Le sam. 17 juin 2023 à 02:50, Hervé Boutemy <herve.bout...@free.fr> a écrit :
> yes, same happened in 1.9.11: this is where I found this first, while > checking for Reproducible Central > > > https://github.com/jvm-repo-rebuild/reproducible-central/blob/master/content/org/apache/maven/resolver/maven-resolver/README.md > > > Yes, dropping your local repo would be nice to avoid such unexpected state > > Lately, umask has been a pain to Reproducible Builds: it gives much weight > to an environment aspect, with Linux distros changing their default value > recently. > > > On Resolver 1.9.12, we have now multiple options: > 1. drop 1.9.12 and go to 1.9.13: looks overkill to me > 2. let 1.9.12 binaries as is: reasonable > 3. rebuild a new staging repository from Git tag: I'd love this one to be > at least thought a little bit before saying no > Good idea. Even if the build was not reproducible, the vote has not been closed and the release has not been published, so we can actually rebuild the distributions (or even the tag, but that's a different topic). So I don't think we should give it much thoughts, we should just do it :-) > > Explanation: > Given in reality the build itself is reproducible, but the reference build > has just one file broken by your desktop environment, it means that if you > "mvn -Papache-release deploy" from the Git tag, you'll get a new staging > repository that will contain the same binaries (in particular the same > -source-release.ziip and its sha512), just with a fixed > maven-resolver-named-locks-redisson-1.9.12-bundle.zip > The real files that will be different are the .asc files > We could later decide if we release to Maven Central from current > maven-1962 or the new one > > Are you ready to try? (and discover one of the nice benefit of > Reproducible Builds...) > > Regards, > > Hervé > > Le vendredi 16 juin 2023, 19:23:14 CEST Tamás Cservenák a écrit : > > Found it: that above is my laptop, while I did (both) release on my > desktop: > > > > [cstamas@urnebes ~]$ cd .m2/repository-oss/org/objenesis/objenesis/3.3/ > > [cstamas@urnebes 3.3]$ ll > > total 68 > > -rw-------. 1 cstamas cstamas 49423 2022 dec 15 objenesis-3.3.jar > > -rw-------. 1 cstamas cstamas 40 2022 dec 15 objenesis-3.3.jar.sha1 > > -rw-------. 1 cstamas cstamas 3007 2022 dec 15 objenesis-3.3.pom > > -rw-------. 1 cstamas cstamas 40 2022 dec 15 objenesis-3.3.pom.sha1 > > -rw-------. 1 cstamas cstamas 192 2022 dec 15 _remote.repositories > > [cstamas@urnebes 3.3]$ > > > > Hence, the same should be true for 1.9.11 as well. Also, it seems it's > time > > to nuke my local repo ;) > > > > Thanks > > T > > > > On Fri, Jun 16, 2023 at 7:16 PM Tamás Cservenák <ta...@cservenak.net> > wrote: > > > Strange.... > > > > > > [cstamas@blondie ~]$ cd > .m2/repository-oss/org/objenesis/objenesis/3.3/ > > > [cstamas@blondie 3.3]$ ll > > > total 68 > > > -rw-r--r--. 1 cstamas cstamas 49423 dec 20 17.30 objenesis-3.3.jar > > > -rw-r--r--. 1 cstamas cstamas 40 dec 20 17.30 > objenesis-3.3.jar.sha1 > > > -rw-r--r--. 1 cstamas cstamas 3007 dec 20 17.30 objenesis-3.3.pom > > > -rw-r--r--. 1 cstamas cstamas 40 dec 20 17.30 > objenesis-3.3.pom.sha1 > > > -rw-r--r--. 1 cstamas cstamas 192 dec 20 17.30 _remote.repositories > > > [cstamas@blondie 3.3]$ > > > > > > Herve, while at this, please can you check 1.9.11 as well? IMHO there > must > > > be the same issue present, or if not, am even more puzzled... > > > > > > T > > > > > > On Fri, Jun 16, 2023 at 7:13 PM Hervé Boutemy <herve.bout...@free.fr> > > > > > > wrote: > > >> +1 > > >> > > >> notice that Reproducible Builds is NOT ok on 1 file: reference build > done > > >> on > > >> *nix with JDK 17 and umask 022 > > >> > > >> the only issue is in > > >> maven-resolver-named-locks-redisson-1.9.12-bundle.zip: > > >> │--rw------- 2.0 unx 49423 b- defN 23-Jun-16 13:32 > objenesis-3.3.jar > > >> │+-rw-r--r-- 2.0 unx 49423 b- defN 23-Jun-16 13:32 > objenesis-3.3.jar > > >> it seems your local repository contains a objenesis-3.3.jar which is > not > > >> group > > >> nor world wide readable > > >> > > >> Regards, > > >> > > >> Hervé > > >> > > >> Le vendredi 16 juin 2023, 15:57:43 CEST Tamás Cservenák a écrit : > > >> > Howdy, > > >> > > >> > We solved 1 issue: > > >> > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12320628 > > >> &ve>> > > >> > rsion=12353340 > > >> > > > >> > There are still some issues in JIRA: > > >> > https://issues.apache.org/jira/projects/MRESOLVER/issues > > >> > > > >> > Staging repository: > > >> > https://repository.apache.org/content/repositories/maven-1962/ > > >> > > >> > Source release SHA512: > > >> > b24cbd998e1739a89eb693b764fef9f476d53a5b1546ffb87941afcdc9c76bdcd69cbf924 > > >> 782>> > > >> > ded6067388679446c25c166364cd9ac450e8ef17a70d3f1045ce > > >> > > > >> > Staging site: > > >> > https://maven.apache.org/resolver-archives/resolver-LATEST/ > > >> > > > >> > Guide to testing staged releases: > > >> > > https://maven.apache.org/guides/development/guide-testing-releases.html > > >> > > > >> > Vote open for 72 hours. > > >> > > > >> > [ ] +1 > > >> > [ ] +0 > > >> > [ ] -1 > > >> > > >> --------------------------------------------------------------------- > > >> To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org > > >> For additional commands, e-mail: dev-h...@maven.apache.org > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org > For additional commands, e-mail: dev-h...@maven.apache.org > > -- ------------------------ Guillaume Nodet
