Re: [VOTE] Release Apache Maven Dependency Plugin version 3.1.2
+1, the build and sha512 ok On Sat, Mar 7, 2020 at 12:56 PM Karl Heinz Marbaise wrote: > We solved 23 issues: > > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12317227&version=12343772 > > There are still a couple of issues left in JIRA: > > https://issues.apache.org/jira/issues/?jql=project%20%3D%20MDEP%20AND%20resolution%20%3D%20Unresolved%20ORDER%20BY%20key%20DESC%2C%20priority%20DESC%2C%20updated%20DESC > > Staging repo: > https://repository.apache.org/content/repositories/maven-1555 > > > https://repository.apache.org/content/repositories/maven-1555/org/apache/maven/plugins/maven-dependency-plugin/3.1.2/maven-dependency-plugin-3.1.2-source-release.zip > > Source release checksum(s): > [NAME-OF]-source-release.zip sha512: > > e06c1696842682e599c2b7e6a24c58ac0c01ae0d5bf57fcc7269a7fd11092143c598fa82f908ee181d905cb949f44515e14b7b899e5df1aa184d68d2d308f83f > > Staging site: > https://maven.apache.org/plugins-archives/maven-dependency-plugin-LATEST/ > > Guide to testing staged releases: > https://maven.apache.org/guides/development/guide-testing-releases.html > > Vote open for at least 72 hours. > > [ ] +1 > [ ] +0 > [ ] -1 > > Kind regards > Karl Heinz Marbaise > > - > To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org > For additional commands, e-mail: dev-h...@maven.apache.org > >
Re: Maven version support
It is always a big investment, especially when migrated from Maven 2 to Maven 3.0 API. For me it make sense to make minimum viable migration steps, and therefore migrate the plugins with major versions only. In this case it would be a migration with Java version 8.0 and Maven API 4.0 or 5.0. On Fri, Mar 6, 2020 at 3:33 PM Robert Scholte wrote: > Even though we release the Maven APIs together with Maven Core (with the > same version), for plugins there are close to no changes. > The biggest changes of Maven APIs are from 2.2.1 to 3.0 and 3.0.5 to 3.1.0 > With this in mind, having almost all plugins depending on 3.0, it makes > sense to start moving to 3.1.0 > I don't see any benefit to require a higher version of Maven. > And it doesn't come with extra maintenance costs. > So there must be a better reason, e.g. if a plugin requires a specific > implementation of Maven, (like the upcoming maven-wrapper-plugin). > I'd created a page to migrate plugins to Maven 3.0 and I thought I > prepared on for 3.1.0 as well, but can't find it. > One benefit of requiring Maven 3.1.0 is replacing the plexus annotations > with JSR330 since this is the current standard, much better to understand > for the average developer. > (not the Maven Plugin Annotations!) > > Robert > > [1] > https://cwiki.apache.org/confluence/display/MAVEN/Plugin+migration+to+Maven3+dependencies > > > On 6-3-2020 14:19:09, Mickael Istria wrote: > Hi, > > Community support is always an interesting question as there is no support > contract to define what "support" means ;) > IMO, the community does at least support the latest release. Then if some > community members can work on supporting older ones, that's good, but IMO > it doesn't have to be the priority of the community to support older > versions if it slows down main development. Long term support is something > expensive to provide, and that some companies can bill for; unless the > companies that bill for older version support do invest back with > contributors in the project to provide such support in the community > channels, then it's just so much simpler and more fair to say that > community only supports latest release and drop all older ones, and let > people who can make money with it take care of older support from people > who are ready to pay for it. > > Cheers >
Re: [DISCUSS] checking reproducible builds
On Sat, Mar 7, 2020 at 11:39 AM Michael Osipov wrote: > > As note, reproducibility after some time is not always possible if > nessary compilers/tools aren't available anymore -- as you can see. > That's an important point. Some organizations archive their entire build chain including compilers and other tools in the source repository. I haven't seen it done, but I imagine you could go further using Docker images as the source of the reproducible build. -- Elliotte Rusty Harold elh...@ibiblio.org - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
Re: [DISCUSS] checking reproducible builds
Diff on OpenJDK 11: ├── META-INF/MANIFEST.MF │ @@ -1,10 +1,10 @@ │ Manifest-Version: 1.0 │ +Implementation-Vendor: The Apache Software Foundation^M │ +Implementation-Title: Apache Maven Site Plugin^M │ +Implementation-Version: 3.9.0^M │ +Build-Jdk-Spec: 1.7^M │ +Specification-Vendor: The Apache Software Foundation^M │ Created-By: Maven Jar Plugin 3.2.0 │ -Build-Jdk-Spec: 11^M │ Specification-Title: Apache Maven Site Plugin │ Specification-Version: 3.9 │ -Specification-Vendor: The Apache Software Foundation^M │ -Implementation-Title: Apache Maven Site Plugin^M │ -Implementation-Version: 3.9.0^M │ -Implementation-Vendor: The Apache Software Foundation^M It seems like the hash implementation differs from version to version... - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
Re: [DISCUSS] checking reproducible builds
Am 2020-03-07 um 19:04 schrieb Hervé BOUTEMY:
Le samedi 7 mars 2020, 17:39:20 CET Michael Osipov a écrit :
This is expected because I am on 1.8.0_242. I don't have Java 7
installed anymore on the server.
for the discussion I wanted us to have, just being able to test and see how we
detect issues, this is perfect, isn't it?
This is really nice. Here is the diffoscope output:
--- maven-site-plugin-3.9.0.jar
+++ reference/maven-site-plugin-3.9.0.jar
├── zipinfo {}
│ @@ -1,8 +1,8 @@
│ -Zip file size: 136174 bytes, number of entries: 84
│ +Zip file size: 136331 bytes, number of entries: 84
│ -rw 2.0 fat0 bX defN 20-Mar-06 20:49 META-INF/
│ -rw 2.0 fat 345 bl defN 20-Mar-06 20:49 META-INF/MANIFEST.MF
│ -rw 2.0 fat28157 bl defN 20-Mar-06 20:49 META-INF/DEPENDENCIES
│ -rw 2.0 fat11358 bl defN 20-Mar-06 20:49 META-INF/LICENSE
│ -rw 2.0 fat 181 bl defN 20-Mar-06 20:49 META-INF/NOTICE
│ -rw 2.0 fat0 bl defN 20-Mar-06 20:49 META-INF/maven/
│ -rw 2.0 fat0 bl defN 20-Mar-06 20:49
META-INF/maven/org.apache.maven.plugins/
│ @@ -10,44 +10,44 @@
│ -rw 2.0 fat56112 bl defN 20-Mar-06 20:49
META-INF/maven/org.apache.maven.plugins/maven-site-plugin/plugin-help.xml
│ -rw 2.0 fat 103450 bl defN 20-Mar-06 20:49
META-INF/maven/plugin.xml
│ -rw 2.0 fat0 bl defN 20-Mar-06 20:49 org/
│ -rw 2.0 fat0 bl defN 20-Mar-06 20:49 org/apache/
│ -rw 2.0 fat0 bl defN 20-Mar-06 20:49 org/apache/maven/
│ -rw 2.0 fat0 bl defN 20-Mar-06 20:49
org/apache/maven/plugins/
│ -rw 2.0 fat0 bl defN 20-Mar-06 20:49
org/apache/maven/plugins/site/
│ --rw 2.0 fat 2983 bl defN 20-Mar-06 20:49
org/apache/maven/plugins/site/AbstractSiteMojo.class
│ +-rw 2.0 fat 3033 bl defN 20-Mar-06 20:49
org/apache/maven/plugins/site/AbstractSiteMojo.class
│ -rw 2.0 fat0 bl defN 20-Mar-06 20:49
org/apache/maven/plugins/site/deploy/
│ --rw 2.0 fat 1472 bl defN 20-Mar-06 20:49
org/apache/maven/plugins/site/deploy/AbstractDeployMojo$URIEncoder.class
│ --rw 2.0 fat23211 bl defN 20-Mar-06 20:49
org/apache/maven/plugins/site/deploy/AbstractDeployMojo.class
│ +-rw 2.0 fat 1521 bl defN 20-Mar-06 20:49
org/apache/maven/plugins/site/deploy/AbstractDeployMojo$URIEncoder.class
│ +-rw 2.0 fat23237 bl defN 20-Mar-06 20:49
org/apache/maven/plugins/site/deploy/AbstractDeployMojo.class
│ -rw 2.0 fat 1935 bl defN 20-Mar-06 20:49
org/apache/maven/plugins/site/deploy/AbstractStagingMojo.class
│ --rw 2.0 fat11174 bl defN 20-Mar-06 20:49
org/apache/maven/plugins/site/deploy/HelpMojo.class
│ +-rw 2.0 fat11281 bl defN 20-Mar-06 20:49
org/apache/maven/plugins/site/deploy/HelpMojo.class
│ -rw 2.0 fat 1251 bl defN 20-Mar-06 20:49
org/apache/maven/plugins/site/deploy/SiteDeployMojo.class
│ --rw 2.0 fat 5630 bl defN 20-Mar-06 20:49
org/apache/maven/plugins/site/deploy/SiteStageDeployMojo.class
│ --rw 2.0 fat 3931 bl defN 20-Mar-06 20:49
org/apache/maven/plugins/site/deploy/SiteStageMojo.class
│ +-rw 2.0 fat 5622 bl defN 20-Mar-06 20:49
org/apache/maven/plugins/site/deploy/SiteStageDeployMojo.class
│ +-rw 2.0 fat 3961 bl defN 20-Mar-06 20:49
org/apache/maven/plugins/site/deploy/SiteStageMojo.class
│ -rw 2.0 fat0 bl defN 20-Mar-06 20:49
org/apache/maven/plugins/site/deploy/wagon/
│ --rw 2.0 fat 4927 bl defN 20-Mar-06 20:49
org/apache/maven/plugins/site/deploy/wagon/BugFixedRepository.class
│ --rw 2.0 fat 5604 bl defN 20-Mar-06 20:49
org/apache/maven/plugins/site/deploy/wagon/PathUtils.class
│ +-rw 2.0 fat 4884 bl defN 20-Mar-06 20:49
org/apache/maven/plugins/site/deploy/wagon/BugFixedRepository.class
│ +-rw 2.0 fat 5564 bl defN 20-Mar-06 20:49
org/apache/maven/plugins/site/deploy/wagon/PathUtils.class
│ -rw 2.0 fat0 bl defN 20-Mar-06 20:49
