoader
+-rw-r--r-- 1 bfg bfg     65 sep 27 19:31 ./META-INF/services/javax.servlet.ServletContainerInitializer
+-rw-r--r-- 1 bfg bfg    249 sep 27 19:31 ./META-INF/services/org.apache.commons.logging.LogFactory
 -rw-r--r-- 1 bfg bfg  15293 feb  1  1980 ./mime.types
 -rw-r--r-- 1 bfg bfg 201713 feb  1  1980 ./mozilla/public-suffix-list.txt
 -rw-r--r-- 1 bfg bfg   8094 feb  1  1980 ./org/apache/commons/codec/binary/Base32.class

Actual file contents of all files is equal across builds 👍.

In addition, documentation for reproducible builds declares misspelled property name preserveFileTimeStamps, it should be preserveFileTimestamps:

shadowJar {
  preserveFileTimestamps = false
}

[johnrengelman]

I just released v4.0.1 with a fix for this please give that a try.

[bfg]

Thanks for swift response!

It works now as expected!

Believe me or not, I've come up with basically the same patch, i was just unable to figure out how to test it properly, that's why i haven't submit PR.

Thanks again!

[tylerbenson]

@johnrengelman Can you please add tags and release notes in github for these newer versions? Thanks!