Uploaded image for project: 'Maven'
  1. Maven
  2. MNG-6276

Support Reproducible Builds (https://reproducible-builds.org)

    XMLWordPrintableJSON

Details

    • New Feature
    • Status: Closed
    • Major
    • Resolution: Fixed
    • None
    • None
    • Core, General
    • None

    Description

      A venerable build system like Maven should support full build reproducibilty (i.e. producing bit a bit identical binaries from the same source).

      As initiatives like https://reproducible-builds.org gain traction and the news of the recent Debian policy change to mandate this build behavior (see https://reproducible.alioth.debian.org/blog/posts/121/), this seems a feature that needs to be considered for inclusion into Maven core & core plugins.

      There is an independent ongoing effort to support this feature and the author stated that he has found interest from maven project to integrate his work: https://github.com/Zlika/reproducible-build-maven-plugin/issues/6#issuecomment-325005883

      I hope this issue helps kickstart the effort.

      Attachments

        Issue Links

          contains

          New Feature - A new feature of the product, which has yet to be developed. ARCHETYPE-590 support Reproducible Builds for archetype:jar

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          New Feature - A new feature of the product, which has yet to be developed. MACR-53 Reproducible Builds: make entries in output jar files reproducible (order + timestamp)

          • Major - Major loss of function.
          • Closed

          New Feature - A new feature of the product, which has yet to be developed. MASSEMBLY-921 Reproducible Builds: make entries in output archive reproducible (order + timestamp)

          • Major - Major loss of function.
          • Closed

          New Feature - A new feature of the product, which has yet to be developed. MEAR-280 Reproducible Builds: make entries in output ear files reproducible (order + timestamp)

          • Major - Major loss of function.
          • Closed

          New Feature - A new feature of the product, which has yet to be developed. MEJB-128 Reproducible Builds: make entries in output jar files reproducible (order + timestamp)

          • Major - Major loss of function.
          • Closed

          New Feature - A new feature of the product, which has yet to be developed. MJAR-263 Reproducible Builds: make entries in output jar files reproducible (order + timestamp)

          • Major - Major loss of function.
          • Closed

          New Feature - A new feature of the product, which has yet to be developed. MJAVADOC-627 Reproducible Builds: make entries in output jar files reproducible (order + timestamp)

          • Major - Major loss of function.
          • Closed

          New Feature - A new feature of the product, which has yet to be developed. MRAR-86 Reproducible Builds: make entries in output rar files reproducible (order + timestamp)

          • Major - Major loss of function.
          • Closed

          New Feature - A new feature of the product, which has yet to be developed. MSHADE-347 Reproducible Builds: make entries in output jar files reproducible

          • Major - Major loss of function.
          • Closed

          New Feature - A new feature of the product, which has yet to be developed. MSITE-851 Reproducible Builds: make entries in output jar files reproducible (order + timestamp)

          • Major - Major loss of function.
          • Closed

          New Feature - A new feature of the product, which has yet to be developed. MSOURCES-120 Reproducible Builds: make entries in output jar files reproducible (order + timestamp)

          • Major - Major loss of function.
          • Closed

          New Feature - A new feature of the product, which has yet to be developed. MWAR-432 Reproducible Builds: make entries in output jar files reproducible (order + timestamp)

          • Major - Major loss of function.
          • Closed

          New Feature - A new feature of the product, which has yet to be developed. MJLINK-75 Reproducibility of ZIP artifacts

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed

          Improvement - An improvement or enhancement to an existing feature or task. MRRESOURCES-114 make projectTimespan reproducible: use outputTimestamp instead of current date

          • Major - Major loss of function.
          • Closed

          Improvement - An improvement or enhancement to an existing feature or task. MPLUGIN-326 Remove timestamp in generated descriptor

          • Trivial - Cosmetic problem like misspelt words or misaligned text.
          • Closed
          is depended upon by

          New Feature - A new feature of the product, which has yet to be developed. MNG-8258 activate Reproducible Builds by default

          • Major - Major loss of function.
          • Closed
          is related to

          Improvement - An improvement or enhancement to an existing feature or task. COMPRESS-485 Reproducible Builds: keep entries order when gathering ScatterZipOutputStream content in ParallelScatterZipCreator

          • Major - Major loss of function.
          • Resolved

          Wish - General wishlist item. MSHARED-796 use java.specification.version instead of java.version in Build-Jdk manifest entry

          • Major - Major loss of function.
          • Closed

          Task - A task that needs to be done. MSHARED-797 Move current Build-Jdk manifest entry to Build-Jdk-Spec

          • Major - Major loss of function.
          • Closed
          is required by

          Task - A task that needs to be done. MNG-6789 Make Maven distribution build Reproducible

          • Major - Major loss of function.
          • Closed
          is superceded by

          New Feature - A new feature of the product, which has yet to be developed. MARTIFACT-24 add artifact:check-buildplan goal to check that plugins versions do not have known reproducibility issues

          • Major - Major loss of function.
          • Closed
          relates to

          Bug - A problem which impairs or prevents the functions of the product. MSHARED-494 Impossible to generate a reproducible build due to timestamp in pom.properties

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed

          New Feature - A new feature of the product, which has yet to be developed. MSHARED-787 Add optional buildEnvironment information to the manifest

          • Major - Major loss of function.
          • Closed

          Improvement - An improvement or enhancement to an existing feature or task. MSHARED-362 Support removing default manifest entries with Maven Archiver

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed

          Improvement - An improvement or enhancement to an existing feature or task. MSHARED-511 Using structures to keep insertion order for MANIFEST.MF

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed

          Wish - General wishlist item. MSHARED-661 Remove manifest entry "Built-By: <username>" for reproducible builds

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed

          Wish - General wishlist item. MPLUGIN-261 sort goals in generated plugin.xml

          • Trivial - Cosmetic problem like misspelt words or misaligned text.
          • Closed
          links to

          Web Link Add ability to NOT write timestamps for zip file entries

          Web Link GitHub Pull Request #77

          mentioned in

          Page Loading...

          Activity

            People

              hboutemy Herve Boutemy
              psacc Paolo Sacconier
              Votes:
              9 Vote for this issue
              Watchers:
              17 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 1h 20m
                  1h 20m