pulsar icon indicating copy to clipboard operation
pulsar copied to clipboard
verified publisher icon apache

[Bug] Reproducible Builds issues on 4.1.0 release

Open hboutemy opened this issue 3 months ago • 7 comments

Search before reporting

  • [x] I searched in the issues and found nothing similar.

Read release policy

  • [x] I understand that unsupported versions don't get bug fixes. I will attempt to reproduce the issue on a supported version of Pulsar client and Pulsar broker.

User environment

see https://github.com/jvm-repo-rebuild/reproducible-central/blob/master/content/org/apache/pulsar/README.md

Issue Description

I already annotated diff https://github.com/jvm-repo-rebuild/reproducible-central/blob/master/content/org/apache/pulsar/pulsar-4.1.0.diffoscope

if project is interested, I can later try to fix a few issues and discuss what I can't "just fix" myself but requires updates in project release process or features

Error messages

Reproducing the issue

from https://github.com/jvm-repo-rebuild/reproducible-central/blob/master/content/org/apache/pulsar/README.md

./rebuild.sh content/org/apache/pulsar/pulsar-4.1.0.buildspec

Additional information

provided #23639 in the past, that seems to still hit 4.1.0 release

Are you willing to submit a PR?

  • [x] I'm willing to submit a PR!

hboutemy avatar Sep 09 '25 05:09 hboutemy

@hboutemy Thank you for filing the issue, I'll be interested in getting Pulsar's build reproducible. I'll take a look later.

lhotari avatar Sep 09 '25 10:09 lhotari

happy to help as much as I can

hboutemy avatar Sep 09 '25 21:09 hboutemy

FYI, rebuilding 4.1.2 just started https://github.com/jvm-repo-rebuild/reproducible-central/pull/4415

hboutemy avatar Nov 19 '25 07:11 hboutemy

uh, file system full: too big build for a normal GHA builder I'll have to build locally:

git switch pulsar-4.1.2
./rebuild.sh content/org/apache/pulsar/pulsar-4.1.2.buildspec

hboutemy avatar Nov 19 '25 08:11 hboutemy

diffoscope analysis published https://github.com/jvm-repo-rebuild/reproducible-central/blob/master/content/org/apache/pulsar/pulsar-4.1.2.diffoscope

@lhotari we'll need to see what issues can easily be solved: this will probably be a step by step process, need to do small fixes each time and see the improvement for the next release

hboutemy avatar Nov 19 '25 18:11 hboutemy

what causes the majority of differences is the PulsarVersion class, that is copied in many output artifacts, and gets data from Git: https://github.com/apache/pulsar/blob/v4.1.2/pulsar-common/src/main/java-templates/org/apache/pulsar/PulsarVersion.java#L85

for bouncy-castle-bc-4.1.2-pkg.jar, it is a plugin https://github.com/apache/pulsar/blob/v4.1.2/bouncy-castle/bc/pom.xml#L62

for pulsar-client-all https://github.com/apache/pulsar/blob/v4.1.2/pulsar-client-all/pom.xml#L137 need to check that latest shade plugin is used

there are a few dependencies like accessors-smart-2.5.2.jar and json-smart-2.5.2.jar that seem to not be the official ones on your laptop doing the release

nar-plugin to update

hboutemy avatar Nov 26 '25 06:11 hboutemy

for the Git properties, we can inject them: https://github.com/jvm-repo-rebuild/reproducible-central/pull/4477

for the rest, need to change the build, update plugins

hboutemy avatar Nov 26 '25 07:11 hboutemy