From bbfd39631ff92fa8a6aeca3032fad86a7ea2d5cf Mon Sep 17 00:00:00 2001
From: Robert Stupp <snazy@snazy.de>
Date: Wed, 15 Oct 2025 12:55:21 +0200
Subject: [PATCH] Reproducible builds: ensure unix permissions are reproducible

Zip and tar files contain the unix file/directory permissions for the included zip/tar entries. The "default" values for those can differ depending on the platform those are built on. This change ensures `755` for directories and owner/group/other=read+write for files. The "executable" bit isn't forcefully set in case the archived file _is_ an executable.
---
 .../src/main/kotlin/polaris-reproducible.gradle.kts   | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/build-logic/src/main/kotlin/polaris-reproducible.gradle.kts b/build-logic/src/main/kotlin/polaris-reproducible.gradle.kts
index 3b087f780c..036c482f46 100644
--- a/build-logic/src/main/kotlin/polaris-reproducible.gradle.kts
+++ b/build-logic/src/main/kotlin/polaris-reproducible.gradle.kts
@@ -22,4 +22,15 @@
 tasks.withType<AbstractArchiveTask>().configureEach {
   isPreserveFileTimestamps = false
   isReproducibleFileOrder = true
+
+  dirPermissions { unix("755") }
+  filePermissions {
+    // do not force the "execute" bit in case the file _is_ executable
+    user.read = true
+    user.write = true
+    group.read = true
+    group.write = false
+    other.read = true
+    other.write = false
+  }
 }