All,
I've been working on an "ant verify-release" target and I'm finding that
in the 9.0 release -- the one I'm using as a guinea pig -- the SHA-512
hashes do not match for these artifacts:
apache-tomcat-9.0.82-fulldocs.tar.gz
apache-tomcat-9.0.82-src.tar.gz
apache-tomcat-9.0.82-src.zip
They have different file sizes. The *-src artifacts seem to be off only
by a few bytes (of file size, I haven't compared the contents yet) but
the fulldocs are quite different.
I'm thinking that maybe these artifacts aren't expected to match 100%
but I'm not entirely sure. If it's possible to get these to be
reproducible, I think it would be good.
I did notice that the build contains <fixcrlf> in many places and in
some places we are converting to CRLF and LF in others. Sometimes we are
using UTF-8 and ISO-8859-1 in others. These are always specified, so I
wouldn't expect there to be a problem in these areas with
reproducibility (because they are consistently inconsistent).
Building the fulldocs tar looks like we do not perform a fixcrlf on all
files that will go into the archive, so if Rémy built on Linux (he did)
and I verified on Windows (I did) I think maybe the line-endings are the
problem.
Do we want these artifacts to be 100% reproducible? If so, we have a
little bit of work to do.
-chris
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
