In the commons-daemon pom the apache-rat plugin has all the
<inputExclude> tags directly inside the <configuration> tag.
IIUC these should be inside a <inputExcludes> tag:
<configuration>
<inputExcludes>
<!-- Free Software (see header) -->
<inputExclude>src/native/unix/configure</inputExclude>
<!-- GPL with applicable exception that allows ALv2 -->
<inputExclude>src/native/unix/support/config.guess</inputExclude>
<inputExclude>src/native/unix/support/config.sub</inputExclude>
<!-- Files created by Configure -->
<!-- Excluded from Git but may be present locally -->
<inputExclude>src/native/unix/config.nice</inputExclude>
<inputExclude>src/native/unix/config.status</inputExclude>
<inputExclude>src/native/unix/config.log</inputExclude>
<!-- autoconf cache - not included in release -->
<inputExclude>src/native/unix/autom4te.cache/**</inputExclude>
</inputExcludes>
</configuration>
I downloaded the commons-daemon-1.6.0-src.tar.gz source and built on:
Apache Maven 3.9.9 (8e8579a9e76f7d015ee5ec7bfcdc97d260186937)
Maven home: /Users/ah403/software/apache-maven-3
Java version: 21.0.9, vendor: Eclipse Adoptium, runtime:
/Library/Java/JavaVirtualMachines/temurin-21.jdk/Contents/Home
Default locale: en_GB, platform encoding: UTF-8
OS name: "mac os x", version: "26.5", arch: "aarch64", family: "mac"
With no changes I get the error reported by Gary:
[INFO] --- apache-rat:0.18:check (rat-check) @ commons-daemon ---
[ERROR] Unexpected count for UNAPPROVED, limit is [0,0]. Count: 3
[WARNING] *****************************************************
Generated at: 2026-05-20T12:17:58+01:00
Files with unapproved licenses:
/src/native/unix/configure
/src/native/unix/support/config.guess
/src/native/unix/support/config.sub
When I add the <inputExcludes> tag to the apache-rat config I get a
clean build using the default goal.
Alex
On Wed, 20 May 2026 at 11:23, Gary Gregory <[email protected]> wrote:
>
> On Wed, May 20, 2026, 05:48 Mark Thomas <[email protected]> wrote:
>
> > On 19/05/2026 21:01, Gary Gregory wrote:
> > > RAT fails on the non-native src zip commons-daemon-1.6.0-src
> > >
> > > Running the default maven build:
> > >
> > > ...
> > > [INFO] --- apache-rat:0.18:check (rat-check) @ commons-daemon ---
> > > [ERROR] Unexpected count for UNAPPROVED, limit is [0,0]. Count: 3
> > > [WARNING] *****************************************************
> > > Generated at: 2026-05-19T15:57:59-04:00
> > >
> > > Files with unapproved licenses:
> > > /src/native/unix/configure
> > > /src/native/unix/support/config.guess
> > > /src/native/unix/support/config.sub
> > > [INFO]
> > ------------------------------------------------------------------------
> > > [INFO] BUILD FAILURE
> > > [INFO]
> > ------------------------------------------------------------------------
> > > [INFO] Total time: 1.071 s
> > > [INFO] Finished at: 2026-05-19T15:58:00-04:00
> > > [INFO]
> > ------------------------------------------------------------------------
> > > [ERROR] Failed to execute goal
> > > org.apache.rat:apache-rat-plugin:0.18:check (rat-check) on project
> > > commons-daemon: Counter(s) UNAPPROVED exceeded minimum or maximum
> > > values. See RAT report in:
> > > '/Users/garygregory/rc/cd/commons-daemon-1.6.0-src/target/rat.txt'. ->
> > > [Help 1
> > >
> > > It looks like these file support comments so they should have an
> > > Apache license header.
> >
> > No, they are not ALv2 licensed.
> > Those files should be excluded by the RAT configuration in the Maven
> > build. The POM also has brief comments explaining the exclusions.
> >
> > Odd. I see the same failures from both the -src.zip and the -src.tar.gz.
> > But I don't see the failure when running from a git checkout.
> >
> > I can't explain this difference in behaviour. I did a diff of the
> > effective POMs for both and there were - ignoring paths and '-SNAPSHOT'
> > - identical.
> >
>
> Maybe there is something left over in a generated folder like ./target ?
>
> Since Apache delivers sources (strictly speaking), I never review git
> checkouts, only source zips.
>
> This might be a deal breaker for folks who build everything from 1st
> principles (like Linux distros).
>
> Don't you think this should be addressed?
>
> Gary
>
>
> > Mark
> >
> > >
> > > Gary
> > >
> > > On Tue, May 19, 2026 at 1:47 PM Mark Thomas <[email protected]> wrote:
> > >>
> > >> We have fixed a few bugs and added binaries for ARM64 Windows since the
> > >> release of Apache Commons Daemon 1.5.1, so I would like to release
> > >> Apache Commons Daemon 1.6.0.
