You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2022/06/09 16:16:19 UTC
[tomcat] branch 9.0.x updated: Back port automation and reproducibility improvements
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new a7056ad972 Back port automation and reproducibility improvements
a7056ad972 is described below
commit a7056ad97216fcd967b0cb16f8fa5fe2ca194912
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Thu Jun 9 17:08:18 2022 +0100
Back port automation and reproducibility improvements
---
BUILDING.txt | 27 ++++++++++++
build.properties.default | 9 +---
build.xml | 101 ++++++++++++++++++++++++++++++++++++++++++++-
res/maven/README.txt | 12 +++---
res/maven/mvn-pub.xml | 1 +
webapps/docs/changelog.xml | 11 +++++
6 files changed, 145 insertions(+), 16 deletions(-)
diff --git a/BUILDING.txt b/BUILDING.txt
index 4c1bfd2625..6e660f1141 100644
--- a/BUILDING.txt
+++ b/BUILDING.txt
@@ -301,8 +301,35 @@ You can build them by using the following commands:
4. Build the release:
+ Apache Tomcat releases are fully reproducible.
+
+ Release managers producing release builds must follow the following
+ procedure:
+
cd ${tomcat.source}
+ ant pre-release
+ ant release
+ git commit -a -m "Tag <version-number>"
+ git tag <vesion-number>
+ git push origin <version-number>
ant release
+ git reset --hard HEAD~1
+
+ The output from either 'ant release' call may be uploaded as the official
+ release since they will be identical. It is recommended that the output from
+ the second call is used.
+
+ Anyone wishing to reproduce an official build must do so from an official
+ source release. The build tool chain defined in build.properties.release
+ must be used to reproduce an official build. Once unpacked to
+ ${tomcat.source}, the following steps must be followed
+
+ cd ${tomcat.source}
+ ant release
+
+ Following the same steps without using the defined build tool chain will
+ create a release that is functionally the same as an official release but
+ not bit for bit identical.
(7) Tests
diff --git a/build.properties.default b/build.properties.default
index 5e531e3318..6a35f32c9d 100644
--- a/build.properties.default
+++ b/build.properties.default
@@ -33,17 +33,12 @@ version.major=9
version.minor=0
version.build=65
version.patch=0
-version.suffix=-dev
+version.suffix=
+version.dev=-dev
# ----- Build tools -----
ant.version.required=1.10.2
-# ----- Reproducible builds -----
-# Uncomment and set to current time for reproducible builds
-# Note: The value is in seconds (unlike milliseconds used by System.currentTimeMillis()).
-#2022-03-31T12:00:00Z
-#ant.tstamp.now=1648728000
-
# ----- Build control flags -----
compile.debug=true
# Do not pass -deprecation (-Xlint:deprecation) flag to javac
diff --git a/build.xml b/build.xml
index 6fdc88cab4..3edd814c61 100644
--- a/build.xml
+++ b/build.xml
@@ -34,6 +34,7 @@
<!-- property values you may customize. -->
<property file="${user.home}/build.properties"/>
<property file="build.properties"/>
+ <property file="build.properties.release"/>
<property file="build.properties.default"/>
<!-- Check Ant Version -->
@@ -48,7 +49,7 @@
<!-- Version numbers -->
<!-- Keep in sync with webapps/docs/tomcat-docs.xsl -->
- <property name="version" value="${version.major}.${version.minor}.${version.build}${version.suffix}" />
+ <property name="version" value="${version.major}.${version.minor}.${version.build}${version.suffix}${version.dev}" />
<property name="version.number" value="${version.major}.${version.minor}.${version.build}.${version.patch}" />
<property name="version.major.minor" value="${version.major}.${version.minor}" />
@@ -248,6 +249,7 @@
<format property="today-iso-8601" pattern="yyyy-MM-dd" locale="en" timezone="UTC"/>
<format property="tstamp" pattern="HH:mm:ss" locale="en" timezone="UTC"/>
<format property="tstamp.file" pattern="yyyy-MM-dd HH:mm:ss"/>
+ <format property="tstamp.iso.release" pattern="yyyy-MM-dd'T'HH:mm:ssX" timezone="UTC"/>
</tstamp>
<filterset id="version.filters">
<filter token="YEAR" value="${year}"/>
@@ -311,6 +313,7 @@
<include name="**/*.project"/>
<include name="**/*.properties"/>
<include name="**/*.properties.default"/>
+ <include name="**/*.properties.release"/>
<include name="**/*.shtml"/>
<include name="**/*.svg"/>
<include name="**/*.tag"/>
@@ -1501,7 +1504,8 @@
<echo message="Building Tomcat JDBC pool libraries"/>
<ant antfile="${tomcat.jdbc.dir}/build.xml" dir="${tomcat.jdbc.dir}"
inheritAll="false" target="build">
- <property name="ant.tstamp.now" value ="${ant.tstamp.now}" />
+ <property name="ant.tstamp.now.iso" value ="${ant.tstamp.now.iso}" />
+ <property name="tstamp.file" value ="${tstamp.file}" />
<property name="tomcat.pool" value="${tomcat.pool}" />
<property name="tomcat.juli.jar" value="${tomcat-juli.jar}" />
<property name="skip.download" value="set"/>
@@ -2570,6 +2574,99 @@ skip.installer property in build.properties" />
<hashAndSign file="${tomcat.release}/v${version}/bin/${final.name}.exe" />
</target>
+ <target name="-pre-release-lone-target-check">
+ <fail message="The pre-release target must be called all on its own. Specifically, you must run 'ant release' /after/ 'and pre-release' in order to properly configure the build.">
+ <condition>
+ <not>
+ <equals arg1="${ant.project.invoked-targets}" arg2="pre-release" />
+ </not>
+ </condition>
+ </fail>
+ </target>
+
+ <target name="-pre-release-read-asf-username" unless="release.asfusername">
+ <input message="Enter ASF username" addproperty="release.asfusername" defaultValue="${user.name}" />
+ </target>
+
+ <target name="pre-release" depends="-pre-release-lone-target-check, -pre-release-read-asf-username"
+ description="Prepares for a release build by writing build.properties.release which contains information about the release-build environment.">
+ <echo file="build.properties.release"># -----------------------------------------------------------------------------
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# -----------------------------------------------------------------------------
+
+# This file was auto-generated by the pre-release Ant target
+
+# Set the version-dev to "" (empty string) as this is not a development release.
