https://reproducible-builds.org/ Reproducible builds are a set of software development practices that create a verifiable path from human readable source code to the binary code used by computers
Java builds are naturally not immediately reproducible: timestamps in jar files are the first source of non-idempotence (if you do a build twice, the result won't be the same bit for bit).
But Maven sometimes adds some variable parts that adds to the problem: timestamp or username in MANIFEST.MF, ...
The goal of this proposal is to prepare a set of configuration and practices to have reproducible/verifiable builds, both by enhancing java natural build behaviour and by removing some variability introduced by some Maven plugins (core plugins at first, but also in the Maven eco-system)
What are the issues to solve?
issue tracking | description |
---|---|
MSHARED-661 | maven-archiver adds "Built-By" and "Built-Jdk" Manifest entries |