All binary artifacts should be reproducible

[hboutemy]

Steps to reproduce

see https://github.com/jvm-repo-rebuild/reproducible-central/blob/master/content/org/junit/junit5/README.md

rebuild instructions are in the .buildspec

Context

work done after #3559 fixed most problems: thanks for the great work

Deliverables

• ...

[marcphilipp]

@hboutemy Thanks for the report!

What does it mean if diffoscope prints nothing for the .module files?

[hboutemy]

@marcphilipp I manually redacted the content because it has no interest: module of course says fingerprints are different because junit-platform-commons-1.10.2.jar is different

I don't dump full diffoscope outputs to reproducible central Git repo because it's would be too noisy

[marcphilipp]

.module files are Gradle-specific JSON files so their diff would be interesting and shouldn't be too noisy.

[hboutemy]

their diff would be interesting

redundant with the fact that the jar is different, then of course the fingerprint of the jar

and shouldn't be too noisy

sure, I could have kept that redundant info that does not cost much: you're the first one reviewing apart me, in general I do my choices for myself

Do you want me to rebuild and add the content, so you'll see?
or you can run yourself ./rebuild.sh content/org/junit/junit5/junit5-5.10.2.buildspec followed by the proposed build_difoscope.sh command

[marcphilipp]

@hboutemy I checked your rebuild of 5.11.0-M1 and it seems to have improved.

However, running that locally I got more differences rather than fewer:

$ ./rebuild.sh content/org/junit/junit5/junit5-5.11.0-M1.buildspec
...
           ok=60
           okFiles="junit-bom-5.11.0-M1.module junit-bom-5.11.0-M1.pom junit-jupiter-api-5.11.0-M1-sources.jar junit-jupiter-api-5.11.0-M1.jar junit-jupiter-api-5.11.0-M1.pom junit-jupiter-engine-5.11.0-M1-sources.jar junit-jupiter-engine-5.11.0-M1.jar junit-jupiter-engine-5.11.0-M1.pom junit-jupiter-migrationsupport-5.11.0-M1-sources.jar junit-jupiter-migrationsupport-5.11.0-M1.jar junit-jupiter-migrationsupport-5.11.0-M1.pom junit-jupiter-params-5.11.0-M1-sources.jar junit-jupiter-params-5.11.0-M1.jar junit-jupiter-params-5.11.0-M1.pom junit-jupiter-5.11.0-M1-sources.jar junit-jupiter-5.11.0-M1.jar junit-jupiter-5.11.0-M1.module junit-jupiter-5.11.0-M1.pom junit-platform-commons-1.11.0-M1-sources.jar junit-platform-commons-1.11.0-M1.pom junit-platform-console-standalone-1.11.0-M1-sources.jar junit-platform-console-standalone-1.11.0-M1.jar junit-platform-console-standalone-1.11.0-M1.module junit-platform-console-standalone-1.11.0-M1.pom junit-platform-console-1.11.0-M1-sources.jar junit-platform-console-1.11.0-M1.pom junit-platform-engine-1.11.0-M1-sources.jar junit-platform-engine-1.11.0-M1.jar junit-platform-engine-1.11.0-M1.pom junit-platform-jfr-1.11.0-M1-sources.jar junit-platform-jfr-1.11.0-M1.jar junit-platform-jfr-1.11.0-M1.pom junit-platform-launcher-1.11.0-M1-sources.jar junit-platform-launcher-1.11.0-M1.jar junit-platform-launcher-1.11.0-M1.pom junit-platform-reporting-1.11.0-M1-sources.jar junit-platform-reporting-1.11.0-M1.jar junit-platform-reporting-1.11.0-M1.pom junit-platform-runner-1.11.0-M1-sources.jar junit-platform-runner-1.11.0-M1.jar junit-platform-runner-1.11.0-M1.pom junit-platform-suite-api-1.11.0-M1-sources.jar junit-platform-suite-api-1.11.0-M1.jar junit-platform-suite-api-1.11.0-M1.pom junit-platform-suite-commons-1.11.0-M1-sources.jar junit-platform-suite-commons-1.11.0-M1.jar junit-platform-suite-commons-1.11.0-M1.pom junit-platform-suite-engine-1.11.0-M1-sources.jar junit-platform-suite-engine-1.11.0-M1.jar junit-platform-suite-engine-1.11.0-M1.pom junit-platform-suite-1.11.0-M1-sources.jar junit-platform-suite-1.11.0-M1.jar junit-platform-suite-1.11.0-M1.module junit-platform-suite-1.11.0-M1.pom junit-platform-testkit-1.11.0-M1-sources.jar junit-platform-testkit-1.11.0-M1.jar junit-platform-testkit-1.11.0-M1.pom junit-vintage-engine-5.11.0-M1-sources.jar junit-vintage-engine-5.11.0-M1.jar junit-vintage-engine-5.11.0-M1.pom"
           ko=18
           koFiles="junit-jupiter-api-5.11.0-M1.module junit-jupiter-engine-5.11.0-M1.module junit-jupiter-migrationsupport-5.11.0-M1.module junit-jupiter-params-5.11.0-M1.module junit-platform-commons-1.11.0-M1.jar junit-platform-commons-1.11.0-M1.module junit-platform-console-1.11.0-M1.jar junit-platform-console-1.11.0-M1.module junit-platform-engine-1.11.0-M1.module junit-platform-jfr-1.11.0-M1.module junit-platform-launcher-1.11.0-M1.module junit-platform-reporting-1.11.0-M1.module junit-platform-runner-1.11.0-M1.module junit-platform-suite-api-1.11.0-M1.module junit-platform-suite-commons-1.11.0-M1.module junit-platform-suite-engine-1.11.0-M1.module junit-platform-testkit-1.11.0-M1.module junit-vintage-engine-5.11.0-M1.module"

The differences in the .module files are all of this shape and all for Javadoc JARs:

*** central/org/junit/jupiter/junit-jupiter-api/5.11.0-M1/junit-jupiter-api-5.11.0-M1.module	2024-04-23 14:48:42.000000000 +0200
--- repository/org/junit/jupiter/junit-jupiter-api/5.11.0-M1/junit-jupiter-api-5.11.0-M1.module	2024-05-03 09:15:01.969563775 +0200
***************
*** 133,143 ****
          {
            "name": "junit-jupiter-api-5.11.0-M1-javadoc.jar",
            "url": "junit-jupiter-api-5.11.0-M1-javadoc.jar",
!           "size": 823145,
!           "sha512": "e08f31d854e20c67819da8b4f2cd422ad9d0b54c3eddddba86b5e338c744a29cc4e2f57bcec6dba3985b258758974546f81121a443c8b0a6b087d5b99a28da43",
!           "sha256": "08c31376acd48f0f5af759e877c325ae9db7243bb386afbb47eabd941af62fb5",
!           "sha1": "7546d9d736df0c52dab962d893da8d83a3784cb5",
!           "md5": "d34aba1365bb6f543d5946eadd0d89c9"
          }
        ]
      },
--- 133,143 ----
          {
            "name": "junit-jupiter-api-5.11.0-M1-javadoc.jar",
            "url": "junit-jupiter-api-5.11.0-M1-javadoc.jar",
!           "size": 823056,
!           "sha512": "4cfb25d972c92349d7034eba189392caa83f3a48fdca28b08c61d3e884bb0c67124bbcb1b77f1e05df0f8fbd7c2dbadbba04bc38f033256d41d6a8466d2bffe1",
!           "sha256": "9f4f7435e09dcd8f326271f15d0c2fc6e2e70f0ce1220a987c8d3e2edd644f39",
!           "sha1": "3f34c9660abe7da8b1da4f359e90dc41ad30b58c",
!           "md5": "b949d0d6b430274ab23232b409773c60"
          }
        ]
      },

@hboutemy The rebuild tool does not download and compare Javadoc JARs, right? I assume that's on purpose? If so, .module files should be ignored as well since they're not binaries.

For my local rebuild of junit-platform-commons-1.11.0-M1.jar and junit-platform-console-1.11.0-M1.jar the file timestamps in the archive differ: 80-Jan-31 23:00 vs. 80-Feb-01 00:00. At first glance that looks like a timezone issue to me since I'm in the CEST timezone which was UTC+1 in January/February of 1980. I'm not sure that's the same difference the build in the reproducible-central build is showing, though. @hboutemy Could you please add a junit-bom-5.11.0-M1.diffoscope file there like for 5.10.2?

[marcphilipp]

For my local rebuild of junit-platform-commons-1.11.0-M1.jar and junit-platform-console-1.11.0-M1.jar the file timestamps in the archive differ: 80-Jan-31 23:00 vs. 80-Feb-01 00:00. At first glance that looks like a timezone issue to me since I'm in the CEST timezone which was UTC+1 in January/February of 1980.

Should be resolved by f21a9c7

[marcphilipp]

I checked the Javadoc JARs in my local rebuild and it seems the differences are mostly minor markup changes like the following:

I suspect that's because the used gradle:8-jdk21 Docker image has JDK 21.0.3 while 5.11.0-M1 was built with 21.0.2.