Reproducible builds #233
Comments
|
Hm, the maven version is kind of pinned by using the checked in maven wrapper. |
|
So the idea with reproducible is that not only is your build reproducible but all tools you use. I too normally use the maven wrapper but when I was looking at other builds on reproducible-central they were not using the wrapper and instead relying on the docker image's ubuntu version of the JDK and I think maven although I'm not entirely sure on that (ie the docker image might build it). The idea being the linux distros are verifying the reproducibility. So you can ask them (https://maven.apache.org/guides/mini/guide-reproducible-builds.html) if Maven wrapper is OK but I just tried to follow what others were doing. Regardless you should use the Maven enforcer fail if any of your requirements for reproduction are not met like TZ, line encoding, Maven version, and JDK version. That is what I meant about pinning. That way someone doesn't say "hey this is not reproducible" when in reality they compiled with the wrong version of something. Does that make since? |
Projects that generate code and run at the time compile stage need to be reproducible.
JTE at the moment is not.
https://maven.apache.org/guides/mini/guide-reproducible-builds.html
I have a PR but besides the above problem I noticed lots of other issues with your Maven setup:
Once you setup reproducible builds register it here: https://github.com/jvm-repo-rebuild/reproducible-central
The text was updated successfully, but these errors were encountered: