Your message dated Mon, 04 May 2015 23:50:55 +0000 with message-id <e1ypq8v-0007jh...@franck.debian.org> and subject line Bug#775010: fixed in maven-archiver 2.6-1 has caused the Debian Bug report #775010, regarding libmaven-archiver-java: please allow pom.properties' date to be deterministic to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 775010: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775010 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: libmaven-archiver-java Version: 2.5-1 Severity: wishlist Tags: patch User: reproducible-bui...@lists.alioth.debian.org Usertags: toolchain Hi! While working on the “reproducible builds” effort [1], we have noticed that many Java packages would not build reproducibly because Maven emits a build date in the "pom.properties" file generated by maven-archiver (as used by maven-jar-plugin) [2]. Ideally, this date would be removed. I believe that it's there by accident: * it's in a comment so it's hard (but not impossible) for people to access * it's written by java.lang.Properties, not intentionally by Maven code * it's not updated by any of the code in maven-archiver to update the file However, in order to maintain nearly total backwards compatability, the attached patch causes the original behaviour to be maintained unless a BUILD_DATE environment variable is set. The plan is for this to (eventually) be set by something like javahelper. Patch should apply to 2.5, 2.6 and trunk at time of writing (2.7-SNAPSHOT). Your thoughts would be appreciated. There are some alternative solutions being gathered on the wiki [3]. Cheers. [1]: https://wiki.debian.org/ReproducibleBuilds [2]: https://reproducible.debian.net/issues/timestamps_in_maven_pom_files_issue.html [3]: https://wiki.debian.org/ReproducibleBuilds/TimestampsInMavenPomProperties>From d725546a99257c1fe6b03a7321142e6d564665d7 Mon Sep 17 00:00:00 2001 From: "Chris West (Faux)" <g...@goeswhere.com> Date: Fri, 9 Jan 2015 21:19:43 +0000 Subject: [PATCH] honour BUILD_DATE when generating pom.properties --- .../apache/maven/archiver/PomPropertiesUtil.java | 88 +++++++++++++++++++++- .../maven/archiver/PomPropertiesUtilTest.java | 34 +++++++++ 2 files changed, 121 insertions(+), 1 deletion(-) create mode 100644 src/test/java/org/apache/maven/archiver/PomPropertiesUtilTest.java diff --git a/src/main/java/org/apache/maven/archiver/PomPropertiesUtil.java b/src/main/java/org/apache/maven/archiver/PomPropertiesUtil.java index 5e0a41b..605a2f1 100644 --- a/src/main/java/org/apache/maven/archiver/PomPropertiesUtil.java +++ b/src/main/java/org/apache/maven/archiver/PomPropertiesUtil.java @@ -25,6 +25,17 @@ import java.io.FileOutputStream; import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; +import java.io.OutputStreamWriter; +import java.io.Writer; +import java.io.BufferedWriter; +import java.text.SimpleDateFormat; +import java.text.ParseException; +import java.util.ArrayList; +import java.util.Collections; +import java.util.Comparator; +import java.util.Date; +import java.util.List; +import java.util.Map; import java.util.Properties; import org.apache.maven.project.MavenProject; @@ -85,7 +96,7 @@ public class PomPropertiesUtil OutputStream os = new FileOutputStream( outputFile ); try { - properties.store( os, GENERATED_BY_MAVEN ); + storeWithCustomTimestamp(properties, os); os.close(); // stream is flushed but not closed by Properties.store() os = null; } @@ -117,4 +128,79 @@ public class PomPropertiesUtil