You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@maven.apache.org by "Michael Osipov (JIRA)" <ji...@apache.org> on 2016/05/21 23:13:12 UTC

[jira] [Commented] (MSHARED-505) Add element to to allow for reproducible builds

    [ https://issues.apache.org/jira/browse/MSHARED-505?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15295300#comment-15295300 ] 

Michael Osipov commented on MSHARED-505:
----------------------------------------

How does your usecase for this look like? I think this is feasible in Plexus Archiver. Though, I good test coverage would be necessary.

> Add <timestamp> element to <archive> to allow for reproducible builds
> ---------------------------------------------------------------------
>
>                 Key: MSHARED-505
>                 URL: https://issues.apache.org/jira/browse/MSHARED-505
>             Project: Maven Shared Components
>          Issue Type: Improvement
>          Components: maven-archiver
>    Affects Versions: maven-archiver-3.0.0
>            Reporter: Andreas Sewe
>
> At the moment, running {{mvn clean install}} on just about any project twice produces different JARs, as the files’ timestamps within the archive differ.
> It would be great if the {{<archive>}} element would allow for a {{<timestamp>}} element to force a timestamp for all files within the archive.
> This would allow uses like {{<timestamp>{$env.SOURCE_DATE_EPOCH}</timestamp>}} (see https://reproducible-builds.org/specs/source-date-epoch/). Or one could populate this using a property set by another plugin (the {{buildnumber-maven-plugin}} comes to mind, although its {{build-metadata}} goal ATM just gives the current time, not the time when the commit was made. Probably worth another request for improvement. ;-))
> AFAICT, this improvement ultimately requires a change to {{AbstractZipArchiver.zipFile}} from Plexus, but I've filed it with {{maven-archiver}}, as that's the surface visible component.
> Anyway, if this is a change that is of interest to others, I would be willing to provide patches to both {{maven-archiver}} and the appropriate plexus component.
> FWIW, This is just one step towards reproducible builds. There's also MSHARED-494.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)