At the Eclipse Adoptium project we produce free downloads of all the OpenJDK LTS and current versions, across a wide range of platforms. These are fully TCK and AQA tested as part of a Jenkins CI automated build and test infrastructure. A growing part of this delivery infrastructure is a framework for Reproducible Builds, necessary as a key part of a secure deliverable and for security frameworks such as SSDF and SLSA. The Eclipse Adoptium team has been contributing many upstream OpenJDK fixes and enhancements to enable OpenJDK to be fully reproducible, and this feature is now integrated into how we test our builds to help ensure a secure delivery chain.
This presentation will give some background into the work completed by the project to enable reproducible OpenJDK builds, and also introduce the Jenkins CI tests and tooling that we have introduced to leverage them.
Andrew Leonard
Red Hat
Experienced enterprise software developer with IBM for 30 years at IBM Hursley lab. Development of enterprise software procucts as CICS, WebSphere MQ and WebSphere Application Server.
20+ years experience of Java, now working for Red Hat as the Build and Distribution lead at the Eclipse Adoptium community producing Eclipse Temurin.