On 23.02.2024 00:04, Herve Boutemy wrote:
-1 non-binding, jackrabbit-webapp-2.21.25.war has executable flags for
dependencies in WEB-INF/lib
in check-release.sh line 230, changing
exec mvn --batch-mode clean verify $MVN_ARGS
to
exec mvn --batch-mode clean verify artifact:compare
-Dreference.repo=https://repository.apache.org/content/repositories/staging/
$MVN_ARGS
permits to check jars that will be published to Maven Central
And sadly, jackrabbit-webapp-2.21.25.war is not ok: same issue as previous
releases, due to executable flag
Can the check-release.sh be updated, please?
Right now, we can't. a) Because we share the script with Oak (which is
known not to have reproducable builds), and b) because it would fail the
check for Jackabbit when this is clearly not a regression (yet).
and the environment doing the release fixed?
If I understood what the problem is I'll be happy to fix it.
this would bring you the first release that is proven fully reproducible:
https://github.com/jvm-repo-rebuild/reproducible-central/blob/master/content/org/apache/jackrabbit/jackrabbit/README.md
Regards,
Hervé
Best regards, Julian