> > >>
> > >> Apache Commons Daemon 1.6.0 RC2 is available for review here:
> > >> https://dist.apache.org/repos/dist/dev/commons/daemon/1.6.0-RC2
> > >> (svn revision 84617)
> > >>
> > >> The Git tag commons-daemon-1.6.0-RC2 commit for this RC is
> > >> 161be995978628aba65f3904b1ed8d8aa3a2733c, which you can browse here:
> > >>
> > >>
> > https://gitbox.apache.org/repos/asf?p=commons-daemon.git;a=commit;h=161be995978628aba65f3904b1ed8d8aa3a2733c
> > >> You may checkout this tag using:
> > >> git clone https://gitbox.apache.org/repos/asf/commons-daemon.git
> > >> --branch commons-daemon-1.6.0-RC2 commons-daemon-1.6.0-RC2
> > >>
> > >> Maven artifacts are here:
> > >>
> > >>
> > https://repository.apache.org/content/repositories/orgapachecommons-1939/commons-daemon/commons-daemon/1.6.0/
> > >>
> > >> These are the artifacts and their hashes:
> > >>
> > >> #Release SHA-512s
> > >> #Tue May 19 18:17:40 BST 2026
> > >>
> > commons-daemon-1.6.0-bin-windows.zip=c72cb056488cd5b4202d1b86e9d10335a9458dacc44695dd0c444f9e84839e89d395b03a5240146280c772d68b6d458cd15d3eab8fb2bc1817d4022b5b0fcedd
> > >>
> > commons-daemon-1.6.0-bin.tar.gz=250b41c30a4ec9f2bdea1d68f064c5d829893a0fe46e637177300e991dbb5a8aa479cbd9dfc71f0c2e34221884f1c6934193d6fe8404089c4b1da5682a780638
> > >>
> > commons-daemon-1.6.0-bin.zip=8c8b3fa91a6d49c4c8627cc595fcc14338007ab82486e56753ebdb96c5e8382b3bc4206cdc6ebc2de0f22595999a3e2eeea48a367d4a4da6c48dd834daa2ea6e
> > >>
> > commons-daemon-1.6.0-bom.json=86ccf86e011bb4a3a8441ddc059ceb096a3230c18db412351bd8d1f5e9ccbcc7dd7cd47eabdb9dd36f45462623526cdd8ff157156eec5e171a427f51ddfbbbce
> > >>
> > commons-daemon-1.6.0-bom.xml=64fa302148549171b67572edd963e1562c6bf539e52ec9e4f43d235e3c518f06ee414f683d04160bb827b30aa02201cbe34b631178f98ca898bdb9b61f907fb1
> > >>
> > commons-daemon-1.6.0-javadoc.jar=da8746bfab054b3d5ada1e7acbff86b5638ba41d29a59f18bf4713fd0072a3be0b521ca2cb5bccbea050e6fe9c0b5c4ffa6a7845ffc0ac43d4afa75e336c9038
> > >>
> > commons-daemon-1.6.0-native-src.tar.gz=e408672218c03391c6ea41432135de8811894574e6cfbf182eb4c3959d06a6ffb410cd5649f40b9cd7212e4c4352de8148c74a42934679c7edef36971e0d85f8
> > >>
> > commons-daemon-1.6.0-native-src.zip=d20293f691f4ff1c3f1a47984493ffa813199be3ef04a4d9f5a92a1b3aa5627d84a9f5f19d55157060a988bf048a9c0c949fff972acc2ec60fb54461f1dcae9f
> > >>
> > commons-daemon-1.6.0-sources.jar=195857f7c29fdbf2515075cfb71f470aeead63e38950f33003f9666beb586eb81ad702009ba95f197c2de15d541bea1889201d3eed7a06d9b5affba6ac96b69d
> > >>
> > commons-daemon-1.6.0-src.tar.gz=4496833f01da03140b0e01c0302c7fbb13573a50061c96f72cda5e95cec30750dcafe8c3b810fb46ee3204d37341cc4b1a441d3e15bd8839e69eca72854bccc6
> > >>
> > commons-daemon-1.6.0-src.zip=5d227c6bd653488275fa26e93c12f509fe18b3dc0e835ecf07fa454abef6aba9fa63e99f567e2b6750009949c2da90e5acaf10c52841dea996a4b5f455bb4f2d
> > >>
> > commons-daemon-1.6.0-test-sources.jar=3e38f138c28a858ad6a900c6825baf7b4d4f00a3b77fda98215a6a1b3040d1a8bb72cfd4735edc9b11c34339e8858e0a8eec7f85b4995d8056e9c437a192e209
> > >>
> > commons-daemon-1.6.0-tests.jar=c411d0a9ac6bc5faa8efb0b99920bf8926e604aad31b8f616c1ca5e3881875f4df1466b9bac067267ed5d910d85f5806e219cb63b4de2ff372a71bbfaa4ea76d
> > >>
> > commons-daemon_commons-daemon-1.6.0.spdx.json=9ac32b48ad257f2414bc688d0659fe96d4ba252a7ee718fb7a2faa08bd3348a7f697badb11b82a0f457025b452c2e5dcac7f4e9a2676434448a315cb8203885b
> > >>
> > >>
> > >>
> > >> I have tested this with 'mvn' using:
> > >> ***
> > >> Maven home: /opt/sdkman/candidates/maven/current
> > >> Java version: 25.0.3, vendor: Eclipse Adoptium, runtime:
> > >> /opt/sdkman/candidates/java/25.0.3-tem
> > >> Default locale: en_GB, platform encoding: UTF-8
> > >> OS name: "linux", version: "6.8.0-111-generic", arch: "amd64", family:
> > >> "unix"***
> > >>
> > >> Details of changes since 1.5.1 are in the release notes:
> > >>
> > >>
> > https://dist.apache.org/repos/dist/dev/commons/daemon/1.6.0-RC2/RELEASE-NOTES.txt
> > >>
> > >>
> > https://dist.apache.org/repos/dist/dev/commons/daemon/1.6.0-RC2/site/changes.html
> > >>
> > >> KEYS:
> > >> https://downloads.apache.org/commons/KEYS
> > >>
> > >> Please review the release candidate and vote.