archiver.addFile( pomPropertiesFile, "META-INF/maven/" + groupId + "/" + artifactId + "/pom.properties" ); } + + /** + * Java always writes the date in a comment. We have to reimplement the method to change the date. + */ + static void storeWithCustomTimestamp(Properties properties, OutputStream os) throws IOException { + final BufferedWriter writer = new BufferedWriter(new OutputStreamWriter(os, "8859_1")); + try { + writer.append("#" + GENERATED_BY_MAVEN); + writer.newLine(); + writer.append("#" + computeBuildDate().toString()); + writer.newLine(); + final List<Map.Entry<Object, Object>> entries = + new ArrayList<Map.Entry<Object, Object>>(properties.entrySet()); + Collections.sort(entries, new Comparator<Map.Entry<Object, Object>>() { + public int compare(Map.Entry<Object, Object> left, Map.Entry<Object, Object> right) { + return String.valueOf(left.getKey()).compareTo(String.valueOf(right.getKey())); + } + }); + for (Map.Entry<Object, Object> property : entries) { + writer.write(property.getKey() + "=" + escapeForProperties(String.valueOf(property.getValue()))); + writer.newLine(); + } + } finally { + writer.flush(); + writer.close(); + } + } + + private static Date computeBuildDate() { + final String envVariable = System.getenv("BUILD_DATE"); + if (null != envVariable) { + try { + return new SimpleDateFormat("EEE, dd MMM yyyy HH:mm:ss zzz").parse(envVariable); + } catch (ParseException e) { + System.err.println("maven-archiver: BUILD_DATE not in recognised format"); + e.printStackTrace(); + // fall through + } + } + return new Date(); + } + + static String escapeForProperties(String input) { + final StringBuilder output = new StringBuilder(input.length()); + + for (char c : input.toCharArray()) { + switch (c) { + case '\t': + output.append('\\'); + output.append('t'); + break; + case '\n': + output.append('\\'); + output.append('n'); + break; + case '=': + case ':': + case '#': + case '!': + case '\\': + output.append('\\'); + output.append(c); + break; + default: + if (c < ' ' || c > 127) { + output.append("\\u"); + output.append(String.format("%04x", (int) c)); + } else { + output.append(c); + } + } + } + + return output.toString(); + } } diff --git a/src/test/java/org/apache/maven/archiver/PomPropertiesUtilTest.java b/src/test/java/org/apache/maven/archiver/PomPropertiesUtilTest.java new file mode 100644 index 0000000..b69321d --- /dev/null +++ b/src/test/java/org/apache/maven/archiver/PomPropertiesUtilTest.java @@ -0,0 +1,34 @@ +package org.apache.maven.archiver; + +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +import junit.framework.TestCase; + +import static org.apache.maven.archiver.PomPropertiesUtil.escapeForProperties; + +public class PomPropertiesUtilTest extends TestCase { + public void testEscape() { + assertEquals("hello world", escapeForProperties("hello world")); + assertEquals("a \\u001f b", escapeForProperties("a \u001f b")); + assertEquals("hello\\nworld", escapeForProperties("hello\nworld")); + assertEquals("hello \\# \\! \\\\ \\: \\t \\u0100 \\u000c world", + escapeForProperties("hello # ! \\ : \t \u0100 \f world")); + } +} \ No newline at end of file -- 2.1.0
--- End Message ---
