perhaps I should basically show how Reproducible Builds was configured in the PoC:
1. in apache-parent: https://github.com/apache/maven-apache-parent/commit/d379a72d07173c500be65fd6e549da1fedb46b5f It's about 3 packaging plugins that have a version supporting Reproducible Builds and one parameter: the timestamp to put on archive entries = the value of "now" when I commited the feature 2. in maven-parent: https://github.com/apache/maven-parent/commit/d213125b171c8a2f7e4cbb74b713e11e0fd055dd I just updated the parent POM And chose to define a local value for timestamp, to override the value defined in parent But honestly, who cares if the timestamp in zip file was 2019-09-21T16:03:05Z (the value inherited from parent) instead of 2019-09-21T16:15:16Z (the overridden value)? 3. in maven: https://github.com/apache/maven/commit/d23d3b4fab9b3951177eac5bbfa109e990e95899 same as before: changed parent, and chose to define a local value for timestamp Every commit after that is just little improvement or fixes because a few plugins don't yet bring reproducible output This is exactly how I see Reproducible Builds for the future: - select versions of plugins that bring reproducible output - either inherit or define a local timestamp et voilà, it's so easy (once plugins support)... Regards, Hervé Le samedi 28 septembre 2019, 17:55:24 CEST Hervé BOUTEMY a écrit : > Achieving Reproducible Builds require only one parameter: plugins that > create zip or tar archives require a fixed timestamp for entries > > Putting that parameter as a pom property with a well known name and value > format permits to share the configuration between every packaging plugin. > This also has the advantage that child poms will inherit from parent value, > and eventually override. > > The question is: *what property name and what value format should we keep?* > > For the PoC, I chose to extrapolate from a convention from Reproducible > Builds project, which is very Linux-oriented: SOURCE_DATE_EPOCH environment > variable, that I transformed into source-date-epoch property name, keeping > the "date + %s" value > https://reproducible-builds.org/docs/source-date-epoch/ > > > But I feel we can do a more user-readable solution by choosing another name > and format, like "reproducible-build-timestamp" with an ISO-8601 combined > date and time representation > > > WDYT? Any other idea? > > Regards, > > Hervé > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
