maven-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daniel Wegener (JIRA)" <>
Subject [jira] [Commented] (MNG-6276) Support reproducible builds
Date Sun, 08 Oct 2017 19:19:00 GMT


Daniel Wegener commented on MNG-6276:

I wrote about this topic last year:

- given the same environment, javac's classfile output is stable
- jar's uses zip which contains entry-timstamps which we must set to a fixed value (or a somewhat
non-arbitrary default)
- maven-archiver-plugin may parallelize the packaging which may results in arbitrary entry
order in the packaged artifact
- the archiver plugin iterates the files which are to be packaged in file-system order which
may differ across plaforms 
- I have not tested how the "standard tooling", the jar command line tool (

> Support reproducible builds
> ---------------------------
>                 Key: MNG-6276
>                 URL:
>             Project: Maven
>          Issue Type: New Feature
>          Components: core, General
>            Reporter: Paolo Sacconier
> A venerable build system like maven should support full build reproducibilty (i.e. producing
bit a bit identical binaries from the same source).
> As initiatives like gain traction and the news of the
recent Debian policy change to mandate this build behavior (see,
this seems a feature that needs to be considered for inclusion into maven core & core
> There is an independent ongoing effort to support this feature and the author stated
that he has found interest from maven project to integrate his work:
> I hope this issue helps kickstart the effort.

This message was sent by Atlassian JIRA

View raw message