+1 build ok, tested with Maven branch maven-3.9.x with success
sob., 17 cze 2023 o 12:33 Tamás Cservenák <[email protected]> napisał(a): > Howdy, > > Just FTR, the 1.9.12 release staging repository changed to: > https://repository.apache.org/content/repositories/maven-1965/ > > This is SAME source release as maven-1962 (vote original staging > repository) as SHA512 shows, in fact, EVERY binary is identical (checksum > wise) as well, given resolver build is reproducible. The only difference is > named-locks Redisson bundle.zip as found by Herve (that was broken due to > my environment). It is fixed and made reproducible as well (was fixed by > fixing my own environment). > > Thanks > T > > On Sat, Jun 17, 2023 at 9:57 AM Romain Manni-Bucau <[email protected]> > wrote: > > > Wouldnt it mean we are sure it was not consommed? Can we check it on > nexus? > > That said not a blocker today for me since most downstream binaries are > not > > reproducible anyway. > > > > Le sam. 17 juin 2023 à 08:56, Guillaume Nodet <[email protected]> a > écrit > > : > > > > > Le sam. 17 juin 2023 à 02:50, Hervé Boutemy <[email protected]> a > > > écrit : > > > > > > > yes, same happened in 1.9.11: this is where I found this first, while > > > > checking for Reproducible Central > > > > > > > > > > > > > > > > > > https://github.com/jvm-repo-rebuild/reproducible-central/blob/master/content/org/apache/maven/resolver/maven-resolver/README.md > > > > > > > > > > > > Yes, dropping your local repo would be nice to avoid such unexpected > > > state > > > > > > > > Lately, umask has been a pain to Reproducible Builds: it gives much > > > weight > > > > to an environment aspect, with Linux distros changing their default > > value > > > > recently. > > > > > > > > > > > > On Resolver 1.9.12, we have now multiple options: > > > > 1. drop 1.9.12 and go to 1.9.13: looks overkill to me > > > > 2. let 1.9.12 binaries as is: reasonable > > > > 3. rebuild a new staging repository from Git tag: I'd love this one > to > > be > > > > at least thought a little bit before saying no > > > > > > > > > > Good idea. > > > Even if the build was not reproducible, the vote has not been closed > and > > > the release has not been published, so we can actually rebuild the > > > distributions (or even the tag, but that's a different topic). So I > > don't > > > think we should give it much thoughts, we should just do it :-) > > > > > > > > > > > > > > Explanation: > > > > Given in reality the build itself is reproducible, but the reference > > > build > > > > has just one file broken by your desktop environment, it means that > if > > > you > > > > "mvn -Papache-release deploy" from the Git tag, you'll get a new > > staging > > > > repository that will contain the same binaries (in particular the > same > > > > -source-release.ziip and its sha512), just with a fixed > > > > maven-resolver-named-locks-redisson-1.9.12-bundle.zip > > > > The real files that will be different are the .asc files > > > > We could later decide if we release to Maven Central from current > > > > maven-1962 or the new one > > > > > > > > Are you ready to try? (and discover one of the nice benefit of > > > > Reproducible Builds...) > > > > > > > > Regards, > > > > > > > > Hervé > > > > > > > > Le vendredi 16 juin 2023, 19:23:14 CEST Tamás Cservenák a écrit : > > > > > Found it: that above is my laptop, while I did (both) release on my > > > > desktop: > > > > > > > > > > [cstamas@urnebes ~]$ cd > > > .m2/repository-oss/org/objenesis/objenesis/3.3/ > > > > > [cstamas@urnebes 3.3]$ ll > > > > > total 68 > > > > > -rw-------. 1 cstamas cstamas 49423 2022 dec 15 objenesis-3.3.jar > > > > > -rw-------. 1 cstamas cstamas 40 2022 dec 15 > > > objenesis-3.3.jar.sha1 > > > > > -rw-------. 1 cstamas cstamas 3007 2022 dec 15 objenesis-3.3.pom > > > > > -rw-------. 