Deterministic Builds

[msgilligan]

Create a deterministic build process similar to that used for Bitcoin Core. See this blog article for suggestions: http://gary-rowe.com/agilestack/2013/08/08/how-to-create-a-deterministic-jar/

[msgilligan]

The Gradle user guide has a section titled Reproducible archives that may be useful.

[msgilligan]

See also: https://reproducible-builds.org

[msgilligan]

This commit should have been a step in the right direction: https://github.com/ConsensusJ/consensusj/commit/8c1539e0775d91bd4aed3e1676a10a676bd84059

[msgilligan]

After 99389bea22072ae96530b450c96ee91118297e65 I have verified that reproducible builds are working. You must use the same (or similar) version of the JDK (some versions put LICENSE files in the JavaDoc and others don't) to get all the Sha256Sums to match, but if you do you should be able to get all shasums to match even between macOS and Linux.

[msgilligan]

• 2c86c44b3c079c4894ba256587874408a1614ee9 adds support for building all artifacts with ./gradlew installDist
• e4d1023460c9d6676858867dd1d553d2a14910c2 uploads all build artifacts and a SHA256SUMS file as GitHub Actions artifacts so you can verify your local build against CI.
• 2f807fcce58ee3ddce85d9f6dbbcaacc83c76819 adds build artifacts and SHA256SUMS on GitLab CI. Note that the JavaDoc (and therefore Gradle module metadata JSON) differs from the Temurin builds because of the absence of two license files)
• a35017f06455f2fe7bb8350fa9102a5075b480dc adds instructions for verifying SHA256SUMS to doc/release-process.adoc

[msgilligan]

Completed, see https://github.com/ConsensusJ/consensusj/issues/17#issuecomment-1747677236