Jira | ||||||
---|---|---|---|---|---|---|
|
https://reproducible-builds.org/ Reproducible builds are a set of software development practices that create a verifiable path from human readable source code to the binary code used by computers
How?
First, the build system needs to be made entirely deterministic: transforming a given source must always create the same result. Typically, the current date and time must not be recorded and output always has to be written in the same order.
Second, the set of tools used to perform the build and more generally the build environment should either be recorded or pre-defined.
Third, users should be given a way to recreate a close enough build environment, perform the build process, and verify that the output matches the original build.
...
issue tracking | description | MNG-6276 | "Parent" issue|
---|---|---|---|
MSHARED-661 | maven-archiver adds "Built-By" and "Built-Jdk" Manifest entries | ||
MSHARED-494 | Timestamp in pom.properties | ||
support SOURCE_DATE_EPOCH environment variable or equivalent: see https://reproducible-builds.org/docs/timestamps/ | |||
, generated plugin.xml is non-deterministic | |||
MPLUGIN-326 | Timestamp in plugin.xml and plugin-help.xml descriptors generated by maven-plugin-tools-generator | ||
codehaus-plexus/plexus-archiver issue #48 | avoid timestamp issues in archives created by plexus-archiver (widely used in Maven plugins creating jar, zip, war, tar... archives) | ||
codehaus-plexus/plexus-containers issue #8 | sort components when generating META-INF/plexus/components.xml |