Reproducible Properties

Robert Scholte rfscholte at apache.org
Sun Sep 29 16:46:12 UTC 2019 

On Sun, 29 Sep 2019 16:57:33 +0200, Alan Bateman <Alan.Bateman at oracle.com>  
wrote:

> On 29/09/2019 14:08, Robert Scholte wrote:
>> Hi,
>>
>> the Maven team gets quite some requests regarding reproducible builds.
>> Depending on the source we're able to fix it ourselves.
>> However, in case of writing properties via Properties.store() we'll get  
>> unreproducible properties, because it includes the current Date().[1].  
>> The only option we have right now is writing our own Properties writer.
>> I'm kind of surprised not to find any related issue, but does it make  
>> sense to make the inclusion of the date optional?
> The Properties.store methods have always been specified to write a  
> comment line with the current date and time. It wouldn't be unreasonable  
> to look at changing it to not specify a date/time comment when the  
> comment is provided by the user of the API but changing it after 20+  
> years would need effort to understand the impact. I think the bigger  
> issue with reproducibility is that the ordering that the properties are  
> written is not specified. Reproducible builds are important but maybe it  
> needs Maven tooling or plugin to do smart comparisons. I think this is  
> something that the Skara project was looking into at one point.
>
> -Alan

The order of properties and the line-endings are indeed important too, but  
these are less hard to solve.
As far as I understand, reproducible builds is not about comparison, but  
being able to get the same checksum value because the content will stay  
exactly same for one specific build, byte per byte. This is a challenge  
not just for Maven, but for any tool that generates output.

I wasn't expecting a complete replacement of the Date(), but more a way to  
either set the date or skip the date in the comment( like  
setCommentDate(Date date) ).
As one might see in the code, writing properties is not that easy. My  
concern is that any third party attempt to do this on its own will not be  
as good as the original implementation.

Robert

More information about the jdk-dev mailing list