Support deterministic build of eclair-core artifact on ubuntu #1295
Conversation
|
Ave you tried that: https://maven.apache.org/guides/mini/guide-reproducible-builds.html |
|
It didn't work because there are some other non-reproducible bits in the MANIFEST file inside the generated jar, it might work by changing and/or updating other plugins like the maven-jar-plugin but i couldn't get it working and it felt like a rabbit hole, on the other hand maven-reproducible-build works out of the box :) (but unfortunately is yet another plugin to our build) |
|
Not sure if we want to add a section in the README.md for the reproducible builds or we just add it to the release page. |
Codecov Report
@@ Coverage Diff @@
## master #1295 +/- ##
==========================================
+ Coverage 77.18% 79.37% +2.19%
==========================================
Files 143 144 +1
Lines 9976 11100 +1124
Branches 408 445 +37
==========================================
+ Hits 7700 8811 +1111
- Misses 2276 2289 +13
|
I think it's worth adding to the main README so that people find it easily. |
The doc says to
How about BUILD.md? And a standard paragraph in each release description (like the part on signature)? |
|
NB, seems the last pain point (update of |
Alright, so i just gave another try to the non-plugin based approach and..it worked, i had to update both the maven-source-plugin and maven-jar-plugin to 3.2.0, i think in my earlier attempt i missed the maven-source-plugin and deemed the approach unfeasible too early. As you point out the |
…achieve deterministic builds, remove reproducible-build-maven-plugin.
araspitzu
force-pushed
the
deterministic_build
branch
from
9f8fd2a to
01663f2
Compare
|
We don't use the maven release plugin yet (testing and tagging the release is done manually) |
|
@araspitzu Did you run tests with different versions of JDK11 and different Linux distros ? |
I didn't try with different distros but I tried with different versions of ubuntu (18.10 vs 17.10) and different minor versions of JDK (JDK11.0.4 vs JDK11.0.3), the resulting artifact was identical. If we're okay restricting the deterministic build to the latest ubuntu version i'll add this to the paragraph in the BUILD.md. |
araspitzu
changed the title
|
Can you please update the hash of the eclair-core jar that should be built ? thanks |
…e deterministic build
|
This one builds to the same hash: But as mentioned somewhere node and node-gui jar is not.. which is very annoying as that is the one I actually run... |
Yes it's mentioned in the PR's description :) |
This PR adds support for deterministic builds of the eclair-core artifact by updating the necessary maven plugins (maven-source-plugin and maven-jar-plugin) to version 3.2.0 which support deterministic builds and hardcoding the property
project.build.outputTimestampto a fixed date (this can be updated at each release) . The deterministic build only works with the submoduleeclair-coredue to some quirks with the maven-capsule plugin, also the build is not deterministic across different OSs because of the way maven packages files with system-dependent newline markers. The SHA256 of eclair core at commit 93c2683 is:db3064fc4fc9e20c141770294186fbb82b50190ffc13f6bcc09379db2fb33b2b.This is a first step toward deterministic builds for the mobile apps.