Google Git
Sign in
gerrit / jgit / 6007371e3a21970dd34ae91ac20460922a15488e
commit6007371e3a21970dd34ae91ac20460922a15488e[log] [tgz]
authorMatthias Sohn <matthias.sohn@sap.com>Fri Oct 06 01:10:40 2023 +0200
committerMatthias Sohn <matthias.sohn@sap.com>Thu Nov 09 00:08:42 2023 +0100
treef4c77f590e98032641d274a8714f5ead5d0e2f42
parent97afcb050b182beacd1c6913d8293d6ba0a9989e [diff]
Enable Maven reproducible builds

- configure Maven to run build reproducibly [1]
- use UTC timestamp of checked out commit as build timestamp
- add git-describe, git-commit-id, git-commit-id, git-tags,
  git-remote-origin-url to MANIFEST.MF files
- configure cyclonedx-maven-plugin to also use UTC timestamp of
  checked out commit
- for packaging build use tycho-buildtimestamp-jgit [2] to ensure
  version uses the timestamp of the last commit
- SBOMs are not reproducible by design [3] they should have a build
  timestamp matching the time when the build was executed and a serial
  number which is a unique UUID per build run. Hence exclude them from
  comparison [4].
- Use gmavenplus-plugin to format build timestamps. Maven expects
  build timestamp in ISO-8601 format, to replace the qualifier in
  versions the timestamp format must be compatible with rules for OSGi
  version numbers. Didn't find a way to read the properties set by the
  git-commit-id-maven-plugin from another plugin. Hence use JGit in a
  groovy script to get the commit time of the current HEAD and provide
  it in these two formats.

TODO: packaging build (features and p2 repository) is not yet binary
reproducible since that's not yet supported by Tycho [5], artefacts have
reproducible version numbers but file lastModified timestamps are not
yet reproducible.

Test plan for Maven build:
- build using
  mvn clean install"
- verify second build is reproducible:
  mvn -T1 clean verify artifact:compare
  verification seems not to be thread-safe, hence run it with a single
  thread using option -T1

For packaging build (still fails due to non-reproducible file
timestamps):
- build using
  mvn -f org.eclipse.jgit.packaging/pom.xml clean install
- verify second build is reproducible:
  mvn -T1 -f org.eclipse.jgit.packaging/pom.xml clean verify artifact:compare

[1] https://maven.apache.org/guides/mini/guide-reproducible-builds.html
[2] https://wiki.eclipse.org/Tycho/Reproducible_Version_Qualifiers
[3] https://github.com/CycloneDX/cyclonedx-maven-plugin/issues/84
[4] https://maven.apache.org/plugins/maven-artifact-plugin/compare-mojo.html
[5] https://github.com/eclipse-tycho/tycho/issues/233

Change-Id: I0202f55a1b6ae0edd922cfef638beb39d2ce9417
18 files changed
tree: f4c77f590e98032641d274a8714f5ead5d0e2f42
  1. .mvn/
  2. .settings/
  3. Documentation/
  4. lib/
  5. org.eclipse.jgit/
  6. org.eclipse.jgit.ant/
  7. org.eclipse.jgit.ant.test/
  8. org.eclipse.jgit.archive/
  9. org.eclipse.jgit.benchmarks/
  10. org.eclipse.jgit.coverage/
  11. org.eclipse.jgit.gpg.bc/
  12. org.eclipse.jgit.gpg.bc.test/
  13. org.eclipse.jgit.http.apache/
  14. org.eclipse.jgit.http.server/
  15. org.eclipse.jgit.http.test/
  16. org.eclipse.jgit.junit/
  17. org.eclipse.jgit.junit.http/
  18. org.eclipse.jgit.junit.ssh/
  19. org.eclipse.jgit.lfs/
  20. org.eclipse.jgit.lfs.server/
  21. org.eclipse.jgit.lfs.server.test/
  22. org.eclipse.jgit.lfs.test/
  23. org.eclipse.jgit.packaging/
  24. org.eclipse.jgit.pgm/
  25. org.eclipse.jgit.pgm.test/
  26. org.eclipse.jgit.ssh.apache/
  27. org.eclipse.jgit.ssh.apache.agent/
  28. org.eclipse.jgit.ssh.apache.test/
  29. org.eclipse.jgit.ssh.jsch/
  30. org.eclipse.jgit.ssh.jsch.test/
  31. org.eclipse.jgit.test/
  32. org.eclipse.jgit.ui/
  33. tools/
  34. .bazelrc
  35. .bazelversion
  36. .gitattributes
  37. .gitignore
  38. .mailmap
  39. BUILD
  40. CODE_OF_CONDUCT.md
  41. CONTRIBUTING.md
  42. LICENSE
  43. pom.xml
  44. README.md
  45. SECURITY.md
  46. WORKSPACE
README.md

Java Git

An implementation of the Git version control system in pure Java.

This project is licensed under the EDL (Eclipse Distribution License).

JGit can be imported straight into Eclipse and built and tested from there. It can be built from the command line using Maven or Bazel. The CI builds use Maven and run on Jenkins.

