February 01, 2011
Mark Wielaard: New GPG key.
Finally created a new GPG key using gnupg. The old one was a DSA/1024 bits one and 8 years old. The new one is a RSA/2048 bits one. I will use the new one in the future to sign any release tarballs I might create. pub 2048R/57816A6A 2011-01-29 Key f...
More »
February 01, 2011
Andrew Hughes: [SECURITY] IcedTea6 1.7.8, 1.8.5, 1.9.5 Released!.
We are pleased to announce a new set of security releases, IcedTea6 1.7.8, IcedTea6 1.8.5 and IcedTea6 1.9.5.
This update contains the following security updates:
The IcedTea project provides a harness to build the source code from OpenJDK6 u...
More »
December/2024
Sun | Mon | Tue | Wed | Thu | Fri | Sat |
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 |
22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | | | | |
|
|
An issue for deterministic builds with Maven + Hudson
Given that Maven is much more complex than Ant, and it dinamically resolves dependencies, people are right to be concerned with having deterministic builds. But the vast majority of problems are solved by just three good practices:
version everything, including all Maven plugins
run once in a while mvn dependency:go-offline, that will download all the required stuff
routinely use mvn -o (offline mode)
When using Hudson, each job should have its private repository, which is scracthed every time.
The first item is the most important, while the other two are more relevant to saving build time and being able to work even while disconnected. To be even safer, and dramatically speed up build times, you should also set up a local mirror repository (e.g. with Nexus), that is a local cache of the artifacts you need. In particular, it is very useful to install a local repository mirror on each Hudson node you use (or one in the same subnet).
Unfortunately, this is likely to create some new build reproducibility issue. In spite of forceTen Hudson job being blue since several weeks (with only occasional spikes), I've been notified both by Milos Kleint and a blog post commenter that they weren't unable to compile it because of a missing artifact. It's really annoying to incur in such an issue after you've spent great amounts of time for having a nicely set up CI enviroment!
Granted, I've got...
Date: January, 07 2010
Url: http://www.java.net/blog/fabriziogiudici/archive/2010/01/07/issue-deterministic-builds-maven-hudson
Others News
|