[
https://issues.apache.org/jira/browse/MASSEMBLY-941?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17186635#comment-17186635
]
Christopher Tubbs commented on MASSEMBLY-941:
---------------------------------------------
I updated the description and title to make the issue more apparent.
Also, here is a minimal pom.xml to reproduce the issue (do {{ chmod +x pom.xml
}} to reproduce):
{code:xml}
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
https://maven.apache.org/xsd/maven-4.0.0.xsd";>
<modelVersion>4.0.0</modelVersion>
<groupId>com.example</groupId>
<artifactId>example</artifactId>
<version>0.0.1-SNAPSHOT</version>
<packaging>pom</packaging>
<properties>
<!-- the following item added for reproducibility seems to be the culprit
-->
<project.build.outputTimestamp>2020-01-22T15:10:15Z</project.build.outputTimestamp>
</properties>
<build>
<defaultGoal>clean assembly:single</defaultGoal>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-assembly-plugin</artifactId>
<!-- version 3.1.1 works, but 3.2.0 and 3.3.0 do not -->
<version>3.3.0</version>
<dependencies>
<dependency>
<groupId>org.apache.apache.resources</groupId>
<artifactId>apache-source-release-assembly-descriptor</artifactId>
<version>1.0.6</version>
</dependency>
</dependencies>
<configuration>
<descriptorRefs>
<descriptorRef>source-release-zip-tar</descriptorRef>
</descriptorRefs>
<tarLongFileMode>posix</tarLongFileMode>
</configuration>
</plugin>
</plugins>
</build>
</project>
{code}
This appears to have been broken by the reproducibility features using the {{
project.build.outputTimestamp }} property. Removing that property fixes the
issue. However, that property will be inherited from the Apache parent pom, and
in any case, it should preserve file permissions even if reproducibility is
used.
> file permissions removed during assembly:single since 3.2.0
> -----------------------------------------------------------
>
> Key: MASSEMBLY-941
> URL: https://issues.apache.org/jira/browse/MASSEMBLY-941
> Project: Maven Assembly Plugin
> Issue Type: Bug
> Components: permissions
> Affects Versions: 3.2.0, 3.3.0
> Reporter: Christopher Tubbs
> Priority: Critical
>
> Since 3.2.0, existing file permissions seem to be ignored when creating a
> tarball assembly, and files stored in the assembly do not have their original
> file permissions preserved.
> Using version 3.1.1 of this plugin and earlier, when creating a tar.gz,
> existing file permissions are normally preserved. This is now broken in
> 3.2.0, unless the component descriptor explicitly sets the fileModes.
> This was discovered trying to prepare a release candidate for Apache Accumulo
> using the apache-23.pom parent POM's predefined `source-release-tar`
> descriptor using the `single` goal. We noticed that the resulting
> source-release tarball had stripped all the executable permissions from our
> scripts, instead of preserving them. This makes the resulting source release
> more difficult to build from source.
> A source-release assembly, and any other assembly that does not specify the
> file permissions explicitly, should preserve the existing file permissions,
> just as it used to with 3.1.1 and earlier.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
