drupol/0001-reproducibility-patch.patch

## 0001-reproducibility-patch.patch
From b91328c0cce43b0e9fe9b1841953813f04bfa88d Mon Sep 17 00:00:00 2001
From: Pol Dellaiera <pol.dellaiera@protonmail.com>
Date: Thu, 15 Feb 2024 12:02:02 +0100
Subject: [PATCH] reproducibility patch

---
 box.json.dist  | 9 ++++++---
 scoper.inc.php | 1 +
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/box.json.dist b/box.json.dist
index b62be74..1bd403a 100644
--- a/box.json.dist
+++ b/box.json.dist
@@ -1,6 +1,8 @@
 {
     "$schema": "res/schema.json",

+    "alias": "box-project",
+
     "banner": [
         "This file is part of the box project.",
         "",
@@ -10,7 +12,7 @@
         "This source file is subject to the MIT license that is bundled",
         "with this source code in the file LICENSE."
     ],
-
+    "check-requirements": false,
     "files": [
         "res/schema.json"
     ],
@@ -19,11 +21,12 @@
     ],
     "directories-bin": ["res/requirement-checker"],

-    "compression": "GZ",
+    "compression": "NONE",
     "compactors": [
         "KevinGH\\Box\\Compactor\\Php",
         "KevinGH\\Box\\Compactor\\PhpScoper",
         "KevinGH\\Box\\Compactor\\Json"
     ],
-    "datetime": "release-date"
+    "datetime": "1970-01-01",
+    "timestamp": "1970-01-01"
 }
diff --git a/scoper.inc.php b/scoper.inc.php
index c3fdc2d..9bd3762 100644
--- a/scoper.inc.php
+++ b/scoper.inc.php
@@ -22,6 +22,7 @@ $jetBrainStubsPatcher = (require __DIR__.'/vendor/humbug/php-scoper/res/create-s
 );

 return [
+    'prefix' => 'BoxProject',
     'exclude-files' => $jetBrainStubs,
     'exclude-classes' => [
         IsolatedFinder::class,
--
2.43.0


## check-reproducible-phar.sh
#!/usr/bin/env bash
set -e

rm -rf diffoscope box
git clone https://github.com/box-project/box.git
cd box
git apply ../0001-reproducibility-patch.patch

mkdir -p diffoscope

echo "Checking the reproducibility of the Composer 'vendor' directory..."
# Making sure vendor dir is reproducible, yes by default since Composer 2.6.4
composer i --quiet
echo "Checksum of the vendor dir: $(tar --owner=0 --group=0 --numeric-owner --sort=name --mtime='1970-01-01 00:00:00Z' -c vendor | sha256sum)"
rm -rf vendor
composer i --quiet
echo "Checksum of the vendor dir: $(tar --owner=0 --group=0 --numeric-owner --sort=name --mtime='1970-01-01 00:00:00Z' -c vendor | sha256sum)"
rm -rf vendor

# First build
echo "Compiling the first build..."
composer i --quiet
bin/box compile --quiet
echo "Checksum of the first build: $(sha256sum bin/box.phar)"
php -r '$phar = new Phar("bin/box.phar"); $phar->extractTo("./diffoscope/box-1");'
rm -rf vendor bin/box.phar

# Second build
echo "Compiling the second build..."
composer i --quiet
bin/box compile --quiet
echo "Checksum of the second build: $(sha256sum bin/box.phar)"
php -r '$phar = new Phar("bin/box.phar"); $phar->extractTo("./diffoscope/box-2");'
rm -rf vendor bin/box.phar

# Build comparison
echo "Running diffoscope..."
cd diffoscope
diffoscope box-1 box-2 --exclude-directory-metadata recursive
	From b91328c0cce43b0e9fe9b1841953813f04bfa88d Mon Sep 17 00:00:00 2001
	From: Pol Dellaiera <pol.dellaiera@protonmail.com>
	Date: Thu, 15 Feb 2024 12:02:02 +0100
	Subject: [PATCH] reproducibility patch

	---
	box.json.dist \| 9 ++++++---
	scoper.inc.php \| 1 +
	2 files changed, 7 insertions(+), 3 deletions(-)

	diff --git a/box.json.dist b/box.json.dist
	index b62be74..1bd403a 100644
	--- a/box.json.dist
	+++ b/box.json.dist
	@@ -1,6 +1,8 @@
	{
	"$schema": "res/schema.json",

	+ "alias": "box-project",
	+
	"banner": [
	"This file is part of the box project.",
	"",
	@@ -10,7 +12,7 @@
	"This source file is subject to the MIT license that is bundled",
	"with this source code in the file LICENSE."
	],
	-
	+ "check-requirements": false,
	"files": [
	"res/schema.json"
	],
	@@ -19,11 +21,12 @@
	],
	"directories-bin": ["res/requirement-checker"],

	- "compression": "GZ",
	+ "compression": "NONE",
	"compactors": [
	"KevinGH\\Box\\Compactor\\Php",
	"KevinGH\\Box\\Compactor\\PhpScoper",
	"KevinGH\\Box\\Compactor\\Json"
	],
	- "datetime": "release-date"
	+ "datetime": "1970-01-01",
	+ "timestamp": "1970-01-01"
	}
	diff --git a/scoper.inc.php b/scoper.inc.php
	index c3fdc2d..9bd3762 100644
	--- a/scoper.inc.php
	+++ b/scoper.inc.php
	@@ -22,6 +22,7 @@ $jetBrainStubsPatcher = (require __DIR__.'/vendor/humbug/php-scoper/res/create-s
	);

	return [
	+ 'prefix' => 'BoxProject',
	'exclude-files' => $jetBrainStubs,
	'exclude-classes' => [
	IsolatedFinder::class,
	--
	2.43.0
	#!/usr/bin/env bash
	set -e

	rm -rf diffoscope box
	git clone https://github.com/box-project/box.git
	cd box
	git apply ../0001-reproducibility-patch.patch

	mkdir -p diffoscope

	echo "Checking the reproducibility of the Composer 'vendor' directory..."
	# Making sure vendor dir is reproducible, yes by default since Composer 2.6.4
	composer i --quiet
	echo "Checksum of the vendor dir: $(tar --owner=0 --group=0 --numeric-owner --sort=name --mtime='1970-01-01 00:00:00Z' -c vendor \| sha256sum)"
	rm -rf vendor
	composer i --quiet
	echo "Checksum of the vendor dir: $(tar --owner=0 --group=0 --numeric-owner --sort=name --mtime='1970-01-01 00:00:00Z' -c vendor \| sha256sum)"
	rm -rf vendor

	# First build
	echo "Compiling the first build..."
	composer i --quiet
	bin/box compile --quiet
	echo "Checksum of the first build: $(sha256sum bin/box.phar)"
	php -r '$phar = new Phar("bin/box.phar"); $phar->extractTo("./diffoscope/box-1");'
	rm -rf vendor bin/box.phar

	# Second build
	echo "Compiling the second build..."
	composer i --quiet
	bin/box compile --quiet
	echo "Checksum of the second build: $(sha256sum bin/box.phar)"
	php -r '$phar = new Phar("bin/box.phar"); $phar->extractTo("./diffoscope/box-2");'
	rm -rf vendor bin/box.phar

	# Build comparison
	echo "Running diffoscope..."
	cd diffoscope
	diffoscope box-1 box-2 --exclude-directory-metadata recursive