Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: add support for reproducible builds #165

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

feat: add support for reproducible builds #165

wants to merge 2 commits into from

Conversation

inglor
Copy link

@inglor inglor commented Apr 7, 2023

Motivation

Add support for reproducible builds

What

  • Remove the timestamps from manifest
  • Remove timestamp from and archives
  • Package in same order on archives

Why

Reproducible builds website explains this well.

How

See What. Inspiration from gradle docs

Verification Steps

  1. Execute gradle jar
  2. Rename jar into something different
  3. Execute gradle jar again
  4. Md5sum the two produced files, it should have the same hash.

Checklist:

  • Code has been tested locally by PR requester
  • Changes have been successfully verified by another team member

Progress

  • Finished task

Additional Notes

@inglor
feat: add support for reproducible builds
e6b091f 
As per gradle [docs] add support to remove timestamps and package with same order
which is required from [reproducible] builds

[docs]: https://docs.gradle.org/current/userguide/working_with_files.html#sec:archives
[reproducible]: https://reproducible-builds.org/

Signed-off-by: Leonidas Spyropoulos <artafinde@archlinux.org>
@inglor
feat: remove variable fields from manifest
6cb0c19 
Including the gradle,jdk versions along with kernel versiona dn JDK
might be variable in different systems and affects the hash of each jar.

Signed-off-by: Leonidas Spyropoulos <artafinde@archlinux.org>
@alexted
Copy link

alexted commented Jul 15, 2024

@pb82 could you pay attention to this enhancement?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@inglor @alexted