Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [tycho-user] compare-version-with-baselines on signed jar


In general, it's better if you can fully reproduce the build, byte to byte. And by default, compare-version-with-baselines assumes that you want a byte-to-byte equality, which is the ultimate form of build reproducibility.
However, in practice, it's pretty possible that the 2 jars have the exact same payload and can be treated as equivalent. Using the Zip comparator as you did allows to compare jar *equivalency* rather than equality. In most case, it's enough. It's for example what Eclipse Platform is using.
For your case, if you know your bundle are equal (made from the same commit), you could consider as an addition to set up Reproducible Version Qualifiers as explained in . That would allow, in case of equivalent bundles, to have the build use the baseline one, so it usually turns the equivalency into an equality, and the following compare-version-with-baselines works fine.
But it's not bullet proof, especially with pack200. If you pack200 your jars, it's possible that even an unpack200'd jar is not equal to the same jar that was pack200'd earlier... That can become tricky and I think pack200 has ways to workaround that; however it's not a topic I know enough to help you with.


Back to the top