Wouldnt it mean we are sure it was not consommed? Can we check it on nexus? That said not a blocker today for me since most downstream binaries are not reproducible anyway.
Le sam. 17 juin 2023 à 08:56, Guillaume Nodet <[email protected]> a écrit : > Le sam. 17 juin 2023 à 02:50, Hervé Boutemy <[email protected]> a > écrit : > > > yes, same happened in 1.9.11: this is where I found this first, while > > checking for Reproducible Central > > > > > > > https://github.com/jvm-repo-rebuild/reproducible-central/blob/master/content/org/apache/maven/resolver/maven-resolver/README.md > > > > > > Yes, dropping your local repo would be nice to avoid such unexpected > state > > > > Lately, umask has been a pain to Reproducible Builds: it gives much > weight > > to an environment aspect, with Linux distros changing their default value > > recently. > > > > > > On Resolver 1.9.12, we have now multiple options: > > 1. drop 1.9.12 and go to 1.9.13: looks overkill to me > > 2. let 1.9.12 binaries as is: reasonable > > 3. rebuild a new staging repository from Git tag: I'd love this one to be > > at least thought a little bit before saying no > > > > Good idea. > Even if the build was not reproducible, the vote has not been closed and > the release has not been published, so we can actually rebuild the > distributions (or even the tag, but that's a different topic). So I don't > think we should give it much thoughts, we should just do it :-) > > > > > > Explanation: > > Given in reality the build itself is reproducible, but the reference > build > > has just one file broken by your desktop environment, it means that if > you > > "mvn -Papache-release deploy" from the Git tag, you'll get a new staging > > repository that will contain the same binaries (in particular the same > > -source-release.ziip and its sha512), just with a fixed > > maven-resolver-named-locks-redisson-1.9.12-bundle.zip > > The real files that will be different are the .asc files > > We could later decide if we release to Maven Central from current > > maven-1962 or the new one > > > > Are you ready to try? (and discover one of the nice benefit of > > Reproducible Builds...) > > > > Regards, > > > > Hervé > > > > Le vendredi 16 juin 2023, 19:23:14 CEST Tamás Cservenák a écrit : > > > Found it: that above is my laptop, while I did (both) release on my > > desktop: > > > > > > [cstamas@urnebes ~]$ cd > .m2/repository-oss/org/objenesis/objenesis/3.3/ > > > [cstamas@urnebes 3.3]$ ll > > > total 68 > > > -rw-------. 1 cstamas cstamas 49423 2022 dec 15 objenesis-3.3.jar > > > -rw-------. 1 cstamas cstamas 40 2022 dec 15 > objenesis-3.3.jar.sha1 > > > -rw-------. 1 cstamas cstamas 3007 2022 dec 15 objenesis-3.3.pom > > > -rw-------. 1 cstamas cstamas 40 2022 dec 15 > objenesis-3.3.pom.sha1 > > > -rw-------. 1 cstamas cstamas 192 2022 dec 15 _remote.repositories > > > [cstamas@urnebes 3.3]$ > > > > > > Hence, the same should be true for 1.9.11 as well. Also, it seems it's > > time > > > to nuke my local repo ;) > > > > > > Thanks > > > T > > > > > > On Fri, Jun 16, 2023 at 7:16 PM Tamás Cservenák <[email protected]> > > wrote: > > > > Strange.... > > > > > > > > [cstamas@blondie ~]$ cd > > .m2/repository-oss/org/objenesis/objenesis/3.3/ > > > > [cstamas@blondie 3.3]$ ll > > > > total 68 > > > > -rw-r--r--. 1 cstamas cstamas 49423 dec 20 17.30 objenesis-3.3.jar > > > > -rw-r--r--. 1 cstamas cstamas 40 dec 20 17.30 > > objenesis-3.3.jar.sha1 > > > > -rw-r--r--. 1 cstamas cstamas 3007 dec 20 17.30 objenesis-3.3.pom > > > > -rw-r--r--. 1 cstamas cstamas 40 dec 20 17.30 > > objenesis-3.3.pom.sha1 > > > > -rw-r--r--. 1 cstamas cstamas 192 dec 20 17.30 > _remote.repositories > > > > [cstamas@blondie 3.3]$ > > > > > > > > Herve, while at this, please can you check 1.9.11 as well? IMHO there > > must > > > > be the same issue present, or if not, am even more puzzled... > > > > > > > > T > > > > > > > > On Fri, Jun 16, 2023 at 7:13 PM Hervé Boutemy <[email protected] > > > > > > > > > > wrote: > > > >> +1 > > > >> > > > >> notice that Reproducible Builds is NOT ok on 1 file: reference build > > done > > > >> on > > > >> *nix with JDK 17 and umask 022 > > > >> > > > >> the only issue is in > > > >> maven-resolver-named-locks-redisson-1.9.12-bundle.zip: > > > >> │--rw------- 2.0 unx 49423 b- defN 23-Jun-16 13:32 > > objenesis-3.3.jar > > > >> │+-rw-r--r-- 2.0 unx 49423 b- defN 23-Jun-16 13:32 > > objenesis-3.3.jar > > > >> it seems your local repository contains a objenesis-3.3.jar which is > > not > > > >> group > > > >> nor world wide readable > > > >> > > > >> Regards, > > > >> > > > >> Hervé > > > >> > > > >> Le vendredi 16 juin 2023, 15:57:43 CEST Tamás Cservenák a écrit : > > > >> > Howdy, > > > >> > > > >> > We solved 1 issue: > > > >> > > > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12320628 > > > >> &ve>> > > > >> > rsion=12353340 > > > >> > > > > >> > There are still some issues in JIRA: > > > >> > https://issues.apache.org/jira/projects/MRESOLVER/issues > > > >> > > > > >> > Staging repository: > > > >> > https://repository.apache.org/content/repositories/maven-1962/ > > > >> > > > >> > Source release SHA512: > > > >> > > b24cbd998e1739a89eb693b764fef9f476d53a5b1546ffb87941afcdc9c76bdcd69cbf924 > > > >> 782>> > > > >> > ded6067388679446c25c166364cd9ac450e8ef17a70d3f1045ce > > > >> > > > > >> > Staging site: > > > >> > https://maven.apache.org/resolver-archives/resolver-LATEST/ > > > >> > > > > >> > Guide to testing staged releases: > > > >> > > > https://maven.apache.org/guides/development/guide-testing-releases.html > > > >> > > > > >> > Vote open for 72 hours. > > > >> > > > > >> > [ ] +1 > > > >> > [ ] +0 > > > >> > [ ] -1 > > > >> > > > >> > --------------------------------------------------------------------- > > > >> To unsubscribe, e-mail: [email protected] > > > >> For additional commands, e-mail: [email protected] > > > > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [email protected] > > For additional commands, e-mail: [email protected] > > > > > > -- > ------------------------ > Guillaume Nodet >
