[
https://issues.apache.org/jira/browse/MASSEMBLY-975?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17694880#comment-17694880
]
Herve Boutemy edited comment on MASSEMBLY-975 at 3/1/23 7:08 AM:
-----------------------------------------------------------------
for example, see my comment in
https://github.com/jvm-repo-rebuild/reproducible-central/blob/master/content/org/owasp/dependency-check/dependency-check-8.1.2.buildspec
My Linux distro is umask 002 by default, while the reference build has been
done with umask 022: as expected, as a rebuilder, I have to do more efforts to
have an environment equivalent to the reference build
I'm not really happy of this new aspect, but at least, this is the impact I
expected (and I understand people were not happy about loosing the executable
flag)
If you have any idea for maven-assembly-plugin to better match expectations
from the 2 types of people:
- those interested in executable flag
- those interested in not being dependent on group write config in umask (002
or 022)
don't hesitate to propose a new config.
For the moment, I'll have to cope with the 2 umask values (and I already
anticipate that reproducing builds dons on Windows from my Linux box will add a
new issue that my current mvncrlf script does not manage: Windows does not have
the executable flag, but Linux has: I'll probably have to add a new emulation
trick...)
was (Author: hboutemy):
for example, see my comment in
https://github.com/jvm-repo-rebuild/reproducible-central/blob/master/content/org/owasp/dependency-check/dependency-check-8.1.2.buildspec
My Linux distro is umask 002 by default, while the reference build has been
done with umask 022: as expected, as a rebuilder, I have to do more efforts to
have an environment equivalent to the reference build
I'm not really happy of this new aspect, but at least, this is the impact I
expected (and I understand people were not happy about loosing the executable
flag)
If you have any idea for maven-assembly-plugin to better match expectations
from the 2 types of people:
- those interested in executable flag
- those interested in not being dependent on group write config in umask (002
or 022)
don't hesitate to propose a new config.
For the moment, I'll have to cope with the 2 umask values (and I already
anticipate that reproducing builds dons on Windows from my Linux box will add a
new issue that my current mvncrlf script does not manage: Windows does not have
the executable flag, but Linux has: I'll probably have to add a new emulation
trick...)
> Regression: 3.5.0 no longer uses default fileMode and directoryMode
> -------------------------------------------------------------------
>
> Key: MASSEMBLY-975
> URL: https://issues.apache.org/jira/browse/MASSEMBLY-975
> Project: Maven Assembly Plugin
> Issue Type: Bug
> Affects Versions: 3.5.0
> Reporter: Niels Basjes
> Priority: Critical
>
> If the fileMode and directoryMode have not been specified with the 3.5.0
> version then the umask of the system at hand will determine the permissions
> of the files in the jar generated by the assembly plugin.
> This is a bug because it has been documented that it should use the
> documented defaults in this case.
> If I change the version of the plugin from 3.5.0 to 3.4.2 then it works as
> expected.
> I made a simple reproduction project:
> https://github.com/nielsbasjes/BugreportMavenAssemblyUMask
> This builds the same trivial project (with 3 different umask settings) and
> assembles a jar with the default and explicitly set the same as the
> documented defaults.
> The base files are all the same (md5sum output)
> {code}
> ec364137a2c7678ef0c8f495652efe36 target-0002/assemblyumask-1.0-SNAPSHOT.jar
> ec364137a2c7678ef0c8f495652efe36 target-0022/assemblyumask-1.0-SNAPSHOT.jar
> ec364137a2c7678ef0c8f495652efe36 target-0055/assemblyumask-1.0-SNAPSHOT.jar
> {code}
> The maven-assembly-plugin created files WITH fileMode and directoryMode are
> all the same
> {code}
> ba12113ad2b95a4fc75d99aa5bfd4e4f
> target-0002/assemblyumask-1.0-SNAPSHOT-udf-mode.jar
> ba12113ad2b95a4fc75d99aa5bfd4e4f
> target-0022/assemblyumask-1.0-SNAPSHOT-udf-mode.jar
> ba12113ad2b95a4fc75d99aa5bfd4e4f
> target-0055/assemblyumask-1.0-SNAPSHOT-udf-mode.jar
> {code}
> The maven-assembly-plugin created files WITHOUT fileMode and directoryMode
> are all different
> {code}
> 316e5d6b2e85b7d829e938a5797370d7
> target-0022/assemblyumask-1.0-SNAPSHOT-udf-default.jar
> 3375500189ef3087f8943d518209a5e6
> target-0055/assemblyumask-1.0-SNAPSHOT-udf-default.jar
> c341cbbc9f21bb64b817b8bbdaae8608
> target-0002/assemblyumask-1.0-SNAPSHOT-udf-default.jar
> {code}
> The permissions IN the files are the difference:
> {code}
> $ diffoscope target-0055/assemblyumask-1.0-SNAPSHOT-udf-mode.jar
> target-0055/assemblyumask-1.0-SNAPSHOT-udf-default.jar
> --- target-0055/assemblyumask-1.0-SNAPSHOT-udf-mode.jar
> +++ target-0055/assemblyumask-1.0-SNAPSHOT-udf-default.jar
> │┄ Archive contents identical but files differ, possibly due to different
> compression levels. Falling back to binary comparison.