  • org.eclipse.jgit

    A pure Java library capable of being run standalone, with no additional support libraries. It provides classes to read and write a Git repository and operate on a working directory.

    All portions of JGit are covered by the EDL. Absolutely no GPL, LGPL or EPL contributions are accepted within this package.

  • org.eclipse.jgit.ant

    Ant tasks based on JGit.

  • org.eclipse.jgit.archive

    Support for exporting to various archive formats (zip etc).

  • org.eclipse.jgit.http.apache

    Apache httpclient support.

  • org.eclipse.jgit.http.server

    Server for the smart and dumb Git HTTP protocol.

  • org.eclipse.jgit.lfs

    Support for LFS (Large File Storage).

  • org.eclipse.jgit.lfs.server

    Basic LFS server support.

  • org.eclipse.jgit.packaging

    Production of Eclipse features and p2 repository for JGit. See the JGit Wiki on why and how to use this module.

  • org.eclipse.jgit.pgm

    Command-line interface Git commands implemented using JGit (“pgm” stands for program).

  • org.eclipse.jgit.ssh.apache

    Client support for the SSH protocol based on Apache Mina sshd.

  • org.eclipse.jgit.ssh.apache.agent

    Optional support for SSH agents for org.eclipse.jgit.ssh.apache.

  • org.eclipse.jgit.ui

    Simple UI for displaying git log.

Tests

  • org.eclipse.jgit.junit, org.eclipse.jgit.junit.http, org.eclipse.jgit.junit.ssh: Helpers for unit testing
  • org.eclipse.jgit.ant.test: Unit tests for org.eclipse.jgit.ant
  • org.eclipse.jgit.http.test: Unit tests for org.eclipse.jgit.http.server
  • org.eclipse.jgit.lfs.server.test: Unit tests for org.eclipse.jgit.lfs.server
  • org.eclipse.jgit.lfs.test: Unit tests for org.eclipse.jgit.lfs
  • org.eclipse.jgit.pgm.test: Unit tests for org.eclipse.jgit.pgm
  • org.eclipse.jgit.ssh.apache.test: Unit tests for org.eclipse.jgit.ssh.apache
  • org.eclipse.jgit.test: Unit tests for org.eclipse.jgit

Warnings/Caveats

  • Native symbolic links are supported, provided the file system supports them. For Windows you must use a non-administrator account and have the SeCreateSymbolicLinkPrivilege.

  • Only the timestamp of the index is used by JGit if the index is dirty.

  • JGit 6.0 and newer requires at least Java 11. Older versions require at least Java 1.8.

  • CRLF conversion is performed depending on the core.autocrlf setting, however Git for Windows by default stores that setting during installation in the “system wide” configuration file. If Git is not installed, use the global or repository configuration for the core.autocrlf setting.

  • The system wide configuration file is located relative to where C Git is installed. Make sure Git can be found via the PATH environment variable. When installing Git for Windows check the “Run Git from the Windows Command Prompt” option. There are other options like Eclipse settings that can be used for pointing out where C Git is installed. Modifying PATH is the recommended option if C Git is installed.

  • We try to use the same notation of $HOME as C Git does. On Windows this is often not the same value as the user.home system property.

Features

  • org.eclipse.jgit

    • Read loose and packed commits, trees, blobs, including deltafied objects.

    • Read objects from shared repositories

    • Write loose commits, trees, blobs.

    • Write blobs from local files or Java InputStreams.

    • Read blobs as Java InputStreams.

    • Copy trees to local directory, or local directory to a tree.

    • Lazily loads objects as necessary.

    • Read and write .git/config files.

    • Create a new repository.

    • Read and write refs, including walking through symrefs.

    • Read, update and write the Git index.

    • Checkout in dirty working directory if trivial.

    • Walk the history from a given set of commits looking for commits introducing changes in files under a specified path.

    • Object transport

      Fetch via ssh, git, http, Amazon S3 and bundles. Push via ssh, git, http, and Amazon S3. JGit does not yet deltify the pushed packs so they may be a lot larger than C Git packs.

    • Garbage collection

    • Merge

    • Rebase

    • And much more

  • org.eclipse.jgit.pgm

    • Assorted set of command line utilities. Mostly for ad-hoc testing of jgit log, glog, fetch etc.

  • org.eclipse.jgit.ant

    • Ant tasks

  • org.eclipse.jgit.archive

    • Support for Zip/Tar and other formats

  • org.eclipse.http

    • HTTP client and server support

Missing Features

There are some missing features:

  • signing push
  • shallow and partial cloning
  • support for remote helpers
  • support for credential helpers
  • support for multiple working trees (git-worktree)
  • using external diff tools
  • support for HTTPS client certificates
  • SHA-256 object IDs
  • git protocol V2 (client side): packfile-uris
  • multi-pack index
  • split index

Support

Post questions, comments or discussions to the jgit-dev@eclipse.org mailing list. You need to be subscribed to post. File bugs and enhancement requests in Bugzilla.

Contributing

See the EGit Contributor Guide.

About Git

More information about Git, its repository format, and the canonical C based implementation can be obtained from the Git website.