Reproducible builds for I2P

Imported From r/I2P

As of commit a7467aca2ab6e011470b541c1fa7fa5d55d5555f you can build I2P reproducibly using the Gradle build system. I've tested this with JDK 11 on Linux and Mac.

Here are the instructions:

git clone https://github.com/i2p/i2p.i2p 
cd i2p.i2p 
git checkout a7467aca2ab6e011470b541c1fa7fa5d55d5555f 
./gradlew clean assemble

After the build finishes, you should have the following checksum:

ae7d8d42da1513da20e0b8c84c25ea9a50d43acc1fceb8897b25f722da91e52f reproducible/build/distributions/i2p.zip

To run the distribution, do the following:

mkdir somewhere
cp reproducible/build/distributions/i2p.zip somewhere/ 
cd somewhere 
unzip i2p.zip 
cd i2p 
sh bin/i2p

The files produced by this system are different from the files produced by the regular ant build system. This is because the contents of jar and zip files get sorted alphabetically and there is additional normalization of compiled JSPs.

I can’t possibly test this on all possible combinations of locales, timezones, etc like the Debian build bot does, so if you do not get the checksum above please let me know.

Known issues:

• between gradlew builds you need to run ant distclean. Gradle's clean target does not properly clean after itself
• Some flags do not appear on the /peers page
• Clicking on some addressbooks causes the browser to open a ton of tabs. I have no idea what is causing this yet

Happy testing!

zab_

Q : does this mean we can use it to add or bridge I2P network onto programs?

A: You could always embed an I2P router in other programs. For example MuWire comes with it’s own I2P router, so does BiglyBT.

Reproducible builds give you an assurance that the binary you’re getting is the same as what you would get if you build from source. By default there are many things like timestamps, file ordering and so on that produce a different binary every time you build.

****Thanks Zab & IDK. See the original post here***