yes, same happened in 1.9.11: this is where I found this first, while checking for Reproducible Central
https://github.com/jvm-repo-rebuild/reproducible-central/blob/master/content/org/apache/maven/resolver/maven-resolver/README.md Yes, dropping your local repo would be nice to avoid such unexpected state Lately, umask has been a pain to Reproducible Builds: it gives much weight to an environment aspect, with Linux distros changing their default value recently. On Resolver 1.9.12, we have now multiple options: 1. drop 1.9.12 and go to 1.9.13: looks overkill to me 2. let 1.9.12 binaries as is: reasonable 3. rebuild a new staging repository from Git tag: I'd love this one to be at least thought a little bit before saying no Explanation: Given in reality the build itself is reproducible, but the reference build has just one file broken by your desktop environment, it means that if you "mvn -Papache-release deploy" from the Git tag, you'll get a new staging repository that will contain the same binaries (in particular the same -source-release.ziip and its sha512), just with a fixed maven-resolver-named-locks-redisson-1.9.12-bundle.zip The real files that will be different are the .asc files We could later decide if we release to Maven Central from current maven-1962 or the new one Are you ready to try? (and discover one of the nice benefit of Reproducible Builds...) Regards, Hervé Le vendredi 16 juin 2023, 19:23:14 CEST Tamás Cservenák a écrit : > Found it: that above is my laptop, while I did (both) release on my desktop: > > [cstamas@urnebes ~]$ cd .m2/repository-oss/org/objenesis/objenesis/3.3/ > [cstamas@urnebes 3.3]$ ll > total 68 > -rw-------. 1 cstamas cstamas 49423 2022 dec 15 objenesis-3.3.jar > -rw-------. 1 cstamas cstamas 40 2022 dec 15 objenesis-3.3.jar.sha1 > -rw-------. 1 cstamas cstamas 3007 2022 dec 15 objenesis-3.3.pom > -rw-------. 1 cstamas cstamas 40 2022 dec 15 objenesis-3.3.pom.sha1 > -rw-------. 1 cstamas cstamas 192 2022 dec 15 _remote.repositories > [cstamas@urnebes 3.3]$ > > Hence, the same should be true for 1.9.11 as well. Also, it seems it's time > to nuke my local repo ;) > > Thanks > T > > On Fri, Jun 16, 2023 at 7:16 PM Tamás Cservenák <ta...@cservenak.net> wrote: > > Strange.... > > > > [cstamas@blondie ~]$ cd .m2/repository-oss/org/objenesis/objenesis/3.3/ > > [cstamas@blondie 3.3]$ ll > > total 68 > > -rw-r--r--. 1 cstamas cstamas 49423 dec 20 17.30 objenesis-3.3.jar > > -rw-r--r--. 1 cstamas cstamas 40 dec 20 17.30 objenesis-3.3.jar.sha1 > > -rw-r--r--. 1 cstamas cstamas 3007 dec 20 17.30 objenesis-3.3.pom > > -rw-r--r--. 1 cstamas cstamas 40 dec 20 17.30 objenesis-3.3.pom.sha1 > > -rw-r--r--. 1 cstamas cstamas 192 dec 20 17.30 _remote.repositories > > [cstamas@blondie 3.3]$ > > > > Herve, while at this, please can you check 1.9.11 as well? IMHO there must > > be the same issue present, or if not, am even more puzzled... > > > > T > > > > On Fri, Jun 16, 2023 at 7:13 PM Hervé Boutemy <herve.bout...@free.fr> > > > > wrote: > >> +1 > >> > >> notice that Reproducible Builds is NOT ok on 1 file: reference build done > >> on > >> *nix with JDK 17 and umask 022 > >> > >> the only issue is in > >> maven-resolver-named-locks-redisson-1.9.12-bundle.zip: > >> │--rw------- 2.0 unx 49423 b- defN 23-Jun-16 13:32 objenesis-3.3.jar > >> │+-rw-r--r-- 2.0 unx 49423 b- defN 23-Jun-16 13:32 objenesis-3.3.jar > >> it seems your local repository contains a objenesis-3.3.jar which is not > >> group > >> nor world wide readable > >> > >> Regards, > >> > >> Hervé > >> > >> Le vendredi 16 juin 2023, 15:57:43 CEST Tamás Cservenák a écrit : > >> > Howdy, > >> > >> > We solved 1 issue: > >> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12320628 > >> &ve>> > >> > rsion=12353340 > >> > > >> > There are still some issues in JIRA: > >> > https://issues.apache.org/jira/projects/MRESOLVER/issues > >> > > >> > Staging repository: > >> > https://repository.apache.org/content/repositories/maven-1962/ > >> > >> > Source release SHA512: > >> b24cbd998e1739a89eb693b764fef9f476d53a5b1546ffb87941afcdc9c76bdcd69cbf924 > >> 782>> > >> > ded6067388679446c25c166364cd9ac450e8ef17a70d3f1045ce > >> > > >> > Staging site: > >> > https://maven.apache.org/resolver-archives/resolver-LATEST/ > >> > > >> > Guide to testing staged releases: > >> > https://maven.apache.org/guides/development/guide-testing-releases.html > >> > > >> > Vote open for 72 hours. > >> > > >> > [ ] +1 > >> > [ ] +0 > >> > [ ] -1 > >> > >> --------------------------------------------------------------------- > >> To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org > >> For additional commands, e-mail: dev-h...@maven.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org