[
https://issues.apache.org/jira/browse/MNG-6276?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16195717#comment-16195717
]
Hervé Boutemy commented on MNG-6276:
------------------------------------
thank you [~Zlika] for the followup: let's continue
we need to find a property name that everybody will agree upon: "reproducible"
does not gain momentum yet, nor "idempotent", nor "deterministic"
Re-reading https://reproducible-builds.org/, which seems a good starting point,
what about {{verifiable}}?
To me, finding an agreed property name is the only requirement to fix
MSHARED-661, which one of the easiest part to code, then a good concrete first
change to do.
To me, finding the right term is not just a detail, but a question of
determining the right objective: looking at MSHARED-661, by removing
timestamps, the build can be deterministic and idempotent on my personal
machine, but our requirement is also that _someone else_ with a "decently near"
configuration will get the bit-for-bit same result (then removing username
avoids some stupid constraints on build environment configuration)
A general question: is there some writing somewhere on what are the issues in a
basic java build? (by "basic" I mean that no advanced build tool like Maven and
plugins adds more variable parts)
The first strong issue I see for example in basic builds is _timestamps for
files in jars/wars/zips_
Is there something on the precise JDK version used? or compiler? If I build
with JDK 8 with target 6, do I get the same .class than with JDK 6? If I build
with OpenJDK or IBM JDK or Eclipse compiler or jikes, do I get the same result
as with Oracle JDK?
Notice I just added a new entry in
https://cwiki.apache.org/confluence/display/MAVEN/Proposals to track this
proposal: I'll add a dedicated Wiki page to gather requirements, which will
probably be useful on a long term documentation purpose in addition to our
discussion in this Jira issue...
> Support reproducible builds
> ---------------------------
>
> Key: MNG-6276
> URL: https://issues.apache.org/jira/browse/MNG-6276
> Project: Maven
> Issue Type: New Feature
> Components: core, General
> Reporter: Paolo Sacconier
>
> A venerable build system like maven should support full build reproducibilty
> (i.e. producing bit a bit identical binaries from the same source).
> As initiatives like https://reproducible-builds.org gain traction and the
> news of the recent Debian policy change to mandate this build behavior (see
> https://reproducible.alioth.debian.org/blog/posts/121/), this seems a feature
> that needs to be considered for inclusion into maven core & core plugins.
> There is an independent ongoing effort to support this feature and the author
> stated that he has found interest from maven project to integrate his work:
> https://github.com/Zlika/reproducible-build-maven-plugin/issues/6#issuecomment-325005883
> I hope this issue helps kickstart the effort.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
