yes, I saw that the main artifact is reproducible, but there are more subtle cases with attached artifacts (-sources.jar and -source-release.zip)
If you build with run-its profile, you'll see that the pom.xml injected into these artifacts has less differences: there is still the current directory in it :( It seems it is caused by additional maven-invoker-plugin configuration done in run-its profile, that seems to replace original pom.xml with something generated from invoker: I did not investigate more yet, any help from maven- invoker-plugin experts appreciated FYI I tested current maven-dependency-plugin release and found that it does not suffer from this issue. Regards, Hervé Le mardi 10 mars 2020, 13:11:42 CET Michael Osipov a écrit : > Am 2020-03-07 um 11:36 schrieb Hervé BOUTEMY: > > Hi, > > > > Yesterday, I made a key step forward for Reproducible Builds with Maven: I > > wrote code to easily check that your local build produces the same > > binaries as the reference binaries published either to staging or to > > Central repository. > > > > For a live example, see the last paragraph of Maven Site Plugin vote that > > just started [1]. > > > > Process to check build output is based on a single plugin goal, currently > > named buildinfo:save [2]: 1. it creates a buildinfo file during build > > recording output fingerprints, that will eventually in the future be > > published to Central repository 2. it downloads reference artifacts > > and/or reference buildinfo and checks that the output of the local build > > is the same as the reference. > > > > Now I want to discuss: is it clear? can you test and report, please? > > > > If the feedback is positive, the next question will be: in which plugin > > should we put this goal to make a release and add it to our parent pom > > during release, so we publish reference buildinfo along our reference > > binaries to Central repository. > > > > Thanks for your feedback > > > > Regards, > > > > Hervé > > > > [1] > > https://lists.apache.org/thread.html/rd3af15d383ddceeb950cd90569e3dcdd6e5 > > a0f5d3cd653ec534b0609%40%3Cdev.maven.apache.org%3E > > > > [2] https://github.com/apache/maven-studies/tree/maven-buildinfo-plugin > > I have now installed latest OpenJDK 7 from AdoptOpenJDK source. > > > [INFO] --- maven-buildinfo-plugin:1.0-SNAPSHOT:save (default-cli) @ > > maven-site-plugin --- [INFO] Saved info on build to > > /usr/home/mosipov/Projekte/maven-site-plugin/target/maven-site-plugin-3.9 > > .0.buildinfo [INFO] Checking against reference build from > > https://repository.apache.org/content/repositories/maven-1554/... > > [WARNING] Reference buildinfo file not found: it will be generated from > > downloaded reference artifacts [INFO] Minimal buildinfo generated from > > downloaded artifacts: > > /usr/home/mosipov/Projekte/maven-site-plugin/target/reference/maven-site- > > plugin-3.9.0.buildinfo [WARNING] size mismatch > > maven-site-plugin-3.9.0-source-release.zip: diffoscope > > target/reference/maven-site-plugin-3.9.0-source-release.zip > > target/maven-site-plugin-3.9.0-source-release.zip [WARNING] size mismatch > > maven-site-plugin-3.9.0-sources.jar: diffoscope > > target/reference/maven-site-plugin-3.9.0-sources.jar > > target/maven-site-plugin-3.9.0-sources.jar [WARNING] Reproducible Build > > output summary: 1 files ok, 2 different, 0 missing [WARNING] diff > > target/reference/maven-site-plugin-3.9.0.buildinfo > > target/maven-site-plugin-3.9.0.buildinfo > on > > > Apache Maven 3.6.3 (cecedd343002696d0abb50b32b541b8a6ba2883f) > > Maven home: /usr/local/share/java/maven > > Java version: 1.7.0_251, vendor: Oracle Corporation, runtime: > > /usr/local/openjdk7/jre Default locale: de_DE, platform encoding: UTF-8 > > OS name: "freebsd", version: "11.3-release-p6", arch: "i386", family: > > "unix" > and > > > $ git branch > > * (HEAD losgelöst bei maven-site-plugin-3.9.0) > > > >> diffoscope target/reference/maven-site-plugin-3.9.0-source-release.zip > >> target/maven-site-plugin-3.9.0-source-release.zip> > > There is a diff in maven-site-plugin-3.9.0/dependency-reduced-pom.xml > > > >> diffoscope target/reference/maven-site-plugin-3.9.0-sources.jar > >> target/maven-site-plugin-3.9.0-sources.jar> > > So is here diff in the pom.xml which is actually > > dependency-reduced-pom.xml. > > > > ├── META-INF/maven/org.apache.maven.plugins/maven-site-plugin/pom.xml > > │ ├── META-INF/maven/org.apache.maven.plugins/maven-site-plugin/pom.xml > > │ │ @@ -243,100 +243,40 @@ > > │ │ <profiles> > > │ │ <profile> > > │ │ <id>run-its</id> > > │ │ <build> > > │ │ <plugins> > > │ │ <plugin> > > │ │ <artifactId>maven-invoker-plugin</artifactId> > > │ │ - <version>3.2.1</version> > > │ │ - <executions> > > │ │ - <execution> > > │ │ - <id>integration-test</id> > > │ │ - <goals> > > │ │ - <goal>install</goal> > > │ │ - <goal>integration-test</goal> > > │ │ - <goal>verify</goal> > > │ │ - </goals> > > │ │ - <configuration> > > │ │ - > > <projectsDirectory>src/it/projects</projectsDirectory> │ │ - > > <settingsFile>src/it/mrm/settings.xml</settingsFile> │ │ - > > <filterProperties> > > │ │ - > > <mrm.repository.url>${mrm.repository.url}</mrm.repository.url> │ │ - > > </filterProperties> > > │ │ - <goals> > > │ │ - <goal>clean</goal> > > │ │ - > > <goal>org.apache.maven.plugins:maven-site-plugin:3.9.0:site</goal> │ │ - > > </goals> > > │ │ - <properties> > > │ │ - > > <maven.compiler.source>1.7</maven.compiler.source> > > │ │ - > > <maven.compiler.target>1.7</maven.compiler.target> > > │ │ - > > <https.protocols>TLSv1,TLSv1.1,TLSv1.2</https.protocols> │ │ - > > </properties> > > │ │ - <debug>true</debug> > > │ │ - > > <cloneProjectsTo>/home/herve/projets/maven/sources/plugins/core/maven-sit > > e-plugin/target/checkout/target/it</cloneProjectsTo> │ │ - > > <preBuildHookScript>setup</preBuildHookScript> │ │ - > > <postBuildHookScript>verify</postBuildHookScript> │ │ - > > <localRepositoryPath>/home/herve/projets/maven/sources/plugins/core/maven > > -site-plugin/target/checkout/target/local-repo</localRepositoryPath> │ │ - > > <pomIncludes> > > │ │ - <pomInclude>*/pom.xml</pomInclude> > > │ │ - </pomIncludes> > > │ │ - <ignoreFailures>false</ignoreFailures> > > │ │ - <environmentVariables> > > │ │ - > > <JENKINS_MAVEN_AGENT_DISABLED>true</JENKINS_MAVEN_AGENT_DISABLED> │ │ - > > </environmentVariables> > > │ │ - </configuration> > > │ │ - </execution> > > │ │ - </executions> > > │ │ <configuration> > > │ │ <projectsDirectory>src/it/projects</projectsDirectory> > > │ │ <settingsFile>src/it/mrm/settings.xml</settingsFile> > > │ │ <filterProperties> > > │ │ > > <mrm.repository.url>${mrm.repository.url}</mrm.repository.url> │ │ > > </filterProperties> > > │ │ <goals> > > │ │ <goal>clean</goal> > > │ │ - > > <goal>org.apache.maven.plugins:maven-site-plugin:3.9.0:site</goal> │ │ + > > > > <goal>${project.groupId}:${project.artifactId}:${project.version}:site</g > > oal> │ │ </goals> > > │ │ <properties> > > │ │ - <maven.compiler.source>1.7</maven.compiler.source> > > │ │ - <maven.compiler.target>1.7</maven.compiler.target> > > │ │ - > > <https.protocols>TLSv1,TLSv1.1,TLSv1.2</https.protocols> │ │ + > > > > <maven.compiler.source>${maven.compiler.source}</maven.compiler.source> │ > > │ + > > <maven.compiler.target>${maven.compiler.target}</maven.compiler.target> │ > > │ </properties> > > │ │ - <debug>true</debug> > > │ │ - > > <cloneProjectsTo>/home/herve/projets/maven/sources/plugins/core/maven-sit > > e-plugin/target/checkout/target/it</cloneProjectsTo> │ │ - > > <preBuildHookScript>setup</preBuildHookScript> > > │ │ - <postBuildHookScript>verify</postBuildHookScript> > > │ │ - > > <localRepositoryPath>/home/herve/projets/maven/sources/plugins/core/maven > > -site-plugin/target/checkout/target/local-repo</localRepositoryPath> │ │ - > > <pomIncludes> > > │ │ - <pomInclude>*/pom.xml</pomInclude> > > │ │ - </pomIncludes> > > │ │ - <ignoreFailures>false</ignoreFailures> > > │ │ - <environmentVariables> > > │ │ - > > <JENKINS_MAVEN_AGENT_DISABLED>true</JENKINS_MAVEN_AGENT_DISABLED> │ │ - > > </environmentVariables> > > │ │ </configuration> > > │ │ </plugin> > > │ │ <plugin> > > │ │ <groupId>org.codehaus.mojo</groupId> > > │ │ <artifactId>mrm-maven-plugin</artifactId> > > │ │ <version>1.2.0</version> > > │ │ <executions> > > │ │ <execution> > > │ │ <goals> > > │ │ <goal>start</goal> > > │ │ <goal>stop</goal> > > │ │ </goals> > > │ │ - <configuration> > > │ │ - <repositories> > > │ │ - <mockRepo> > > │ │ - <source>src/it/mrm/repository</source> > > │ │ - </mockRepo> > > │ │ - <proxyRepo/> > > │ │ - </repositories> > > │ │ - </configuration> > > │ │ </execution> > > │ │ </executions> > > │ │ <configuration> > > │ │ <repositories> > > │ │ <mockRepo> > > │ │ <source>src/it/mrm/repository</source> > > │ │ </mockRepo> > > Any idea why my POM differs from your one? > > Michael > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
