Drop Built-Date, Built-JDK, Created-By from plugin manifests#7578
Merged
Conversation
`new Date()` was evaluated at configuration time on every Gradle invocation, so each plugin jar's manifest embedded the build wall-clock. That made the jars non-deterministic byte-for-byte across builds and broke Gradle's configuration cache for plugin tasks. The companion `Built-JDK` and `Created-By` attributes were dropped at the same time because: 1. Nothing in the codebase reads any of these three attributes (`grep -rn 'Built-Date|Built-JDK|Created-By'` returns only the writer line). They were inert metadata. 2. The main `pcgen.jar` manifest does not carry equivalents, so the plugin jars were the odd ones out. 3. Real reproducibility would also require pinning archive timestamps (`preserveFileTimestamps = false`), file ordering (`reproducibleFileOrder = true`), and the JDK/Gradle versions across environments — for *all* archive tasks in the project, not just the plugin jars. Keeping `Built-JDK`/`Created-By` on plugin jars only would be inconsistent: it would leak environment info from a subset of artifacts without buying real reproducibility. If a future PR pursues full reproducible builds, it can apply those settings project-wide and re-introduce diagnostic attributes uniformly. Verified: two clean builds of `:jarExportPlugins` now produce byte-identical jars; configuration cache stores successfully for `:jarAllPlugins`.
Vest
force-pushed
the
reproducible-plugin-manifests
branch
from
1101dfc to
8b42f9a
Compare
Vest
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
code/gradle/plugins.gradle:30set three attributes on every plugin jar manifest. The first one,Built-Date: new Date(), was evaluated at configuration time on every Gradle invocation, with two consequences:The companion
Built-JDKandCreated-Byattributes are dropped at the same time because they're redundant: nothing in the codebase reads any of the three (grep -rn 'Built-Date|Built-JDK|Created-By'returns only the writer line), and the mainpcgen.jarmanifest carries no equivalents — the plugin jars were the odd ones out.If we want truly reproducible builds, that's a larger, project-wide change: it would have to pin archive timestamps (
preserveFileTimestamps = false), file ordering (reproducibleFileOrder = true), and the JDK/Gradle versions across environments, applied to all archive tasks. KeepingBuilt-JDK/Created-Byon plugin jars only would be inconsistent — leaking environment info from a subset of artifacts without buying real reproducibility. A future PR pursuing full reproducible builds can apply those settings project-wide and reintroduce diagnostic attributes uniformly across every Java module.Test plan
./gradlew :jarAllPlugins— all 11 plugin jars build successfully.plugins/exportplugins.jarmanifest —Built-Date,Built-JDK, andCreated-Byremoved;Implementation-Title,Implementation-Version, andClass-Pathretained.:jarExportPluginsproduce byte-identical jars (same SHA-1: `1b5ed939...`).Configuration cache entry stored.for:jarAllPlugins.