[Reproducible-builds] [Debian Wiki] Update of "ReproducibleBuilds/MysteryByteIncrementInJarFiles" by HansChristophSteiner
Lunar
lunar at debian.org
Sat Sep 27 09:47:10 UTC 2014
Debian Wiki:
> The "ReproducibleBuilds/MysteryByteIncrementInJarFiles" page has been changed by HansChristophSteiner:
> https://wiki.debian.org/ReproducibleBuilds/MysteryByteIncrementInJarFiles
>
> New page:
> = mystery byte increments in jar format =
>
> I've been working on reproducible jars, and I have fixed the
> timestamps by running the builds using `faketime`. Now the contents
> of the jars are exactly the same when I unzip them, including the
> timestamps, but the jars themselves do not have the same hash. Using
> `vbindiff`, I can see a smattering of bytes that are different, with
> almost always the same pattern: one build's byte will be +1 from the
> others, i.e. one has 98 and the other has 99, or 56 and 57. It seems
> that this byte is some kind of separator between class names.
Is this a relevant issue for Debian? Using sortjar or
strip-nondeterminism in the build process makes faketime unneeded, but
it should also takes care of file ordering and these weird bytes.
The other options I can think of to solve jar related issues is to patch
all tools building jar.
--
Lunar .''`.
lunar at debian.org : :Ⓐ : # apt-get install anarchism
`. `'`
`-
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/reproducible-builds/attachments/20140927/d5ad28a9/attachment.sig>
More information about the Reproducible-builds
mailing list