On 23.02.2024 16:29, Julian Reschke wrote:
On 23.02.2024 00:04, Herve Boutemy wrote:
-1 non-binding, jackrabbit-webapp-2.21.25.war has executable flags for
dependencies in WEB-INF/lib
in check-release.sh line 230, changing
exec mvn --batch-mode clean verify $MVN_ARGS
to
exec mvn --batch-mode clean verify artifact:compare
-Dreference.repo=https://repository.apache.org/content/repositories/staging/
$MVN_ARGS
permits to check jars that will be published to Maven Central
And sadly, jackrabbit-webapp-2.21.25.war is not ok: same issue as
previous releases, due to executable flag
Can the check-release.sh be updated, please?
Right now, we can't. a) Because we share the script with Oak (which is
known not to have reproducable builds), and b) because it would fail the
check for Jackabbit when this is clearly not a regression (yet).
and the environment doing the release fixed?
If I understood what the problem is I'll be happy to fix it.
...
So it seems that the weird permissions are caused by the fact that my
WSL instance uses a local maven repo mounted from a Windows FS. Once I
move to a Linux-native repo, the permissions are different.
I can try this for the next release (and the downside of course is disk
space impact on the release machine). It would be better if we could
tell the plugin generating the WAR file to normalize the permissions;
otherwise the build will always depend on the setting in the local maven
repo.
Best regards, Julian
