Steve Lawrence created DAFFODIL-2911:
----------------------------------------
Summary: source release artifact is not easily reproducible
Key: DAFFODIL-2911
URL: https://issues.apache.org/jira/browse/DAFFODIL-2911
Project: Daffodil
Issue Type: Bug
Components: Infrastructure
Reporter: Steve Lawrence
The release candidate container uses "git archive --format=zip" to create the
source release zip. But git does not guarantee reproducibility with this
created artifact. In fact, it seems to make changes frequently enough that
three recent git versions I tested (2.41.0, 2.44.0, and 2.45.1) all created
archives with difference hashes. The content appears to be the same, but
compression algorithms change or other metadata is changed.
As long as we know the git version used to create the zip it's easy to test,
but that can be a pain. Ideally we could replace git archive with something
that is more consistent and more easily reproducible regardless of the git
version installed.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
