I'm building a Java project with gradle and want to publish checksum files along with the artifacts of my build. The problem is that repeated builds generate different checksums without any code changes. After spending some time chasing down the problem, the reason was quite obvious:
That is it's practically not possible to re-build a certain version at a later point in time that will output identical files.
I think it's pretty easy to "fix" this by changing the modification/creation date of the artifacts after creation to some default value. But that would result in somehow strange metadata information in the archives - something like 1970-01-01T00:00:00Z would be quite obvious but still confusing at the first glance.
Is there any other way to perhaps completely omit the timestamp metadata on creation of the archives. Or to remove it after the archives have been created?
Or is there perhaps any other way to make repeated builds generate identical artifacts?
I'm actually wondering what the best practice is for this scenario?!
You can generate reproducible archives with Gradle, and IIUC that is what you want. This feature is documented in Gradle's userguide.
You need to configure your projects like this:
tasks.withType(AbstractArchiveTask) {
preserveFileTimestamps = false
reproducibleFileOrder = true
}
Looks like there is even a plugin which configures that for you, though it doesn't seem to be active any more: https://github.com/Johni0702/gradle-reproducible-builds-plugin