[
https://issues.apache.org/jira/browse/MASSEMBLY-975?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17696024#comment-17696024
]
Herve Boutemy commented on MASSEMBLY-975:
-----------------------------------------
this issue start to be hijacked with topics going far beyond
maven-assembly-plugin: reproducible central seems to be a better place (or any
other if you find one: I tried reproducible-builds.org but my topics were too
Java oriented)
bq. Also: A tool is really needed for developers to verify their project
without the need to actually deploy it to maven central.
it already exists = one paragraph in the doc
https://maven.apache.org/guides/mini/guide-reproducible-builds.html#how-to-test-my-maven-build-reproducibility
I love every idea you write, because I went on similar route in past 3 years: I
have some answers for some, experienced some issues, found some solutions
sometimes like
https://maven.apache.org/plugins/maven-artifact-plugin/plugin-issues.html
we definitively need to have a live discussion :)
> Regression: 3.5.0 no longer uses default fileMode and directoryMode
> -------------------------------------------------------------------
>
> Key: MASSEMBLY-975
> URL: https://issues.apache.org/jira/browse/MASSEMBLY-975
> Project: Maven Assembly Plugin
> Issue Type: Bug
> Affects Versions: 3.5.0
> Reporter: Niels Basjes
> Priority: Critical
>
> If the fileMode and directoryMode have not been specified with the 3.5.0
> version then the umask of the system at hand will determine the permissions
> of the files in the jar generated by the assembly plugin.
> This is a bug because it has been documented that it should use the
> documented defaults in this case.
> If I change the version of the plugin from 3.5.0 to 3.4.2 then it works as
> expected.
> I made a simple reproduction project:
> https://github.com/nielsbasjes/BugreportMavenAssemblyUMask
> This builds the same trivial project (with 3 different umask settings) and
> assembles a jar with the default and explicitly set the same as the
> documented defaults.
> The base files are all the same (md5sum output)
> {code}
> ec364137a2c7678ef0c8f495652efe36 target-0002/assemblyumask-1.0-SNAPSHOT.jar
> ec364137a2c7678ef0c8f495652efe36 target-0022/assemblyumask-1.0-SNAPSHOT.jar
> ec364137a2c7678ef0c8f495652efe36 target-0055/assemblyumask-1.0-SNAPSHOT.jar
> {code}
> The maven-assembly-plugin created files WITH fileMode and directoryMode are
> all the same
> {code}
> ba12113ad2b95a4fc75d99aa5bfd4e4f
> target-0002/assemblyumask-1.0-SNAPSHOT-udf-mode.jar
> ba12113ad2b95a4fc75d99aa5bfd4e4f
> target-0022/assemblyumask-1.0-SNAPSHOT-udf-mode.jar
> ba12113ad2b95a4fc75d99aa5bfd4e4f
> target-0055/assemblyumask-1.0-SNAPSHOT-udf-mode.jar
> {code}
> The maven-assembly-plugin created files WITHOUT fileMode and directoryMode
> are all different
> {code}
> 316e5d6b2e85b7d829e938a5797370d7
> target-0022/assemblyumask-1.0-SNAPSHOT-udf-default.jar
> 3375500189ef3087f8943d518209a5e6
> target-0055/assemblyumask-1.0-SNAPSHOT-udf-default.jar
> c341cbbc9f21bb64b817b8bbdaae8608
> target-0002/assemblyumask-1.0-SNAPSHOT-udf-default.jar
> {code}
> The permissions IN the files are the difference:
> {code}
> $ diffoscope target-0055/assemblyumask-1.0-SNAPSHOT-udf-mode.jar
> target-0055/assemblyumask-1.0-SNAPSHOT-udf-default.jar
> --- target-0055/assemblyumask-1.0-SNAPSHOT-udf-mode.jar
> +++ target-0055/assemblyumask-1.0-SNAPSHOT-udf-default.jar
> │┄ Archive contents identical but files differ, possibly due to different
> compression levels. Falling back to binary comparison.
