[
https://issues.apache.org/jira/browse/MNG-6276?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16143124#comment-16143124
]
Hervé Boutemy edited comment on MNG-6276 at 8/27/17 2:39 PM:
-------------------------------------------------------------
Hi [~Zlika],
Good to see you there after Devoxx FR 2016 (already more than 1 year ago...):
thanks [~psacc] for bringing the issue here :)
As discussed with [~Zlika] at Devoxx, reproducible builds brings some
advantages but break "tagging" features that were intended: then it should
probably be opt-in, since one will have to choose between 2 interesting
behaviours (reproducible build vs intentionally tagged build: that is a matter
of taste)
And this op-in feature will have to be supported by many plugins: then we'll
need to define a convention to enable/disable this feature and get plugins to
implement it (Maven core plugins and also non-core plugins)
Defining this as a property with a conventional name seems the way to go. We
already have such conventional properties, like
{{project.build.sourceEncoding}} for source file encoding as documented in
https://cwiki.apache.org/confluence/display/MAVEN/POM+Element+for+Source+File+Encoding
The first step will be to define a name and document it, for example in Maven
Wiki like source encoding.
Then we'll have to see what plugins require to be modified to support this
option: like source encoding, we can maintain a list in the wiki with pointers.
Ok for everybody?
First is the property name: something like {{project.build.reproducible}}?
Should it be a boolean? With default value as false, and requires {{true}} to
activate: that would be quite natural.
Should it be a timestamp, since a lot of plugins will have to set a timestamps
to files, and you'll need a way to define the conventional timestamp value for
a build (or let any build have the same timestamp).
Any preference from people who have already worked on the topic?
was (Author: hboutemy):
Hi [~Zlika],
Good to see you there after Devoxx FR 2016 (already more than 1 year ago...):
thanks [~psacc] for bringing the issue here :)
As discussed with [~Zlika] at Devoxx, reproducible builds have advantages
breaks "tagging" features that were intended: then it should probably be
opt-in, since one will have to choose between 2 interesting behaviours
(reproducible build vs intentionally tagged build)
And this op-in feature will have to be supported by many plugins: then we'll
need to define a convention to enable/disable this feature and get plugins to
implement it (Maven core plugins and also non-core plugins)
Defining this as a property with a conventional name seems the way to go. We
already have such conventional properties, like
{{project.build.sourceEncoding}} for source file encoding as documented in
https://cwiki.apache.org/confluence/display/MAVEN/POM+Element+for+Source+File+Encoding
The first step will be to define a name and document it, for example in Maven
Wiki like source encoding.
Then we'll have to see what plugins require to be modified to support this
option: like source encoding, we can maintain a list in the wiki with pointers.
Ok for everybody?
First is the property name: something like {{project.build.reproducible}}?
Should it be a boolean? With default value as false, and requires {{true}} to
activate: that would be quite natural.
Should it be a timestamp, since a lot of plugins will have to set a timestamps
to files, and you'll need a way to define the conventional timestamp value for
a build (or let any build have the same timestamp).
Any preference from people who have already worked on the topic?
> Support reproducible builds
> ---------------------------
>
> Key: MNG-6276
> URL: https://issues.apache.org/jira/browse/MNG-6276
> Project: Maven
> Issue Type: New Feature
> Components: core, General
> Reporter: Paolo Sacconier
>
> A venerable build system like maven should support full build reproduibilty
> (i.e. producing bit a bit identical binaries from the same source).
> As initiatives like https://reproducible-builds.org gain traction and the
> news of the recent Debian policy change to mandate this build behavior (see
> https://reproducible.alioth.debian.org/blog/posts/121/), this seems a feature
> that needs to be considered for inclusion into maven core.
> There is an indipendent ongoing effort to support this feature and the author
> stated that he has found interest from maven project to integrate his work:
> https://github.com/Zlika/reproducible-build-maven-plugin/issues/6#issuecomment-325005883
> I hope this issue helps kickstart the effort.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
