jar files contain aspects that vary when they are created. This prevents build to be reproducible and capture an uninteresting details.
timestamps with a time resolution of 2 seconds
a "magic byte" marker added by JarOutputStream but not ZipOutputStream
- the files are listed the order that they were added
Known affected Java packages, known affected Mozilla extensions
Detection
zipinfo -lv displays the detailed metadata of the content of the archive, suitable for this work. Careful with unzip -l, it does not display the seconds in the timestamps even though the zip format stores them.
Work-around
This is taken care by strip-nondeterminism.
Solution
Java jar
None yet.
mozilla-devscripts
Patch has been applied in mozilla-devscripts.
References
http://imperceptiblethoughts.com/post/70592053189/reproducible-multi-project-gradle-builds-part-2
A thread from 2008 on a Fedora mailing list seems to be on point; they suggest a patch to the zipnote command which allows timestamps to be updated in zip files without unpacking. AFAICT, this now five-year-old patch hasn't made it into upstream Infozip, let alone Debian.