> ├── zipinfo {}
> │ @@ -1,13 +1,13 @@
> │ Zip file size: 2152173 bytes, number of entries: 1515
> │ drwxr-xr-x 2.0 unx 0 b- stor 03-Mar-03 03:03 META-INF/
> │ -rw-r--r-- 2.0 unx 79 b- defN 03-Mar-03 03:03 META-INF/MANIFEST.MF
> │ -drwxr-xr-x 2.0 unx 0 b- stor 03-Mar-03 03:03 nl/
> │ -drwxr-xr-x 2.0 unx 0 b- stor 03-Mar-03 03:03 nl/basjes/
> │ -drwxr-xr-x 2.0 unx 0 b- stor 03-Mar-03 03:03 nl/basjes/bugreports/
> │ +drwx-w--w- 2.0 unx 0 b- stor 03-Mar-03 03:03 nl/
> │ +drwx-w--w- 2.0 unx 0 b- stor 03-Mar-03 03:03 nl/basjes/
> │ +drwx-w--w- 2.0 unx 0 b- stor 03-Mar-03 03:03 nl/basjes/bugreports/
> │ drwxr-xr-x 2.0 unx 0 b- stor 03-Mar-03 03:03 META-INF/org/
> │ drwxr-xr-x 2.0 unx 0 b- stor 03-Mar-03 03:03 META-INF/org/apache/
> │ drwxr-xr-x 2.0 unx 0 b- stor 03-Mar-03 03:03
> META-INF/org/apache/logging/
> │ drwxr-xr-x 2.0 unx 0 b- stor 03-Mar-03 03:03
> META-INF/org/apache/logging/log4j/
> │ drwxr-xr-x 2.0 unx 0 b- stor 03-Mar-03 03:03
> META-INF/org/apache/logging/log4j/core/
> │ drwxr-xr-x 2.0 unx 0 b- stor 03-Mar-03 03:03
> META-INF/org/apache/logging/log4j/core/config/
> │ drwxr-xr-x 2.0 unx 0 b- stor 03-Mar-03 03:03
> META-INF/org/apache/logging/log4j/core/config/plugins/
> │ @@ -1508,10 +1508,10 @@
> │ -rw-r--r-- 2.0 unx 223 b- defN 03-Mar-03 03:03
> org/apache/logging/log4j/util/Unbox$1.class
> │ -rw-r--r-- 2.0 unx 1135 b- defN 03-Mar-03 03:03
> org/apache/logging/log4j/util/Unbox$State.class
> │ -rw-r--r-- 2.0 unx 1779 b- defN 03-Mar-03 03:03
> org/apache/logging/log4j/util/Unbox$WebSafeState.class
> │ -rw-r--r-- 2.0 unx 4595 b- defN 03-Mar-03 03:03
> org/apache/logging/log4j/util/Unbox.class
> │ -rw-r--r-- 2.0 unx 135 b- defN 03-Mar-03 03:03
> org/apache/logging/log4j/util/package-info.class
> │ -rw-r--r-- 2.0 unx 6283 b- defN 03-Mar-03 03:03
> META-INF/maven/org.apache.logging.log4j/log4j-api/pom.xml
> │ -rw-r--r-- 2.0 unx 69 b- defN 03-Mar-03 03:03
> META-INF/maven/org.apache.logging.log4j/log4j-api/pom.properties
> │ --rw-r--r-- 2.0 unx 494 b- defN 03-Mar-03 03:03 log4j2.xml
> │ --rw-r--r-- 2.0 unx 605 b- defN 03-Mar-03 03:03
> nl/basjes/bugreports/App.class
> │ +-rw-rw-r-- 2.0 unx 494 b- defN 03-Mar-03 03:03 log4j2.xml
> │ +-rw--w--w- 2.0 unx 605 b- defN 03-Mar-03 03:03
> nl/basjes/bugreports/App.class
> │ 1515 files, 4853233 bytes uncompressed, 1839331 bytes compressed: 62.1%
> {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