--- Begin Message ---Source: maven-archiver Source-Version: 2.6-1 We believe that the bug you reported is fixed in the latest version of maven-archiver, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 775...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Emmanuel Bourg <ebo...@apache.org> (supplier of updated maven-archiver package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Tue, 05 May 2015 01:32:42 +0200 Source: maven-archiver Binary: libmaven-archiver-java libmaven-archiver-java-doc Architecture: source all Version: 2.6-1 Distribution: unstable Urgency: medium Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Emmanuel Bourg <ebo...@apache.org> Description: libmaven-archiver-java - Archiver component for Maven libmaven-archiver-java-doc - Archiver component for Maven - API documentation Closes: 775010 Changes: maven-archiver (2.6-1) unstable; urgency=medium . * Team upload. * New upstream release - New dependency on libmaven-shared-utils-java - Changed the source/target level to 1.5 - Depend on junit4 instead of junit - Depend on libplexus-archiver-java >= 2.2 - Removed 01-maven-artifact-compatibility.patch * Enabled the unit tests * The date set in the DEB_CHANGELOG_DATETIME environment variable is now used for the timestamp in the pom.properties file embedded in the jar files generated by maven-archiver to make the builds reproducible. Thanks to Chris West (Closes: #775010) * Standards-Version updated to 3.9.6 (no changes) * Moved the package to Git Checksums-Sha1: 0f9562884322fcd58ef3059c18e45fecf5e09aa2 2411 maven-archiver_2.6-1.dsc 31d09d702b3a47b6a15da2f9384001f9bf304f04 36632 maven-archiver_2.6.orig.tar.xz 81f1bed8caac92084994e429a085bff8f1ca3d02 5792 maven-archiver_2.6-1.debian.tar.xz ccdbd007da2577227a41ec302b9651381b61a124 21298 libmaven-archiver-java_2.6-1_all.deb 3142c3097d145dbb38a8ff99f07bcfc9d12ba5d3 90352 libmaven-archiver-java-doc_2.6-1_all.deb Checksums-Sha256: 3405e1add25dcdd5c523724d8fe51c18fa61eb94134b39f65a37e59d3b43698f 2411 maven-archiver_2.6-1.dsc ce9950d10d3dc134e9e055c4ec1ad4b7f2f90820150857d1365a4b510b3de56f 36632 maven-archiver_2.6.orig.tar.xz 9fee638fa19c8119a470ba74bad07d73040640edcc67d5c91c5f54bfe6d39cba 5792 maven-archiver_2.6-1.debian.tar.xz 7f803b09eaa764d1448e07957cd4772e4eb29fd2e8c98179a7bf991512607040 21298 libmaven-archiver-java_2.6-1_all.deb feea743ba24142e89a7bc4038cb5245bc23c45d4e0f2e9b9672e18f215e3438c 90352 libmaven-archiver-java-doc_2.6-1_all.deb Files: 0bebc8615432398bde98e3cc5f41d60a 2411 java optional maven-archiver_2.6-1.dsc 7bcfa5afd7af5af176d410a00daa6a2d 36632 java optional maven-archiver_2.6.orig.tar.xz c81559587bb268f2616b48a9d5b9234d 5792 java optional maven-archiver_2.6-1.debian.tar.xz 99860860a23dc547debf5ce0daf04b37 21298 java optional libmaven-archiver-java_2.6-1_all.deb 31de98379247b771de272465c233bfbf 90352 doc optional libmaven-archiver-java-doc_2.6-1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJVSAJCAAoJEPUTxBnkudCs04oP/RMyJfcC2+aNM9CMZ9UitU4A +A3AVOHPT4W5Ho/qTC/to+XNd/vW161jU6Ds+qZ2vXo0eiY4ns1l9j1M74lMlmV6 HtSDoKmXCxB7rUFzqu5ZPva6h9MRomw0MRd3vZZyB/2+xZBIaBZsBKzrr3Ib/fNu Fx3hVeNiV2dG1IUEcbiznYukrN2gazC1Anw7LXr7ujEGyyPhprKIzTZub7ICV5xg eT6nxIy7MrxbA46ODrcy18ifTN9Z9Odekt2KNxGT3gnwodYUwIg7imyZaKPb9GtT cEfns3fmTypFmcwvghFGZKtIP20KhxrGtF8t2oLMeAQl2A+8i9folnYoa0hSy86n 0nS0G/Tg3WjCNzUIfOaGXOfov3egIBSKfNWO6Nzt6TmYOF9ZD/7PmCSGqDELBXAc 7peyPWhixNnAe5J5zbM5UJH9N50QvWL54qMjKcN+8jLm9+66lc0qlNyiXus0mdJF 1ZUK7EF5Shb2dwmCSslPhYcnsMvHXw6siKi820BrQfkNU6ddT/sAsvbJMGncG/Ac BdZPVJolMtjBKnHqiOUgaZ3cOFPdmExVlBy+0xBi2U20aS6lv0XUSvFF5VEccFhU SDmwNh5mhC0bmHjaC1YgyyFHoTScvbT3rBDsx7YrpRJ5LmWh/yffxCTqphK4Vy/9 OLwF1yBrXWmZXZUno0TH =S2VV -----END PGP SIGNATURE-----
--- End Message ---
__ This is the maintainer address of Debian's Java team <http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.
