Uploaded image for project: 'Sling'
  1. Sling
  2. SLING-9463

Document reproducible builds and check automatically via check-staged-release

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Open
    • Major
    • Resolution: Unresolved
    • None
    • None
    • Documentation, General
    • None

    Description

      With SLING-9307 and SLING-8951 all builds relying Parent 39 or newer should be reproducible. Still some parts are missing:

      1. buildinfo files should be uploaded along with the artifacts (https://maven.apache.org/guides/mini/guide-reproducible-builds.html) which allows to easily reproduce build (as they contain info about linebreaks and major JDK versions).
      2. The check-staged-release.sh should be updated accordingly to optionally try rebuilding and comparing with the given checksums.
      3. https://sling.apache.org/documentation/development/release-management.html should be extended with how to properly check a release after a vote.
      4. There should be some documentation covering how end-users could reproduce builds.
      5. On the downloads page (https://sling.apache.org/downloads.cgi) there should be a link to the buildinfo files for new/reproducible releases pointing to downloads.apache.org.

      Attachments

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. SLING-9307 Make build fully reproducible

          • Major - Major loss of function.
          • Closed

          Activity

            People

              Unassigned Unassigned
              kwin Konrad Windszus
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated: