Build postprocessor to reset metadata fields for build reproducibility

This crate provides a binary add-determinism that one or more paths, and will recursively process those paths, attempting to run the handlers on any files with extensions that match.

For each processed file, a temporary file is opened, the contents are rewritten, the modification timestamp is copied from the original file to the temporary copy, and the copy is renamed over the original.

If processing fails, a warning is emitted, but no modifications are made and the program returns success.

Processors

ar

Accepts *.a.

Resets the embedded modification times to $SOURCE_DATE_EPOCH and owner:group to 0:0.

jar

Accepts *.jar.

This rewrites the zip file using the zip create. The modification times of archive entries is clamped $SOURCE_DATE_EPOCH. Extra metadata, i.e. primarily timestamps in UNIX format and DOS permissions, are stripped (also because the crate does not support them).

javadoc

Accepts *.html.

This looks at the <head> portion of an HTML file and finds standard lines inserted by Javadoc that specify the file creation date. For example, <!-- Generated by javadoc (<version>) on <date> --> is replaced by a version without the version and date, and <meta name="dc.created" content="<date>"> is replaced by a version with $SOURCE_DATE_EPOCH.

pyc

Accepts *.pyc.

Uses the MarshalParser Python module to clean up the internal Python object serialization in cache files.

Notes

This project is inspired by strip-nondeterminism, but is written from scratch in Rust. For Debian, build tools are written in Perl and more Perl is not an issue. But in Fedora/RHEL/…, tools are written in Bash, Python, or compiled, and we don't want to pull in Perl into all buildroots.