Skip to content

feat: add support for reproducible builds #165

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

feat: add support for reproducible builds #165

wants to merge 2 commits into from

Conversation

@inglor
Copy link

@inglor inglor commented Apr 7, 2023

Motivation

Add support for reproducible builds

What

  • Remove the timestamps from manifest
  • Remove timestamp from and archives
  • Package in same order on archives

Why

Reproducible builds website explains this well.

How

See What. Inspiration from gradle docs

Verification Steps

  1. Execute gradle jar
  2. Rename jar into something different
  3. Execute gradle jar again
  4. Md5sum the two produced files, it should have the same hash.

Checklist:

  • Code has been tested locally by PR requester
  • Changes have been successfully verified by another team member

Progress

  • Finished task

Additional Notes

inglor added 2 commits April 7, 2023 15:07
@inglor
feat: add support for reproducible builds
e6b091f 
As per gradle [docs] add support to remove timestamps and package with same order
which is required from [reproducible] builds

[docs]: https://docs.gradle.org/current/userguide/working_with_files.html#sec:archives
[reproducible]: https://reproducible-builds.org/

Signed-off-by: Leonidas Spyropoulos <[email protected]>
@inglor
feat: remove variable fields from manifest
6cb0c19 
Including the gradle,jdk versions along with kernel versiona dn JDK
might be variable in different systems and affects the hash of each jar.

Signed-off-by: Leonidas Spyropoulos <[email protected]>
@alexted
Copy link

alexted commented Nov 7, 2024

@inglor Is this PR still relevant?

@inglor
Copy link
Author

inglor commented Nov 7, 2024

Yes.

@alexted
Copy link

alexted commented May 4, 2025

@pb82 сould you pay attention to this pr?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@inglor @alexted