In BootZipCopyAction and AbstractJarWriter SHA1 hash is calculated for stored entries requiring unpack and set as entry comment:
archiveEntry.setComment("UNPACK:" + FileUtils.sha1Hash(details.getFile()));
However the hash isn't used anywhere, just the marker prefix UNPACK: is checked.
Dug through history and first introduction of UNPACK: + hash seems to have been in https://github.com/spring-projects/spring-boot/commit/f30b962ff9327d3264d519853992aff972cdbe5a
At that point the hash was extracted and used for the filename:
AsciiBytes hash = data.getComment().substring(UNPACK_MARKER.length());
...
File file = new File(getTempUnpackFolder(), hash.toString() + "-" + name);
But then later in https://github.com/spring-projects/spring-boot/commit/7e718cda265b85ad6337a0aa711906c7e1097e34 this got removed from output filename:
- AsciiBytes hash = data.getComment().substring(UNPACK_MARKER.length());
- File file = new File(getTempUnpackFolder(), hash.toString() + "-" + name);
+ File file = new File(getTempUnpackFolder(), name);
So now the hash is still being calculated and set for the entry but I don't see it being used anywhere.
Could it just be left as UNPACK: without any hash?
The hashing reads the file completely in memory due to usage of DigestInputStream.readAllBytes() so in the extreme case the file is fully read 3 times: once by CrcAndSize calculation, once for the sha1 hash and once for actual copying to the ZipArchiveOutputStream