Source: maven-plugin-tools Version: 3.3-1 Severity: wishlist Tags: patch User: reproducible-bui...@lists.alioth.debian.org Usertags: timestamps toolchain X-Debbugs-CC: reproducible-bui...@lists.alioth.debian.org
Hi! While working on Debian's “reproducible builds” effort [1], we have noticed that maven-plugin-tools generates unreproducible plugin descriptors (example [2]), because it embeds the build date into a comment inside the file. As the date provides no valuable information, it would be nice if it was removed, so that more packages using it become reproducible. A proposal for this is in the attached patch. Regards, Reiner [1]: https://wiki.debian.org/ReproducibleBuilds [2]: https://reproducible.debian.net/rb-pkg/unstable/amd64/java-comment-preprocessor.html
diff --git a/debian/patches/04-reproducible-plugin-descriptor.patch b/debian/patches/04-reproducible-plugin-descriptor.patch new file mode 100644 index 0000000..c675411 --- /dev/null +++ b/debian/patches/04-reproducible-plugin-descriptor.patch @@ -0,0 +1,27 @@ +Author: Reiner Herrmann <rei...@reiner-h.de> +Description: Don't include the date in xml files + Embedding the current date will result in unreproducible files. + +Index: maven-plugin-tools-3.3/maven-plugin-tools-generators/src/main/java/org/apache/maven/tools/plugin/generator/PluginDescriptorGenerator.java +=================================================================== +--- maven-plugin-tools-3.3.orig/maven-plugin-tools-generators/src/main/java/org/apache/maven/tools/plugin/generator/PluginDescriptorGenerator.java ++++ maven-plugin-tools-3.3/maven-plugin-tools-generators/src/main/java/org/apache/maven/tools/plugin/generator/PluginDescriptorGenerator.java +@@ -24,8 +24,6 @@ import java.io.FileOutputStream; + import java.io.IOException; + import java.io.OutputStreamWriter; + import java.io.Writer; +-import java.text.SimpleDateFormat; +-import java.util.Date; + import java.util.LinkedHashMap; + import java.util.LinkedHashSet; + import java.util.List; +@@ -132,8 +130,7 @@ public class PluginDescriptorGenerator + + XMLWriter w = new PrettyPrintXMLWriter( writer, encoding, null ); + +- w.writeMarkup( "\n<!-- Generated by maven-plugin-tools " + getVersion() + " on " + new SimpleDateFormat( +- "yyyy-MM-dd" ).format( new Date() ) + " -->\n\n" ); ++ w.writeMarkup( "\n<!-- Generated by maven-plugin-tools " + getVersion() + " -->\n\n" ); + + w.startElement( "plugin" ); + diff --git a/debian/patches/series b/debian/patches/series index 2d00408..eac1ecc 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1,3 +1,4 @@ 01-maven2-api-compatibility.patch 02-plexus-archiver1-compatibility.patch 03-plexus-utils2-compatibility.patch +04-reproducible-plugin-descriptor.patch
signature.asc
Description: OpenPGP digital signature
__ This is the maintainer address of Debian's Java team <http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.
