From 3ac39b6137853cf135d997623ff25ef034dcfc6d Mon Sep 17 00:00:00 2001
From: Hidde Beydals <hello@hidde.co>
Date: Fri, 30 Jul 2021 15:56:54 +0200
Subject: [PATCH] storage: strip env specific data during archive

This ensures the checksum is predictable, and not influenced by e.g.
different runtime configuration settings, or FS specific data.

Signed-off-by: Hidde Beydals <hello@hidde.co>
---
 controllers/storage.go | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/controllers/storage.go b/controllers/storage.go
index 143b0414..139e999c 100644
--- a/controllers/storage.go
+++ b/controllers/storage.go
@@ -161,7 +161,8 @@ func SourceIgnoreFilter(ps []gitignore.Pattern, domain []string) ArchiveFileFilt
 }
 
 // Archive atomically archives the given directory as a tarball to the given v1beta1.Artifact path, excluding
-// directories and any ArchiveFileFilter matches.
+// directories and any ArchiveFileFilter matches. While archiving, any environment specific data (for example,
+// the user and group name) is stripped from file headers.
 // If successful, it sets the checksum and last update time on the artifact.
 func (s *Storage) Archive(artifact *sourcev1.Artifact, dir string, filter ArchiveFileFilter) (err error) {
 	if f, err := os.Stat(dir); os.IsNotExist(err) || !f.IsDir() {
@@ -216,6 +217,16 @@ func (s *Storage) Archive(artifact *sourcev1.Artifact, dir string, filter Archiv
 		}
 		header.Name = relFilePath
 
+		// We want to remove any environment specific data as well, this
+		// ensures the checksum is purely content based.
+		header.Gid = 0
+		header.Uid = 0
+		header.Uname = ""
+		header.Gname = ""
+		header.ModTime = time.Time{}
+		header.AccessTime = time.Time{}
+		header.ChangeTime = time.Time{}
+
 		if err := tw.WriteHeader(header); err != nil {
 			return err
 		}