Building identical gems

February 22, 2013 Mark Rushakoff

We ran into a problem where we were running `gem build` on identical input files and the built gems had different checksums; that is to say, if you run `gem build` twice in a row, the resulting `foobar.gem` files will not be identical.

A .gem file is actually a tar file (not compressed) containing two gzipped files (manifest.gz and data.tar.gz). What’s happening, as far as we can tell, is that gzipping a file embeds a timestamp somewhere in the file — here’s a gist of a Bash session that demonstrates just this idea:

Apparently gzip on its own can exclude the timestamp, but that option doesn’t seem to be exposed through tar.

So how do you build identical gems from the same input? As far as we could discover, that is not supported through any `gem` commands. To normalize a gem, you would have to untar the .gem file and then decompress the files inside; then you can do a full comparison of those contents against another .gem file that went through the same process.

About the Author


method_missing hazardous to your module?
method_missing hazardous to your module?

We built an(other) object factory module for our current project and it looks a lot like all the others: A...

Too much magic for Ken
Too much magic for Ken

Helps Lobot needs YOU The Lobot project is recruiting team members. Mostly that means that when scheduling ...

SpringOne 2022

Register Now