Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

extension-maven-plugin does not support reproducible builds #38364

Closed
yurloc opened this issue Jan 24, 2024 · 6 comments · Fixed by #38365
Closed

extension-maven-plugin does not support reproducible builds #38364

yurloc opened this issue Jan 24, 2024 · 6 comments · Fixed by #38365
Labels
area/maven kind/bug Something isn't working
Milestone
3.7.1

Comments

@yurloc
Copy link
Contributor

yurloc commented Jan 24, 2024

Describe the bug

We need to make OptaPlanner builds reproducible. OptaPlanner has a few Quarkus extension modules that are built using the Quarkus extension-maven-plugin. This plugin produces several properties that contain timestamps. This goes against the requirement for the JARs to be identical bit by bit.

The binary and the sources JAR artifacts of the optaplanner-quarkus extension are affected:

[INFO] --- maven-artifact-plugin:3.5.1-SNAPSHOT:compare (default-cli) @ optaplanner-quarkus ---
[WARNING] SCM source tag in buildinfo source.scm.tag=HEAD does not permit rebuilders reproducible source checkout
[INFO] Reference buildinfo file not found: it will be generated from downloaded reference artifacts
[INFO] Reference build java.version: 18 (from MANIFEST.MF Build-Jdk-Spec)
[INFO] Reference build os.name: Unix (from pom.properties newline)
[INFO] Minimal buildinfo generated from downloaded artifacts: /var/home/jlocker/src/github.com/kiegroup/optaplanner/optaplanner-quarkus-integration/optaplanner-quarkus/runtime/target/reference/optaplanner-quarkus-999-SNAPSHOT.buildinfo
[ERROR] size mismatch optaplanner-quarkus-999-SNAPSHOT.jar: investigate with diffoscope optaplanner-quarkus-integration/optaplanner-quarkus/runtime/target/reference/org.optaplanner/optaplanner-quarkus-999-SNAPSHOT.jar optaplanner-quarkus-integration/optaplanner-quarkus/runtime/target/optaplanner-quarkus-999-SNAPSHOT.jar
[ERROR] size mismatch optaplanner-quarkus-999-SNAPSHOT-sources.jar: investigate with diffoscope optaplanner-quarkus-integration/optaplanner-quarkus/runtime/target/reference/org.optaplanner/optaplanner-quarkus-999-SNAPSHOT-sources.jar optaplanner-quarkus-integration/optaplanner-quarkus/runtime/target/optaplanner-quarkus-999-SNAPSHOT-sources.jar
[ERROR] Reproducible Build output summary: 2 files ok, 2 different
[ERROR] see diff optaplanner-quarkus-integration/optaplanner-quarkus/runtime/target/reference/optaplanner-quarkus-999-SNAPSHOT.buildinfo optaplanner-quarkus-integration/optaplanner-quarkus/runtime/target/optaplanner-quarkus-999-SNAPSHOT.buildinfo
[ERROR] see also https://maven.apache.org/guides/mini/guide-reproducible-builds.html
[INFO] Reproducible Build output comparison saved to /var/home/jlocker/src/github.com/kiegroup/optaplanner/optaplanner-quarkus-integration/optaplanner-quarkus/runtime/target/optaplanner-quarkus-999-SNAPSHOT.buildcompare
[INFO] Aggregate buildcompare copied to /var/home/jlocker/src/github.com/kiegroup/optaplanner/target/optaplanner-parent-999-SNAPSHOT.buildcompare

When I extract the archives and run a diff, I can see the timestamp difference in quarkus-extension.properties and quarkus-javadoc.properties files inside the binary JAR:

diff -r reference/META-INF/quarkus-extension.properties current/META-INF/quarkus-extension.properties
2c2
< #Tue Jan 23 12:24:21 CET 2024
---
> #Tue Jan 23 12:39:19 CET 2024
diff -r reference/META-INF/quarkus-javadoc.properties current/META-INF/quarkus-javadoc.properties
2c2
< #Tue Jan 23 12:24:21 CET 2024
---
> #Tue Jan 23 12:39:19 CET 2024

and also some .jdp properties files inside the sources JAR:

