...
issue tracking | description |
---|---|
maven-archiver adds "Built-By: <username>" Manifest entry | |
| maven-archiver adds "Built-Jdk: <detailed java version>" Manifest entry: better replaced with "Built-Jdk: <java specification version>" |
Timestamp in pom.properties | |
support SOURCE_DATE_EPOCH environment variable or equivalent: see https://reproducible-builds.org/docs/timestamps/ | |
sort zip entries to make zip entries order reproducible | |
generated plugin.xml is non-deterministic | |
Timestamp in plugin.xml and plugin-help.xml descriptors generated by maven-plugin-tools-generator | |
plexus-archiver issue #48 | avoid timestamp issues in archives created by plexus-archiver (widely used in Maven plugins creating jar, zip, war, tar... archives) |
plexus-containers | sort components when generating META-INF/plexus/components.xml |
issues fixed in maven-archiver will have to be picked by 11 plugins managed by Apache Maven team (acr, ear, ejb, jar, jlink, rar, source, war, site, javadoc, assembly) and perhaps other plugins managed outside Apache Maven team
Debian approach
Debian has a strong reproducible builds structure working on the topic for a few years: see BuildinfoFiles for environment info recording.
...