New submission from Hans-Christoph Steiner <h...@eds.org>:
It is now standard for Java JARs and Android APKs (both ZIP files) to zero out lots of the fields in the ZIP header. For example: * each file entry has the date set to zero * the create_system is always set to zero on all platforms zipfile currently cannot create such ZIPs because of two small restrictions that it introduced: * must use a tuple of 6 values to set the date * forced create_system value based on sys.platform == 'win32' * maybe other fields? I lump these together because it might make sense to handle this with a single argument, something like zero_header=True. The use case is for working with ZIP, JAR, APK, AAR files for reproducible builds. The whole build system for F-Droid is built in Python. We need to be able to copy the JAR/APK signatures in order to reproduce signed builds using only the source code and the signature files themselves. Right now, that's not possible because building a ZIP with Python's zipfile cannot zero out the ZIP header like other tools can, including Java. ---------- components: IO, Library (Lib) messages: 389040 nosy: eighthave priority: normal severity: normal status: open title: support ZIP files with zeroed out fields (e.g. for reproducible builds) versions: Python 3.10, Python 3.6, Python 3.7, Python 3.8, Python 3.9 _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue43547> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
