If you have signed JAR files or JAR files that create a digest, please apply the $JDK_HOME/bin/pack200 executable in your build process like
pack200 --repack my.jarbefore signing the JAR files. Pack200 rearranges JAR files but the reordering is idempotent, so this pack/unpack sequence creates a stable JAR file.
Pack200 compression can be quite slow, Pack200 decompression is relatively fast. Pack200 compression is only used for installers and not for archives.
To avoid problems with external JAR files, you can check the the "Exclude signes JARs or JARs creating digests" option. If you would like to exclude selected JAR files only, you can place an empty *.nopack file next to it. For example, if the jar file is named app.jar, then a file app.jar.nopack in the same directory will disable Pack200 compression for that file.