1 cstamas cstamas 40 2022 dec 15 > > > objenesis-3.3.pom.sha1 > > > > > -rw-------. 1 cstamas cstamas 192 2022 dec 15 > > _remote.repositories > > > > > [cstamas@urnebes 3.3]$ > > > > > > > > > > Hence, the same should be true for 1.9.11 as well. Also, it seems > > it's > > > > time > > > > > to nuke my local repo ;) > > > > > > > > > > Thanks > > > > > T > > > > > > > > > > On Fri, Jun 16, 2023 at 7:16 PM Tamás Cservenák < > [email protected] > > > > > > > wrote: > > > > > > Strange.... > > > > > > > > > > > > [cstamas@blondie ~]$ cd > > > > .m2/repository-oss/org/objenesis/objenesis/3.3/ > > > > > > [cstamas@blondie 3.3]$ ll > > > > > > total 68 > > > > > > -rw-r--r--. 1 cstamas cstamas 49423 dec 20 17.30 > > objenesis-3.3.jar > > > > > > -rw-r--r--. 1 cstamas cstamas 40 dec 20 17.30 > > > > objenesis-3.3.jar.sha1 > > > > > > -rw-r--r--. 1 cstamas cstamas 3007 dec 20 17.30 > > objenesis-3.3.pom > > > > > > -rw-r--r--. 1 cstamas cstamas 40 dec 20 17.30 > > > > objenesis-3.3.pom.sha1 > > > > > > -rw-r--r--. 1 cstamas cstamas 192 dec 20 17.30 > > > _remote.repositories > > > > > > [cstamas@blondie 3.3]$ > > > > > > > > > > > > Herve, while at this, please can you check 1.9.11 as well? IMHO > > there > > > > must > > > > > > be the same issue present, or if not, am even more puzzled... > > > > > > > > > > > > T > > > > > > > > > > > > On Fri, Jun 16, 2023 at 7:13 PM Hervé Boutemy < > > [email protected] > > > > > > > > > > > > > > > > wrote: > > > > > >> +1 > > > > > >> > > > > > >> notice that Reproducible Builds is NOT ok on 1 file: reference > > build > > > > done > > > > > >> on > > > > > >> *nix with JDK 17 and umask 022 > > > > > >> > > > > > >> the only issue is in > > > > > >> maven-resolver-named-locks-redisson-1.9.12-bundle.zip: > > > > > >> │--rw------- 2.0 unx 49423 b- defN 23-Jun-16 13:32 > > > > objenesis-3.3.jar > > > > > >> │+-rw-r--r-- 2.0 unx 49423 b- defN 23-Jun-16 13:32 > > > > objenesis-3.3.jar > > > > > >> it seems your local repository contains a objenesis-3.3.jar > which > > is > > > > not > > > > > >> group > > > > > >> nor world wide readable > > > > > >> > > > > > >> Regards, > > > > > >> > > > > > >> Hervé > > > > > >> > > > > > >> Le vendredi 16 juin 2023, 15:57:43 CEST Tamás Cservenák a écrit > : > > > > > >> > Howdy, > > > > > >> > > > > > >> > We solved 1 issue: > > > > > >> > > > > > > > > > > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12320628 > > > > > >> &ve>> > > > > > >> > rsion=12353340 > > > > > >> > > > > > > >> > There are still some issues in JIRA: > > > > > >> > https://issues.apache.org/jira/projects/MRESOLVER/issues > > > > > >> > > > > > > >> > Staging repository: > > > > > >> > > https://repository.apache.org/content/repositories/maven-1962/ > > > > > >> > > > > > >> > Source release SHA512: > > > > > >> > > > > > > b24cbd998e1739a89eb693b764fef9f476d53a5b1546ffb87941afcdc9c76bdcd69cbf924 > > > > > >> 782>> > > > > > >> > ded6067388679446c25c166364cd9ac450e8ef17a70d3f1045ce > > > > > >> > > > > > > >> > Staging site: > > > > > >> > https://maven.apache.org/resolver-archives/resolver-LATEST/ > > > > > >> > > > > > > >> > Guide to testing staged releases: > > > > > >> > > > > > > > https://maven.apache.org/guides/development/guide-testing-releases.html > > > > > >> > > > > > > >> > Vote open for 72 hours. > > > > > >> > > > > > > >> > [ ] +1 > > > > > >> > [ ] +0 > > > > > >> > [ ] -1 > > > > > >> > > > > > >> > > > --------------------------------------------------------------------- > > > > > >> To unsubscribe, e-mail: [email protected] > > > > > >> For additional commands, e-mail: [email protected] > > > > > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > To unsubscribe, e-mail: [email protected] > > > > For additional commands, e-mail: [email protected] > > > > > > > > > > > > > > -- > > > ------------------------ > > > Guillaume Nodet > > > > > > -- Sławomir Jaranowski
