Two successive builds of the Apache Tomcat 'main' branch using the default target are not deterministic, showing a difference in just one file. Reproduce the issue as follows: $ SOURCE_DATE_EPOCH=$(git log -1 --pretty=%ct) $ export SOURCE_DATE_EPOCH $ ant $ mv output output1 $ ant $ mv output output2 Below is the actual result when comparing the two builds: $ diff -qr output1 output2 Files output1/jdbc-pool/tomcat-jdbc-src.jar and output2/jdbc-pool/tomcat-jdbc-src.jar differ The expected result is that the two builds are identical and there is no output from the 'diff' command. The archive files differ in the timestamps of three file entries: $ diff <(zipinfo output1/jdbc-pool/tomcat-jdbc-src.jar) \ <(zipinfo output2/jdbc-pool/tomcat-jdbc-src.jar) 1c1 < Archive: output1/jdbc-pool/tomcat-jdbc-src.jar --- > Archive: output2/jdbc-pool/tomcat-jdbc-src.jar 3,4c3,4 < drwxr-xr-x 2.0 unx 0 bx stor 22-Nov-12 17:47 META-INF/ < -rw-r--r-- 2.0 unx 116 b- defN 22-Nov-12 17:47 META-INF/MANIFEST.MF --- > drwxr-xr-x 2.0 unx 0 bx stor 22-Nov-12 17:48 META-INF/ > -rw-r--r-- 2.0 unx 116 b- defN 22-Nov-12 17:48 META-INF/MANIFEST.MF 52,53c52,53 < -rw-r--r-- 2.0 unx 11356 b- defN 22-Nov-12 17:47 LICENSE < -rw-r--r-- 2.0 unx 178 b- defN 22-Nov-12 17:47 NOTICE --- > -rw-r--r-- 2.0 unx 11356 b- defN 22-Nov-12 17:48 LICENSE > -rw-r--r-- 2.0 unx 178 b- defN 22-Nov-12 17:48 NOTICE The OpenJDK and Apache Ant versions that I used are shown below: $ java --version openjdk 11.0.17 2022-10-18 OpenJDK Runtime Environment (build 11.0.17+8-post-Ubuntu-1ubuntu222.04) OpenJDK 64-Bit Server VM (build 11.0.17+8-post-Ubuntu-1ubuntu222.04, mixed mode, sharing) $ ant -version Apache Ant(TM) version 1.10.12 compiled on January 17 1970 I will follow up with a pull request on GitHub.
See GitHub pull request: Allow reproducible builds of all JDBC JAR files https://github.com/apache/tomcat/pull/566
Fixed in: - 10.1.x for 10.1.3 onwards - 9.0.x for 9.0.70 onwards - 8.5.x for 8.5.85 onwards