ericmj
commented
8 years ago Looks good, I left a few comments. Would also appreciate comments from others.
Closed motiejus closed 5 years ago
ericmj
commented
8 years ago Looks good, I left a few comments. Would also appreciate comments from others.
motiejus
commented
8 years ago @ericmj addressed your feedback, except the last point. I will send an email to erlang-questions@ asking for more feedback from the community.
ericmj
commented
8 years ago Anything else we can help with to finish this?
Another thing we need to straighten up to get fully reproducible packages is the package metadata. It's simply specified as an erlang term file that can be loaded with file:consult/1. The mix client generates it with io_lib_pretty:print(pair, [{encoding, utf8}]) for each metadata key-value pair and then concatenates it with ".\n". We need to at least define the sorting and whitespace in the file. And also possibly implement our own io_lib_pretty:print/2 with a stronger specification because nothing stops OTP from changing details in it.
Finally we need to add the versions of all tools used to generate the package to the metadata. For example versions of OTP, Elixir, Mix client, Rebar3, rebar3_hex etc.
motiejus
commented
8 years ago I've been very busy lately, sorry I didn't get back promptly. I hope to have more cycles to come back to this in a few weeks.
If anyone wants to give a try on how to make a reproducible build in pure Erlang and gnu tools, that would speed things up significantly.
ericmj
commented
5 years ago Closing due to a lack of inactivity.
hex_core should produce reproducible archives but changes may happen when hex_core version is changed.
Proposal for reproducible archives. Initially discussed here: https://github.com/erlang/rebar3/issues/1136