chrisrueger commented on PR #103: URL: https://github.com/apache/freemarker/pull/103#issuecomment-1868596012
> So there's `freemarker.jar:freemarker/version.properties`, which contains a `buildTimestamp`, that we fill for each build (see `freemarker/build/FreemarkerVersionService.kt`). And that's what said command line utility prints too. For the reproducible build this feature has to be removed in effect. > > The version number itself has no date in a release (see in `freemarker.jar:freemarker/version.properties`), but as per above, the build still won't be reproducible until we stop filling the `buildTimestamp`. Ok thanks for the tip. The `buildTimestamp=@timestampNice@` was not the only problem, but basically all timestamps. I managed to get a reproducible build locally. But I had to manually adjust versions.properties and completely remove all the qualifiers and @-variables from `versions.properties`. So basically I hardcoded everything in versions.properties to `2.3.33`. I guess this is not how its done, but at least it proves that if the output of `versions.properties` does not include timestamps, then the build is truly reproducible. What do I need to do, to build so the version is `2.3.33` without qualifiers? I think it basically comes down to "How to to create a `versions.properties` without any timestamps or at least a fixed timestamp like gradle does (`1980-02-01T00:00:00Z`) > > `foojay-resolver-convention`: Ah, it only downloads if the given JDK is not already found. But then, my question remains. If the build has to be reproducible, then we had to be more specific than just "JDK 16", right? > You mean more specific to "what exact Java version (incl. build) to use and to do to get the exact same build result"? I think the people at reproducible build have tried answering that in this [.buildspec](https://github.com/jvm-repo-rebuild/reproducible-central/blob/master/doc/BUILDSPEC.md) file. I need to get a bit more familiar with it. I just found out about it. > `gradlew`: I meant, it's not executable in the source distribution tar. `tar -tvf apache-freemarker-gae-src-2.3.33-SNAPSHOT.tgz` gives `-rw-r--r-- 0/0 8941 1970-01-02 01:00 gradlew`. But I just realized that that's already broken in the `2.3-gae` branch. But I guess if I fix that these, the `filePermissions { unix("rw-r--r--") }` you added will collide with that. How do you create this `apache-freemarker-gae-src-2.3.33-SNAPSHOT.tgz`? I like to try it out. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
