reproducible builds: timezone(?) leaks into build artifacts #457
Comments
|
Last time I looked into these kinds of things, I think it was a combination of osgi, sbt-assembly, and sbt-reproducible-builds which created weird fields, but I cannot remember exactly. I remember weird code trying to synthesize these fields regarding the time stamps... Since these fields seems to use an epoch style encoding of instants, is, what you are observing actually different timestamp longs in the files? |
|
This has affected us for a while. My usual timezone is Dublin but I'm currently in CET. It would be great to sort out where this diff comes from. |
|
I think this is caused by apache/commons-compress#472 |
|
Is still still an issue after #488 ? |
|
Checked the 1.1.0-M1 artifacts, those are now reproducible for 2.13, so indeed the fix seems to have the intended effect. I used: Filed raboof/sbt-reproducible-builds#323 to make this a little easier I also tried to reproduce for Scala 3, which showed two further problems: |
while trying to verify the reproducibility of the 1.0.1-RC2 artifacts, I ran into a difference: the jar files' entries (for example for
pekko-parsing_2.13-1.0.1-RC2.jar) have an extra field of type 0x000a (https://commons.apache.org/proper/commons-compress/apidocs/org/apache/commons/compress/archivers/zip/X000A_NTFS.html) containing file timestamps.These timestamps are set to
Sat Jan 01 00:00:00 CET 2000on the staged release, while they areSat Jan 01 01:00:00 CET 2000on my local build - only the hour is different. It almost seems as if the intent was to have a fixed value here, but the timezone of the build machine is leaking into the artifact.Changing the
TZenvironment variable during the build did not affect the timestamps, but building in a different build environment did produce the same timestamps - I still have to figure out what the relevant difference is.The text was updated successfully, but these errors were encountered: