RFR: 8264449: Enable reproducible builds with SOURCE_DATE_EPOCH [v12]
Kevin Rushforth
kcr at openjdk.org
Tue Apr 4 23:30:28 UTC 2023
On Tue, 4 Apr 2023 15:46:20 GMT, John Neffenger <jgneff at openjdk.org> wrote:
>> This pull request allows for reproducible builds of JavaFX on Linux, macOS, and Windows by defining the `SOURCE_DATE_EPOCH` environment variable. For example, the following commands create a reproducible build:
>>
>>
>> $ export SOURCE_DATE_EPOCH=$(git log -1 --pretty=%ct)
>> $ bash gradlew sdk jmods javadoc
>> $ strip-nondeterminism -v -T $SOURCE_DATE_EPOCH build/jmods/*.jmod
>>
>>
>> The three commands:
>>
>> 1. set the build timestamp to the date of the latest source code change,
>> 2. build the JavaFX SDK libraries, JMOD archives, and API documentation, and
>> 3. recreate the JMOD files with stable file modification times and ordering.
>>
>> The third command won't be necessary once Gradle can build the JMOD archives or the `jmod` tool itself has the required support. For more information on the environment variable, see the [`SOURCE_DATE_EPOCH`][1] page. For more information on the command to recreate the JMOD files, see the [`strip-nondeterminism`][2] repository. I'd like to propose that we allow for reproducible builds in JavaFX 17 and consider making them the default in JavaFX 18.
>>
>> #### Fixes
>>
>> There are at least four sources of non-determinism in the JavaFX builds:
>>
>> 1. Build timestamp
>>
>> The class `com.sun.javafx.runtime.VersionInfo` in the JavaFX Base module stores the time of the build. Furthermore, for builds that don't run on the Hudson continuous integration tool, the class adds the build time to the system property `javafx.runtime.version`.
>>
>> 2. Modification times
>>
>> The JAR, JMOD, and ZIP archives store the modification time of each file.
>>
>> 3. File ordering
>>
>> The JAR, JMOD, and ZIP archives store their files in the order returned by the file system. The native shared libraries also store their object files in the order returned by the file system. Most file systems, though, do not guarantee the order of a directory's file listing.
>>
>> 4. Build path
>>
>> The class `com.sun.javafx.css.parser.Css2Bin` in the JavaFX Graphics module stores the absolute path of its `.css` input file in the corresponding `.bss` output file, which is then included in the JavaFX Controls module.
>>
>> This pull request modifies the Gradle and Groovy build files to fix the first three sources of non-determinism. A later pull request can modify the Java files to fix the fourth.
>>
>> [1]: https://reproducible-builds.org/docs/source-date-epoch/
>> [2]: https://salsa.debian.org/reproducible-builds/strip-nondeterminism
>
> John Neffenger has updated the pull request with a new target base due to a merge or a rebase. The pull request now contains 21 commits:
>
> - Merge branch 'master' into allow-reproducible-builds
>
> Include two commits that fix WebKit build failures on Windows and macOS:
>
> 8282359: Intermittent WebKit build failure on Windows:
> C1090: PDB API call failed, error code 23
> 8286089: Intermittent WebKit build failure on macOS in JavaScriptCore
> - Merge branch 'master' into allow-reproducible-builds
> - Support JDK 17 GA or later for building JavaFX
> - Merge branch 'master' into allow-reproducible-builds
> - Add '--date' argument for deterministic JMOD files
> - Merge branch 'master' into allow-reproducible-builds
> - Merge branch 'master' into allow-reproducible-builds
> - Comment out 'jmod --date' until building on JDK 19
>
> Support for the 'jmod --date' option was added to JDK 19 starting
> with the 19+2 early-access build, and it was backported to JDK 17
> starting with release 17.0.3. It is not available in JDK 18.
> - Merge 'master' into allow-reproducible-builds
> - Make minimal changes for new '--date' option
> - ... and 11 more: https://git.openjdk.org/jfx/compare/810bd90d...e42a0709
I started doing some testing today. I verified that without `SOURCE_DATE_EPOCH` set, the builds are as expected with a couple minor diffs.
1. The jar index in `javafx-swt.jar` is gone. This is fine (as mentioned earlier), since jar indexing is not useful for modular jars. There is an in-progress RFE remove some support for it in the JDK with [JDK-8302819](https://bugs.openjdk.org/browse/JDK-8302819), so I was going to file an issue for us to stop using it, but now I don't have to.
2. The format of `VersionInfo.BUILD_TIMESTAMP`, which is used in constructing the `javafx.runtime.version` System property for dev builds, has changed to an ISO date -- `2023-04-04T15:11:59Z` rather than `2023-04-04-151159`. Since the `:` is not legal for Java version strings, it is possible (though unlikely), that some app is parsing this in a way that might run into porblems. This should probably be fixed.
I then did a build with `SOURCE_DATE_EPOCH`. On each of three machines I tried (one each of Windows, Linux, and Mac / x64), a pair of builds with the same `SOURCE_DATE_EPOCH` were identical except for the native WebKit library, which was different between the two builds on Windows and Linux (Mac was fine). All other artifacts (except, by extension, `javafx.web.jmod`) were identical.
Unless there is an easy solution, I think addressing the jfxwebkit native library differences on Windows and Linux could be handled via a follow-on issue.
I'll do a review of the changes later this week along with some more testing.
-------------
PR Comment: https://git.openjdk.org/jfx/pull/446#issuecomment-1496720090
More information about the openjfx-dev
mailing list