+version.dev=
+
+# Ensure consistent timestamps for reproducible builds
+ant.tstamp.now.iso=${tstamp.iso.release}
+
+# Reproducible builds require the use of the build tools defined below. The
+# vendors (where appropriate) and versions must match exactly for a reproducible
+# build since this data is embedded in various files, particularly JAR file
+# manifests, as part of the build process
+#
+# Apache Ant: ${ant.version}
+#
+# Java Name: ${java.vm.name}
+# Java Vendor: ${java.vm.vendor}
+# Java Version: ${java.vm.version}
+
+# The following is provided for information only. Builds will be repeatable
+# whether or not the build ennvironment in consistent with this information
+#
+# OS: ${os.arch} ${os.name} ${os.version}
+# File encoding: ${file.encoding}
+#
+# Release Manager: ${release.asfusername}
+</echo>
+ <echo file="res/maven/mvn.properties.release"># -----------------------------------------------------------------------------
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# -----------------------------------------------------------------------------
+
+# This file was auto-generated by the pre-release Ant target
+
+# Remove version-dev to from the version since this is not a development release.
+maven.asf.release.deploy.version=${version.major}.${version.minor}.${version.build}${version.suffix}
+
+# Re-use the same GPG executable
+gpg.exec=${gpg.exec}
+
+# Set the user name to use to upload the artefacts to Nexus
+asf.ldap.username=${release.asfusername}
+</echo>
+ <replace file="webapps/docs/changelog.xml"
+ token="rtext="in development""
+ value="rtext=""" />
+ </target>
+
<target name="release"
depends="clean,release-init,dist-deployer,installer-sign,package-zip,package-winzip,package-tgz,package-deployer-zip,package-deployer-tgz,javadoc,package-docs-tgz,package-src-zip,package-src-tgz,package-src-jar"
description="Create a Tomcat packaged distribution">
diff --git a/res/maven/README.txt b/res/maven/README.txt
index 3ddd2a0bdb..4152c0e3a7 100644
--- a/res/maven/README.txt
+++ b/res/maven/README.txt
@@ -16,13 +16,11 @@
================================================================================
General preparations before any publishing:
-1 - Generate a standard Tomcat release (ant release)
-2 - cd res/maven
-3 - Copy mvn.properties.default to mvn.properties and adjust it as necessary.
- You will need to set asf.ldap.username and you'll probably need to set
- gpg.exec; triple-check maven.asf.release.deploy.version
- The other properties should be OK. Note: you will be prompted for your
- GPG pass-phrase and LDAP password when the script runs.
+1 - Generate a standard Tomcat release.
+ This will generate a mvn.properties.release file as part of the tag. It
+ should include the property settings required to complete the release.
+2 - Should any of the properties need to be overridden, create a
+ mvn.properties and override as necessary.
To publish a snapshot do the following:
1 - ant -f mvn-pub.xml deploy-snapshot
diff --git a/res/maven/mvn-pub.xml b/res/maven/mvn-pub.xml
index 06bbdce579..1bf4932808 100644
--- a/res/maven/mvn-pub.xml
+++ b/res/maven/mvn-pub.xml
@@ -21,6 +21,7 @@
xmlns:unless="ant:unless">
<property file="${basedir}/mvn.properties"/>
+ <property file="${basedir}/mvn.properties.release"/>
<property file="${basedir}/mvn.properties.default"/>
<property name="local.repo" value="${user.home}/.m2/repository"/>
<property name="aether.checksums.algorithms" value="MD5,SHA-1,SHA-256,SHA-512"/>
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 2330a18756..411f7cbc37 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -134,6 +134,17 @@
The minimum Ant version required to build Tomcat 9.0.x is now 1.10.2.
(markt)
</update>
+ <add>
+ Add additional automation to the build process to reduce the number of
+ manual steps that release managers must perform. (schultz)
+ </add>
+ <add>
+ Implement support for reproducible builds. Reproducible builds are
+ independent of operating system but require the same Ant version and
+ same JDK (vendor and version) to be used as associated version
+ information is embedded in a number of build outputs such as JAR file
+ manifests. (markt)
+ </add>
</changelog>
</subsection>
</section>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org