> ├── zipinfo {}
> │ @@ -1,13 +1,13 @@
> │ Zip file size: 2152173 bytes, number of entries: 1515
> │ drwxr-xr-x 2.0 unx 0 b- stor 03-Mar-03 03:03 META-INF/
> │ -rw-r--r-- 2.0 unx 79 b- defN 03-Mar-03 03:03 META-INF/MANIFEST.MF
> │ -drwxr-xr-x 2.0 unx 0 b- stor 03-Mar-03 03:03 nl/
> │ -drwxr-xr-x 2.0 unx 0 b- stor 03-Mar-03 03:03 nl/basjes/
> │ -drwxr-xr-x 2.0 unx 0 b- stor 03-Mar-03 03:03 nl/basjes/bugreports/
> │ +drwx-w--w- 2.0 unx 0 b- stor 03-Mar-03 03:03 nl/
> │ +drwx-w--w- 2.0 unx 0 b- stor 03-Mar-03 03:03 nl/basjes/
> │ +drwx-w--w- 2.0 unx 0 b- stor 03-Mar-03 03:03 nl/basjes/bugreports/
> │ drwxr-xr-x 2.0 unx 0 b- stor 03-Mar-03 03:03 META-INF/org/
> │ drwxr-xr-x 2.0 unx 0 b- stor 03-Mar-03 03:03 META-INF/org/apache/
> │ drwxr-xr-x 2.0 unx 0 b- stor 03-Mar-03 03:03
> META-INF/org/apache/logging/
> │ drwxr-xr-x 2.0 unx 0 b- stor 03-Mar-03 03:03
> META-INF/org/apache/logging/log4j/
> │ drwxr-xr-x 2.0 unx 0 b- stor 03-Mar-03 03:03
> META-INF/org/apache/logging/log4j/core/
> │ drwxr-xr-x 2.0 unx 0 b- stor 03-Mar-03 03:03
> META-INF/org/apache/logging/log4j/core/config/
> │ drwxr-xr-x 2.0 unx 0 b- stor 03-Mar-03 03:03
> META-INF/org/apache/logging/log4j/core/config/plugins/
> │ @@ -1508,10 +1508,10 @@
> │ -rw-r--r-- 2.0 unx 223 b- defN 03-Mar-03 03:03
> org/apache/logging/log4j/util/Unbox$1.class
> │ -rw-r--r-- 2.0 unx 1135 b- defN 03-Mar-03 03:03
> org/apache/logging/log4j/util/Unbox$State.class
> │ -rw-r--r-- 2.0 unx 1779 b- defN 03-Mar-03 03:03
> org/apache/logging/log4j/util/Unbox$WebSafeState.class
> │ -rw-r--r-- 2.0 unx 4595 b- defN 03-Mar-03 03:03
> org/apache/logging/log4j/util/Unbox.class
> │ -rw-r--r-- 2.0 unx 135 b- defN 03-Mar-03 03:03
> org/apache/logging/log4j/util/package-info.class
> │ -rw-r--r-- 2.0 unx 6283 b- defN 03-Mar-03 03:03
> META-INF/maven/org.apache.logging.log4j/log4j-api/pom.xml
> │ -rw-r--r-- 2.0 unx 69 b- defN 03-Mar-03 03:03
> META-INF/maven/org.apache.logging.log4j/log4j-api/pom.properties
> │ --rw-r--r-- 2.0 unx 494 b- defN 03-Mar-03 03:03 log4j2.xml
> │ --rw-r--r-- 2.0 unx 605 b- defN 03-Mar-03 03:03
> nl/basjes/bugreports/App.class
> │ +-rw-rw-r-- 2.0 unx 494 b- defN 03-Mar-03 03:03 log4j2.xml
> │ +-rw--w--w- 2.0 unx 605 b- defN 03-Mar-03 03:03
> nl/basjes/bugreports/App.class
> │ 1515 files, 4853233 bytes uncompressed, 1839331 bytes compressed: 62.1%
> {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
