[bisq-network/bisq] Gradle witness for 'jtorctrl' not updated for Tor 0.4.5 (Issue #5807)
chimp1984
notifications at github.com
Tue Nov 9 00:41:03 CET 2021
Thanks @cd2357 for the details report!
> I checked and this could indeed be the case. I built jtorctl from source using those specific JDK versions (from here). Indeed, the resulting jars had different hashes. They were also different than the two hashes from jitpack.
We use a tool for removing meta data which cause diff. hashes in jars in the build script. That was an intent to get to deterministic builds. At least for the Bisq jar file that should work. If we would include that step in those binaries (if those are not hosted from Bisq we should do that so we can adjust the build process) the hash of the jar should be the same (I assume the diff. hash is mostly because of those metadata which includes timestamps not because of the jdk change - though that might have differences as well, but then we should freeze the jdk version in the build as well).
So in short we should try to get a step further to deterministic builds.
And I think the benefit from the cache feature might not be worth the additional complexity and risk.
> vendor: Private Build
That does not sound good as well. We should control which jdk is used for builds.
As said I think we should fork that repo anyway and host it on Bisq. There might be another sub dependency in netlayer (socksproxy) - if so that should also be moved to Bisq IMO.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/bisq-network/bisq/issues/5807#issuecomment-963675767
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bisq.network/pipermail/bisq-github/attachments/20211108/5b49143a/attachment.htm>
More information about the bisq-github
mailing list