Hi all,
Over the last few days I have been looking at making the Tomcat builds
(more) reproducible. I have currently reached the stage where sequential
builds on my local machine produce identical output.
There are several caveats
1. Some of the embedded JARs can vary between runs due to a Bnd issue.
That has been reported to the Bnd project and should be fixed shortly.
2. The current Windows exe signing process isn't repeatable. There are a
few suggestions workarounds at https://reproducible-builds.org/ and I
need to discuss these with the provider of the code signing service the
ASF uses (DigiCert).
I have a series of commits where each commit addresses a specific issue.
I need to get them committed and back-ported and then I plan to look at
repeatability cross-platform. I'm not sure if that is a solvable problem
for the Tomcat build but I want to take a look.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
