achieve reproducible build: Remove wildcard in AssemblyVersion

[tenzap]

In order for every build and rebuild of the same source code are reproducible (same output) could you please apply the change of this patch?

To achieve reproducible build, remove the wildcard for the Revision of the AssemblyVersion . The wildcard for the revision corresponds to "The default revision number is the number of seconds since midnight local time (without taking into account time zone adjustments for daylight saving time), divided by 2." . See: https://learn.microsoft.com/en-us/dotnet/api/system.reflection.assemblyversionattribute?redirectedfrom=MSDN&view=netframework-4.8#remarks . See also: https://github.com/dotnet/roslyn/issues/39354

--- a/KeePassRPC/Properties/AssemblyInfo.cs
+++ b/KeePassRPC/Properties/AssemblyInfo.cs
@@ -18,5 +18,5 @@
 [assembly: Guid("89631AAE-8DE6-4593-8DAB-AB28490A490A")]

 // Assembly version information
-[assembly: AssemblyVersion("2.0.48.*")]
+[assembly: AssemblyVersion("2.0.48.0")]
 [assembly: AssemblyFileVersion("1.16.0.0")] // also change PluginVersion in KeePassRPCExt.cs!

[luckyrat]

I am following the PLGX format requirements here - "Assembly Version: Should be set to the recommended KeePass version (i.e. the KeePass version your plugin is built for)." - however it appears that recommendation has been changed a long time ago without me spotting it in the release notes (I think either 2.17 or 2.18) and we should now set it to our own plugin version. Still, the PLGX sample plugin includes the * so I wouldn't want to make a change without either confirmation from Dominik that a fixed revision number will load, or some extended beta testing.

Is this the only remaining change needed to make the build 100% reproducible? If so, I'm happy to test it out but probably after the v2.0 release.

[tenzap]

Is this the only remaining change needed to make the build 100% reproducible?

It looks like so.

(For all the dll you build for keepassrcp, but not for the PGLX, see https://sourceforge.net/p/keepass/feature-requests/2872/)

[luckyrat]

https://github.com/kee-org/keepassrpc/releases/tag/v2.0.1 has a plgx attached which I built in the usual way. Apart from using a different AssemblyVersion number it should be identical to v2.0.0.

Please let me know when you get a chance to test a build using that same tagged commit and confirm that this reproduces the same DLLs within the PLGX (or whatever other measure of reproducibility you have previously used).

It sounds like the remaining tasks would be down to KeePass but let me know if you spot anything else we can do.

[tenzap]

Now, with 2.0.1, the dlls are indeed reproducible & it works fine with kee on firefox + keepassrpc 2.0.1 + keepass 2.56

As per the plgx, it won't be reproducible as long as keepass doesn't fix https://sourceforge.net/p/keepass/feature-requests/2872/

BTW, you might be interested in merging this patch, or get inspired by it. However since I don't build the pglx I don't use it, but it might be of interest to have a reproducible pglx once upstream makes it reproducible. https://salsa.debian.org/bastif/keepass2-plugin-keepassrpc/-/blob/master/debian/patches/adapt_csprog_to_build_on_linux.patch

[luckyrat]

I'm able to build the plgx on Ubuntu just fine without that patch but yeah if upstream changes mean we can enable a reproducible plgx I'll take a look at the part at the bottom of the patch and the links mentioned on that KeePass feature request.

Since we've done all we can at the moment I'll close this issue now but please feel free to open a new one if/when the upstream situation changes in case I don't notice immediately.

In the unlikely event that the beta testing of this change brings up any issues that require us to omit this change from the next KeePassRPC release, I'll re-open this ticket and we can rethink.