[CentOS-devel] How to build maven packages in CBS?

Mon Jul 4 11:06:37 UTC 2016
Matthias Runge <mrunge at matthias-runge.de>

On 27/06/16 20:06, Alan Pevec wrote:
> On Sat, Jun 25, 2016 at 5:28 AM, Nico Kadel-Garcia <nkadel at gmail.com> wrote:
>>> What would this reproduceable builds chain look like if we were to start
>>> looking at Maven/MEAD ? Also, how would we verify the content that goes
>>> through ?
>>
>> It's inherently unpredictable.
> 
> Unpredictable are pure Maven builds outside MEAD/Koji, MEAD enables
> reproducible builds by restricting access to the internal Maven
> repositories only.
> It is up to SIG policy how it will bootstrap this internal repo, if we
> do it all using koji maven-build from sources and do not import binary
> JARs, we'll have everything rebuildable from sources.
> Hard part is to resolve dependency chains and then build it in the right order.
> 


Maybe this boils down to the question: how can someone rebuild a package
OUTSIDE MEAD/Koji.

If we make sure, this is documented and reproducible, would it be
acceptable then?

Matthias