Details
-
Improvement
-
Status: Closed
-
Major
-
Resolution: Abandoned
-
maven-archiver-3.0.0
-
None
-
None
Description
At the moment, running mvn clean install on just about any project twice produces different JARs, as the files’ timestamps within the archive differ.
It would be great if the <archive> element would allow for a <timestamp> element to force a timestamp for all files within the archive.
This would allow uses like <timestamp>{$env.SOURCE_DATE_EPOCH}</timestamp> (see https://reproducible-builds.org/specs/source-date-epoch/). Or one could populate this using a property set by another plugin (the buildnumber-maven-plugin comes to mind, although its build-metadata goal ATM just gives the current time, not the time when the commit was made. Probably worth another request for improvement. )
AFAICT, this improvement ultimately requires a change to AbstractZipArchiver.zipFile from Plexus, but I've filed it with maven-archiver, as that's the surface visible component.
Anyway, if this is a change that is of interest to others, I would be willing to provide patches to both maven-archiver and the appropriate plexus component.
FWIW, This is just one step towards reproducible builds. There's also MSHARED-494.
Attachments
Issue Links
- is superceded by
-
MSHARED-837 add an API to configure Reproducible Builds with outputTimestamp
- Closed