diff -r reference/org/optaplanner/quarkus/config/OptaPlannerRuntimeConfig.jdp current/org/optaplanner/quarkus/config/OptaPlannerRuntimeConfig.jdp
2c2
< #Tue Jan 23 12:24:21 CET 2024
---
> #Tue Jan 23 12:39:19 CET 2024
diff -r reference/org/optaplanner/quarkus/config/SolverManagerRuntimeConfig.jdp current/org/optaplanner/quarkus/config/SolverManagerRuntimeConfig.jdp
2c2
< #Tue Jan 23 12:24:21 CET 2024
---
> #Tue Jan 23 12:39:19 CET 2024
diff -r reference/org/optaplanner/quarkus/config/SolverRuntimeConfig.jdp current/org/optaplanner/quarkus/config/SolverRuntimeConfig.jdp
2c2
< #Tue Jan 23 12:24:21 CET 2024
---
> #Tue Jan 23 12:39:19 CET 2024
diff -r reference/org/optaplanner/quarkus/config/TerminationRuntimeConfig.jdp current/org/optaplanner/quarkus/config/TerminationRuntimeConfig.jdp
2c2
< #Tue Jan 23 12:24:21 CET 2024
---
> #Tue Jan 23 12:39:19 CET 2024

I haven't found where the .jdp and -javadoc.properties files come from, but the quarkus-extension.properties file is produce by extension-maven-plugin here:

quarkus/independent-projects/extension-maven-plugin/src/main/java/io/quarkus/maven/ExtensionDescriptorMojo.java

Line 393 in b7159fc

props.store(writer, "Generated by extension-descriptor");

Expected behavior

In order to support reproducible builds of user Quarkus extensions, the extension-maven-plugin should avoid storing timestamps in any of the three types of properties files:

  • META-INF/quarkus-extension.properties,
  • META-INF/quarkus-javadoc.properties,
  • and com/example/myproject/MyExtensionConfig.jdp.

Actual behavior

Timestamps are present in the properties files mentioned above.

How to Reproduce?

I can prepare a minimal reproducer (a toy Quarkus extension project) upon request.

Output of uname -a or ver

No response

Output of java -version

No response

Quarkus version or git rev

No response

Build tool (ie. output of mvnw --version or gradlew --version)

No response

Additional information

See https://reproducible-builds.org/ why reproducible builds are important and why it is a good idea to support them in any kind of open-source project, including Quarkus extensions.
@yurloc yurloc added the kind/bug Something isn't working label Jan 24, 2024
@quarkus-bot
Copy link

quarkus-bot bot commented Jan 24, 2024

/cc @quarkusio/devtools (maven)

@yurloc yurloc mentioned this issue Jan 24, 2024
Closed
@maxandersen
Copy link
Contributor

+1 on removing timestamp in outputs wherever we can but I'm afraid this won't be enough afaik.

See #676 of the remaining issues I think you will bump into.

Some of these might already be fixed and if someone contributes PRs to improve the situation we definitely are very open to get this improved.

Cc @mariofusco

@aloubyansky aloubyansky mentioned this issue Jan 24, 2024
Merged
@aloubyansky
Copy link
Member

#38365 fixes the extension metadata but not the jdp issue, which should be a separate issue.

@quarkus-bot quarkus-bot bot added this to the 3.9 - main milestone Jan 24, 2024
@yurloc
Copy link
Contributor Author

yurloc commented Jan 24, 2024

Thanks, @aloubyansky quarkus-extension.properties is now without a timestamp. I'm going to file a separate issue for jdp files and quarkus-javadoc.properties (after a bit more investigation because at this moment I don't know who the culprit is).

@aloubyansky
Copy link
Member

The javadoc one is fixed as well

@yurloc
Copy link
Contributor Author

yurloc commented Jan 24, 2024
edited

The javadoc one is fixed as well

My bad. I only rebuilt the extension plugin when verifying the fix and forgot to rebuild the core as well.

@gsmet gsmet modified the milestones: 3.9 - main, 3.7.1 Jan 26, 2024
@yurloc yurloc mentioned this issue Jan 26, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/maven kind/bug Something isn't working
Projects
None yet
Milestone
3.7.1
Development

Successfully merging a pull request may close this issue.

Make sure extension metadata properties are not including timestamps aloubyansky/quarkus
4 participants
@maxandersen @aloubyansky @yurloc @gsmet