[ https://issues.apache.org/jira/browse/MASSEMBLY-791?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17740799#comment-17740799 ]
ASF GitHub Bot commented on MASSEMBLY-791: ------------------------------------------ mabrarov commented on code in PR #148: URL: https://github.com/apache/maven-assembly-plugin/pull/148#discussion_r1254863967 ########## src/it/projects/bugs/massembly-791/pom.xml: ########## @@ -0,0 +1,64 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, +software distributed under the License is distributed on an +"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +KIND, either express or implied. See the License for the +specific language governing permissions and limitations +under the License. +--> +<project xmlns="http://maven.apache.org/POM/4.0.0" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> + <modelVersion>4.0.0</modelVersion> + <parent> + <groupId>org.apache.maven.plugin.assembly.test</groupId> + <artifactId>it-project-parent</artifactId> + <version>1</version> + </parent> + + <groupId>org.apache.maven.its</groupId> + <artifactId>massembly-791</artifactId> + <packaging>pom</packaging> + <version>1.0</version> + + <properties> + <project.build.outputTimestamp>2023-06-07T10:18:31Z</project.build.outputTimestamp> Review Comment: Current implementation of Plexus Archiver (used by Maven Assembly Plugin) - `org.codehaus.plexus.archiver.AbstractArchiver` class - applies its default umask (which is `022`) only when `configureReproducibleBuild` method is called. Current version of Maven Assembly Plugin invokes that method only when `project.build.outputTimestamp` maven property is specified. It means that `0` as value of `overrideUmask` configuration option changes behavior of Maven Assembly Plugin only when `project.build.outputTimestamp` maven property is specified. It's sad (complicated for the users of Maven Assembly Plugin) behavior, but it's an issue of Plexus Archiver, which should not apply its default umask to file/directory permissions for the case when both conditions are met: 1. `fileMode`/`directoryMode` are defined for `fileSet` (as far as I understand, both `fileMode` and `directoryMode` options of `fileSet` have default values - `0644` and `0755` respectively - so it means that this condition is always true). 1. Assembly format (like `tar`, `zip` and `jar`) supports configuration of file/directory permissions independent of OS. This is the reason `overrideUmask` configuration option of Maven Assembly Plugin is introduced: 1. It helps to workaround bug in Plexus Archiver (the case my team has) - users of Maven Assembly Plugin can specify `0` as `overrideUmask` configuration option to explicitly override umask which is sometimes implicitly used by Plexus Archiver. 1. It provides additional flexibility for the users of Maven Assembly Plugin (but they need to realize that not every assembly format - like `dir` - supports setting same permissions as defined in assembly descriptor or source file/directory has in an OS independent way). ########## src/it/projects/bugs/massembly-791/pom.xml: ########## @@ -0,0 +1,64 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- +Licensed to the Apache Software Foundation (ASF) under one +or more contributor license agreements. See the NOTICE file +distributed with this work for additional information +regarding copyright ownership. The ASF licenses this file +to you under the Apache License, Version 2.0 (the +"License"); you may not use this file except in compliance +with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, +software distributed under the License is distributed on an +"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +KIND, either express or implied. See the License for the +specific language governing permissions and limitations +under the License. +--> +<project xmlns="http://maven.apache.org/POM/4.0.0" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> + <modelVersion>4.0.0</modelVersion> + <parent> + <groupId>org.apache.maven.plugin.assembly.test</groupId> + <artifactId>it-project-parent</artifactId> + <version>1</version> + </parent> + + <groupId>org.apache.maven.its</groupId> + <artifactId>massembly-791</artifactId> + <packaging>pom</packaging> + <version>1.0</version> + + <properties> + <project.build.outputTimestamp>2023-06-07T10:18:31Z</project.build.outputTimestamp> Review Comment: Current implementation of Plexus Archiver (used by Maven Assembly Plugin) - `org.codehaus.plexus.archiver.AbstractArchiver` class - applies its default umask (which is `022`) only when `configureReproducibleBuild` method is called. Current version of Maven Assembly Plugin invokes that method only when `project.build.outputTimestamp` maven property is specified. It means that `0` as value of `overrideUmask` configuration option changes behavior of Maven Assembly Plugin only when `project.build.outputTimestamp` maven property is specified. It's sad (complicated for the users of Maven Assembly Plugin) behavior, but it's an issue of Plexus Archiver, which should not apply its default umask to file/directory permissions for the case when both conditions are met: 1. `fileMode`/`directoryMode` are defined for `fileSet` (as far as I understand, both `fileMode` and `directoryMode` options of `fileSet` have default values - `0644` and `0755` respectively - so it means that this condition is always true). 1. Assembly format (like `tar`, `zip` and `jar`) supports configuration of file/directory permissions independent of OS. This is the reason `overrideUmask` configuration option of Maven Assembly Plugin is introduced: 1. It helps to workaround bug in Plexus Archiver (the case my team has) - users of Maven Assembly Plugin can specify `0` as `overrideUmask` configuration option to explicitly override umask which is sometimes (see above) implicitly used by Plexus Archiver. 1. It provides additional flexibility for the users of Maven Assembly Plugin (but they need to realize that not every assembly format - like `dir` - supports setting same permissions as defined in assembly descriptor or source file/directory has in an OS independent way). > fileMode not set in dependencySet creating format tar.gz > -------------------------------------------------------- > > Key: MASSEMBLY-791 > URL: https://issues.apache.org/jira/browse/MASSEMBLY-791 > Project: Maven Assembly Plugin > Issue Type: Bug > Components: permissions > Affects Versions: 2.6 > Environment: Linux and Windows > Reporter: Rick Poleshuck > Priority: Major > > The fileMode is ignored within a dependencySet while creating a tar.gz > archive. This works just fine in 2.4. > <dependencySets> > <dependencySet> > <includes> > <include>com.company:dependency-artifact</include> > </includes> > <unpack>true</unpack> > <unpackOptions> > <includes> > <include>*.py</include> > </includes> > </unpackOptions> > <outputDirectory/> > <fileMode>0750</fileMode> > <directoryMode>0750</directoryMode> > </dependencySet> > </dependencySets> > </ -- This message was sent by Atlassian Jira (v8.20.10#820010)