Andreas Sewe created MSHARED-505:
------------------------------------
Summary: Add <timestamp> element to <archive> to allow for
reproducible builds
Key: MSHARED-505
URL: https://issues.apache.org/jira/browse/MSHARED-505
Project: Maven Shared Components
Issue Type: Improvement
Components: maven-archiver
Affects Versions: maven-archiver-3.0.0
Reporter: Andreas Sewe
At the moment, running {{mvn clean install}} on just about any project twice
produces different JARs, as the files’ timestamps within the archive differ.
It would be great if the {{<archive>}} element would allow for a
{{<timestamp>}} element to force a timestamp for all files within the archive.
This would allow uses like {{<timestamp>{$env.SOURCE_DATE_EPOCH}</timestamp>}}
(see https://reproducible-builds.org/specs/source-date-epoch/). Or one could
populate this using a property set by another plugin (the
{{buildnumber-maven-plugin}} comes to mind, although its {{build-metadata}}
goal ATM just gives the current time, not the time when the commit was made.
Probably worth another request for improvement. ;-))
AFAICT, this improvement ultimately requires a change to
{{AbstractZipArchiver.zipFile}} from Plexus, but I've filed it with
{{maven-archiver}}, as that's the surface visible component.
Anyway, if this is a change that is of interest to others, I would be willing
to provide patches to both {{maven-archiver}} and the appropriate plexus
component.
FWIW, This is just one step towards reproducible builds. There's also
MSHARED-494.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
