please "git pull": you're one commit behind HEAD https://github.com/apache/maven-studies/commits/maven-buildinfo-plugin
----- Mail original ----- De: "Karl Heinz Marbaise" <khmarba...@gmx.de> À: "Maven Developers List" <dev@maven.apache.org>, "Hervé BOUTEMY" <herve.bout...@free.fr> Envoyé: Samedi 7 Mars 2020 12:12:08 Objet: Re: [DISCUSS] checking reproducible builds Hi Hervé, I've tried to check my release via the suggested recipe... Downloaded the maven-studies repo and build the following commit: 90b426758363123af6fcc9aa7190b837c0551359 (mvn clean install) Downloaded the source package curl -O https://repository.apache.org/content/repositories/maven-1555/org/apache/maven/plugins/maven-dependency-plugin/3.1.2/maven-dependency-plugin-3.1.2-source-release.zip unzip maven-dependency-plugin-3.1.2-source-release.zip cd maven-dependency-plugin-3.1.2 and tried to run the following: mvn -Papache-release verify buildinfo:save -Dgpg.skip -Dreference.repo=https://repository.apache.org/content/repositories/maven-1555/ and got the following: [ERROR] Failed to execute goal org.apache.maven.plugins:maven-buildinfo-plugin:1.0-SNAPSHOT:save (default-cli) on project maven-dependency-plugin: Error resolving reference artifact org.apache.maven.plugins:maven-dependency-plugin:buildinfo:3.1.2: Could not transfer artifact org.apache.maven.plugins:maven-dependency-plugin:buildinfo:3.1.2 from/to reference (https://repository.apache.org/content/repositories/maven-1555/): Cannot access https://repository.apache.org/content/repositories/maven-1555/ with type using the available connector factories: BasicRepositoryConnectorFactory: Cannot access https://repository.apache.org/content/repositories/maven-1555/ with type using the available layout factories: Maven2RepositoryLayoutFactory: Unsupported repository layout -> [Help 1] [ERROR] Kind regards Karl Heinz Marbaise On 07.03.20 11:36, Hervé BOUTEMY wrote: > Hi, > > Yesterday, I made a key step forward for Reproducible Builds with Maven: I > wrote code to easily check that your local build produces the same binaries > as the reference binaries published either to staging or to Central > repository. > > For a live example, see the last paragraph of Maven Site Plugin vote that > just started [1]. > > Process to check build output is based on a single plugin goal, currently > named buildinfo:save [2]: > 1. it creates a buildinfo file during build recording output fingerprints, > that will eventually in the future be published to Central repository > 2. it downloads reference artifacts and/or reference buildinfo and checks > that the output of the local build is the same as the reference. > > Now I want to discuss: is it clear? can you test and report, please? > > If the feedback is positive, the next question will be: in which plugin > should we put this goal to make a release and add it to our parent pom during > release, so we publish reference buildinfo along our reference binaries to > Central repository. > > Thanks for your feedback > > Regards, > > Hervé > > [1] > https://lists.apache.org/thread.html/rd3af15d383ddceeb950cd90569e3dcdd6e5a0f5d3cd653ec534b0609%40%3Cdev.maven.apache.org%3E > > [2] https://github.com/apache/maven-studies/tree/maven-buildinfo-plugin > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
