Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

make build reproducible #96

Closed
wants to merge 1 commit into from
Closed

make build reproducible #96

wants to merge 1 commit into from

Conversation

hboutemy
Copy link

see https://maven.apache.org/guides/mini/guide-reproducible-builds.html
this will permit to add the next release to https://github.com/jvm-repo-rebuild/reproducible-central

once eclipse-ee4j/ee4j#71 is merged and parent upgraded, the project.build.outputTimestamp will be updated automatically during release

@kwsutter
Copy link
Contributor

Hi @hboutemy. Can you please explain what problem is being resolved with this PR? And, the related eclipse-ee4j/ee4j#71? Thanks.

@hboutemy
Copy link
Author

hboutemy commented Feb 18, 2021
edited

@kwsutter sure

Objective
implement Reproducible Builds https://reproducible-builds.org/

How
High level view is to apply Maven mini-guide https://maven.apache.org/guides/mini/guide-reproducible-builds.html

  1. use newer plugins versions that support Reproducible Builds (here Maven Jar and Source plugins),
  2. activate Reproducible Builds mode of these plugins (by defining the timestamp value that will be used for archive entries)
    In addition, I removed useDefaultManifestFile parameter because it is deprecated https://maven.apache.org/plugins/maven-jar-plugin/jar-mojo.html

On future new releases of your projects that did such a config, Reproducible Central will try to rebuild and check that the reference "official" build result can be effectively reproduced bit for bit, proving that the objective is attained = binaries that everybody downloads can also be rebuilt from sources; there is no hidden trick between source and binaries

For Jakarta EE reference binaries, I think this is something that has even more value than any other projects
And it can help promote the practice, because Reproducible Builds is not sufficiently well known, and the fact that it is proved feasible and not so hard to do...
I you agree, I'll help on updating every piece of Jakarta EE in the future

@lprimak
Copy link
Contributor

lprimak commented May 16, 2023

@kwsutter @starksm64 This definitely has value and needs to be merged.

@hboutemy
make build reproducible
f28c078 
Signed-off-by: Hervé Boutemy <hboutemy@apache.org>
@hboutemy
Copy link
Author

PR rebased to ease merge

@lprimak
Copy link
Contributor

lprimak commented Nov 17, 2023

@ivargrimstad Is there anything precluding this from being merged?
Now that the APIs are just POM files, this should be trivial.

thank you!

@ivargrimstad
Copy link
Member

I don't think this PR is necessary any longer as it is fixed by the parent pom.

@lprimak
Copy link
Contributor

lprimak commented Nov 27, 2023

Can we go ahead and close it then?

@ivargrimstad
Copy link
Member

Fixed by Parent pom

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@hboutemy @kwsutter @lprimak @ivargrimstad