search

adoptium / temurin-build

Eclipse Temurin™ build scripts - common across all releases/versions
Apache License 2.0
1.02k stars 248 forks source link

Enable 3rd party reproducible Temurin Windows x64 builds by compiling using Microsoft VS "Build-Tools" Edition #3787

Open andrew-m-leonard opened 4 months ago

andrew-m-leonard commented 4 months ago

Currently Temurin Windows x64 is built using a bespoke Adoptium VS2022 VS_Community Edition Installer image, which we can then use locally to reproducibly re-build. This setup however, does not allow 3rd parties/users to re-build as a trusted reproducible verification, and since VS_Community edition is only ever available as the "Current"/Latest version, older archived versions are not available, it is not possible to recreate builds by obtaining the same VS_Community version.

Microsoft have introduced the "Build-Tools" license edition, which does provide versioned releases, and is also licenses for open source and enterprise "open source" building, see: https://devblogs.microsoft.com/cppblog/updates-to-visual-studio-build-tools-license-for-c-and-cpp-open-source-projects/

Temurin could move to building using VS "Build-Tools" edition (subject to PMC and Eclipse License review), and thus enable 3rd party reproducible builds, thus providing a more secure development production.

Version downloads: https://learn.microsoft.com/en-us/visualstudio/releases/2022/release-history#fixed-version-bootstrappers

andrew-m-leonard commented 3 months ago

I have confirmed I can identically build Temurin jdk-21.0.3+9 using VS2022 "Build Tools" version 17.7.3, which is identical to the VS2022 VS_Community layout we use to build with.

tellison commented 3 months ago

The PMC discussed this on 8th May, and agreed to moving to this build tool chain, on the understanding that the license is acceptable.

sxa commented 4 weeks ago

References:

Our current VS2022 compiler from the layout identifies itself as * C Compiler: Version 19.37.32822 using a compiler path of /cygdrive/c/progra~1/micros~3/2022/commun~1/vc/tools/msvc/1437~1.328/bin/hostx64/x64/cl.exe. The 1437 in there would likely indicate that it is Toolchain 14.37 which, extrapolating from the table in the first link, would suggest it is 17.7, although the second link has links for 17.7.0 through 17.7.7. I have confirmed that the 17.7.3 download is a version which identifies the compiler version as 19.37.32822.

Note that for install issues check %TEMP%\dd_installer_<timestamp>.log