Hi, Has anyone looked into reproducible builds for codesign'd MacOS builds? Basically Apple codesigning is non-deterministic, which is not surprisingly I guess, so naturally makes reproducible builds a bit tricky. The general theme for this sort of issue seems to be to remove the signature before comparing (codesign --remove-signature X.dylib). Which i've attempted, and works to a degree. The single stumbling block being the signing of jpackageapplauncher in jdk.jpackage, which then gets placed in the jmod's classes resource section, leading to different module "hash" in java.base/../module-info.class, and also a different "modules" file. Has anyone else tried to tackle this problem? Could we store jpackageapplauncher somewhere that would not end up in the jmod classes...but still be securely loadable? ( https://github.com/openjdk/jdk/blob/646c8aaeeccb494c72ff84c6e0f303f790be0ba9/src/jdk.jpackage/macosx/classes/jdk/jpackage/internal/MacAppImageBuilder.java#L284 )
Thanks Andrew