> > >> This vote will close no sooner than 72 hours from now.
> > >>
> > >> [ ] +1 Release these artifacts
> > >> [ ] +0 OK, but...
> > >> [ ] -0 OK, but really should fix...
> > >> [ ] -1 I oppose this release because...
> > >>
> > >> Thank you,
> > >>
> > >> Mark Thomas,
> > >> Release Manager (using key 10C01C5A2F6059E7)
> > >>
> > >> The following is intended as a helper and refresher for reviewers.
> > >>
> > >> Validating a release candidate
> > >> ==============================
> > >>
> > >> These guidelines are NOT complete.
> > >>
> > >> Requirements: Git, Java, and Maven.
> > >>
> > >> You can validate a release from a release candidate (RC) tag as follows.
> > >>
> > >> 1a) Download and decompress the source archive from:
> > >>
> > >> https://dist.apache.org/repos/dist/dev/commons/daemon/1.6.0-RC2/source
> > >>
> > >> 1b) Check out the RC tag from git (optional)
> > >>
> > >> This is optional, as a reviewer must at least check source
> > distributions.
> > >>
> > >> git clone https://gitbox.apache.org/repos/asf/commons-daemon.git
> > >> --branch commons-daemon-1.6.0-RC2 commons-daemon-1.6.0-RC2
> > >> cd commons-daemon-1.6.0-RC2
> > >>
> > >> 2) Checking the build
> > >>
> > >> All components should include a default Maven goal, such that you can
> > >> run 'mvn' from the command line by itself.
> > >>
> > >> 2) Check Apache licenses
> > >>
> > >> This step is not required if the site includes a RAT report page, which
> > >> you then must check.
> > >> This check should be included in the default Maven build, but you can
> > >> check it with:
> > >>
> > >> mvn apache-rat:check
> > >>
> > >> 3) Check binary compatibility
> > >>
> > >> This step is not required if the site includes a JApiCmp report page,
> > >> which you then must check.
> > >> This check should be included in the default Maven build, but you can
> > >> check it with:
> > >>
> > >> mvn verify -DskipTests -P japicmp japicmp:cmp
> > >>
> > >> 4) Build the package
> > >>
> > >> This check should be included in the default Maven build, but you can
> > >> check it with:
> > >>
> > >> mvn -V clean package
> > >>
> > >> You can record the Maven and Java version produced by -V in your VOTE
> > reply.
> > >> To gather OS information from a command line:
> > >> Windows: ver
> > >> Linux: uname -a
> > >>
> > >> 4b) Check reproducibility
> > >>
> > >> To check that a build is reproducible, run:
> > >>
> > >> mvn clean verify artifact:compare -DskipTests
> > >> -Dreference.repo=
> > https://repository.apache.org/content/repositories/staging/
> > >> '-Dbuildinfo.ignore=*/*.spdx.json'
> > >>
> > >> Note that this excludes SPDX files from the check.
> > >>
> > >> 5) Build the site for a single module project
> > >>
> > >> Note: Some plugins require the components to be installed instead of
> > >> packaged.
> > >>
> > >> mvn site
> > >> Check the site reports in:
> > >> - Windows: target\site\index.html
> > >> - Linux: target/site/index.html
> > >>
> > >> 6) Build the site for a multi-module project
> > >>
> > >> mvn site
> > >> mvn site:stage
> > >> Check the site reports in:
> > >> - Windows: target\site\index.html
> > >> - Linux: target/site/index.html
> > >>
> > >> Note that the project reports are created for each module.
> > >> Modules can be accessed using the 'Project Modules' link under
> > >> the 'Project Information' menu (see <path-to-site>/modules.html).
> > >>
> > >> ---------------------------------------------------------------------
> > >> To unsubscribe, e-mail: [email protected]
> > >> For additional commands, e-mail: [email protected]
> > >>
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: [email protected]
> > > For additional commands, e-mail: [email protected]
> > >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [email protected]
> > For additional commands, e-mail: [email protected]
> >
> >
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