org/apache/maven/plugins/site/descriptor/
│ -rw 2.0 fat 4039 bl defN 20-Mar-06 20:49
org/apache/maven/plugins/site/descriptor/AbstractSiteDescriptorMojo.class
│ --rw 2.0 fat 5734 bl defN 20-Mar-06 20:49
org/apache/maven/plugins/site/descriptor/EffectiveSiteMojo.class
│ --rw 2.0 fat 4621 bl defN 20-Mar-06 20:49
org/apache/maven/plugins/site/descriptor/SiteDescriptorArtifactMetadata.class
│ --rw 2.0 fat 4237 bl defN 20-Mar-06 20:49
org/apache/maven/plugins/site/descriptor/SiteDescriptorAttachMojo.class
│ +-rw 2.0 fat 5780 bl defN 20-Mar-06 20:49
org/apache/maven/plugins/site/descriptor/EffectiveSiteMojo.class
│ +-rw 2.0 fat 4666 bl defN 20-Mar-06 20:49
org/apache/maven/plugins/site/descriptor/SiteDescriptorArtifactMetadata.class
│ +-rw 2.0 fat 4267 bl defN 20-Mar-06 20:49
org/ap
Re: [VOTE] Release Apache Maven Dependency Plugin version 3.1.2
I have four open PRs on the maven-dependency-plugin if anyone cares to review: https://github.com/apache/maven-dependency-plugin/pull/34 https://github.com/apache/maven-dependency-plugin/pull/35 https://github.com/apache/maven-dependency-plugin/pull/36 https://github.com/apache/maven-dependency-plugin/pull/37 Nothing particularly critical. On Sat, Mar 7, 2020 at 6:56 AM Karl Heinz Marbaise wrote: > > We solved 23 issues: > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12317227&version=12343772 > > There are still a couple of issues left in JIRA: > https://issues.apache.org/jira/issues/?jql=project%20%3D%20MDEP%20AND%20resolution%20%3D%20Unresolved%20ORDER%20BY%20key%20DESC%2C%20priority%20DESC%2C%20updated%20DESC > > Staging repo: > https://repository.apache.org/content/repositories/maven-1555 > > https://repository.apache.org/content/repositories/maven-1555/org/apache/maven/plugins/maven-dependency-plugin/3.1.2/maven-dependency-plugin-3.1.2-source-release.zip > > Source release checksum(s): > [NAME-OF]-source-release.zip sha512: > e06c1696842682e599c2b7e6a24c58ac0c01ae0d5bf57fcc7269a7fd11092143c598fa82f908ee181d905cb949f44515e14b7b899e5df1aa184d68d2d308f83f > > Staging site: > https://maven.apache.org/plugins-archives/maven-dependency-plugin-LATEST/ > > Guide to testing staged releases: > https://maven.apache.org/guides/development/guide-testing-releases.html > > Vote open for at least 72 hours. > > [ ] +1 > [ ] +0 > [ ] -1 > > Kind regards > Karl Heinz Marbaise > > - > To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org > For additional commands, e-mail: dev-h...@maven.apache.org > -- Elliotte Rusty Harold elh...@ibiblio.org - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
Re: [VOTE] Release Apache Maven Site Plugin version 3.9.0
+1, build passes successfully and SHA512 ok On Sat, Mar 7, 2020 at 4:01 AM Hervé BOUTEMY wrote: > Hi, > > We solved 5 issues: > > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12317923&version=12345725&styleName=Text > > Staging repo: > https://repository.apache.org/content/repositories/maven-1554/ > > https://repository.apache.org/content/repositories/maven-1554/org/apache/maven/plugins/maven-site-plugin/3.9.0/maven-site-plugin-3.9.0-source-release.zip > > Source release checksum(s): > maven-site-plugin-3.9.0-source-release.zip sha512: > b46a0c32e5799ee452f67c41c657271439ea328157e103cffee55be9fc93d980632ab29972eed886bc3419b0240fe1051e8789effe4b6f158933eb0bf79ef3f6 > > Staging site: > https://maven.apache.org/plugins-archives/maven-site-plugin-LATEST/ > > Guide to testing staged releases: > https://maven.apache.org/guides/development/guide-testing-releases.html > > You can also easily test the reproducibility of this build: > - install maven-buildinfo-plugin: see > https://github.com/apache/maven-studies/tree/maven-buildinfo-plugin > - on any Unix with JDK 7, launch: mvn -Papache-release verify > buildinfo:save -Dgpg.skip -Dreference.repo= > https://repository.apache.org/content/repositories/maven-1554/ > > Vote open for at least 72 hours. > > [ ] +1 > [ ] +0 > [ ] -1 > > > > - > To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org > For additional commands, e-mail: dev-h...@maven.apache.org > >
Re: [VOTE] Release Apache Maven Dependency Plugin version 3.1.2
+1 FYI, I was able to reproduce and check on my Linux box with JDK 8, using followin command: $ mvn -Prun-its,apache-release clean verify buildinfo:save -Dgpg.skip -Dreference.repo=https://repository.apache.org/content/repositories/maven-1555/ [...] [INFO] Reproducible Build output summary: 3 files ok Regards, Hervé Le samedi 7 mars 2020, 12:56:11 CET Karl Heinz Marbaise a écrit : > We solved 23 issues: > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12317227&ve > rsion=12343772 > > There are still a couple of issues left in JIRA: > https://issues.apache.org/jira/issues/?jql=project%20%3D%20MDEP%20AND%20reso > lution%20%3D%20Unresolved%20ORDER%20BY%20key%20DESC%2C%20priority%20DESC%2C% > 20updated%20DESC > > Staging repo: > https://repository.apache.org/content/repositories/maven-1555 > > https://repository.apache.org/content/repositories/maven-1555/org/apache/mav > en/plugins/maven-dependency-plugin/3.1.2/maven-dependency-plugin-3.1.2-sourc > e-release.zip > > Source release checksum(s): > [NAME-OF]-source-release.zip sha512: > e06c1696842682e599c2b7e6a24c58ac0c01ae0d5bf57fcc7269a7fd11092143c598fa82f908 > ee181d905cb949f44515e14b7b899e5df1aa184d68d2d308f83f > > Staging site: > https://maven.apache.org/plugins-archives/maven-dependency-plugin-LATEST/ > > Guide to testing staged releases: > https://maven.apache.org/guides/development/guide-testing-releases.html > > Vote open for at least 72 hours. > > [ ] +1 > [ ] +0 > [ ] -1 > > Kind regards > Karl Heinz Marbaise > > - > To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org > For additional commands, e-mail: dev-h...@maven.apache.org - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
Re: [VOTE] Release Apache Maven Dependency Plugin version 3.1.2
It would be very nice to release maven-artifact-transfer first (both 0.12.1 and 0.13.0 look ready in Jira, with one and two issues closed respectively, so I would go for 0.13.0 to get all ready fixes out), and integrate into this release. Please consider doing that! - Eric L On Sat, Mar 7, 2020 at 12:56 PM Karl Heinz Marbaise wrote: > We solved 23 issues: > > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12317227&version=12343772 > > There are still a couple of issues left in JIRA: > > https://issues.apache.org/jira/issues/?jql=project%20%3D%20MDEP%20AND%20resolution%20%3D%20Unresolved%20ORDER%20BY%20key%20DESC%2C%20priority%20DESC%2C%20updated%20DESC > > Staging repo: > https://repository.apache.org/content/repositories/maven-1555 > > > https://repository.apache.org/content/repositories/maven-1555/org/apache/maven/plugins/maven-dependency-plugin/3.1.2/maven-dependency-plugin-3.1.2-source-release.zip > > Source release checksum(s): > [NAME-OF]-source-release.zip sha512: > > e06c1696842682e599c2b7e6a24c58ac0c01ae0d5bf57fcc7269a7fd11092143c598fa82f908ee181d905cb949f44515e14b7b899e5df1aa184d68d2d308f83f > > Staging site: > https://maven.apache.org/plugins-archives/maven-dependency-plugin-LATEST/ > > Guide to testing staged releases: > https://maven.apache.org/guides/development/guide-testing-releases.html > > Vote open for at least 72 hours. > > [ ] +1 > [ ] +0 > [ ] -1 > > Kind regards > Karl Heinz Marbaise > > - > To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org > For additional commands, e-mail: dev-h...@maven.apache.org > >
Re: [DISCUSS] checking reproducible builds
Le samedi 7 mars 2020, 17:39:20 CET Michael Osipov a écrit : > This is expected because I am on 1.8.0_242. I don't have Java 7 > installed anymore on the server. for the discussion I wanted us to have, just being able to test and see how we detect issues, this is perfect, isn't it? how did you find the experience? any improvement proposal? and any idea on where to put this goal in the future? > > As note, reproducibility after some time is not always possible if > nessary compilers/tools aren't available anymore -- as you can see. when we absolutely want to rebuild, this is where containers can ease the job Regards, Hervé > > Michael > > > - > To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org > For additional commands, e-mail: dev-h...@maven.apache.org - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
MavenProject - replacement for deprecated method
Hi, In my plugin I need list of report plugins, I use method: org.apache.maven.project.MavenProject#getReportArtifacts but this method (and many other) is deprecated in class MavenProject - maven-core version 3.5.0 What method / class / library I should use instead of this. In source code there isn't any information about replacement. -- Sławomir Jaranowski
Re: [DISCUSS] checking reproducible builds
Am 2020-03-07 um 11:36 schrieb Hervé BOUTEMY: Hi, Yesterday, I made a key step forward for Reproducible Builds with Maven: I wrote code to easily check that your local build produces the same binaries as the reference binaries published either to staging or to Central repository. For a live example, see the last paragraph of Maven Site Plugin vote that just started [1]. Process to check build output is based on a single plugin goal, currently named buildinfo:save [2]: 1. it creates a buildinfo file during build recording output fingerprints, that will eventually in the future be published to Central repository 2. it downloads reference artifacts and/or reference buildinfo and checks that the output of the local build is the same as the reference. Now I want to discuss: is it clear? can you test and report, please? If the feedback is positive, the next question will be: in which plugin should we put this goal to make a release and add it to our parent pom during release, so we publish reference buildinfo along our reference binaries to Central repository. Made some progress: [INFO] --- maven-buildinfo-plugin:1.0-SNAPSHOT:save (default-cli) @ maven-site-plugin --- [INFO] Saved info on build to /var/osipovmi/Projekte/maven-site-plugin/target/maven-site-plugin-3.9.0.buildinfo [INFO] Checking against reference build from https://repository.apache.org/content/repositories/maven-1554/... [WARNING] Reference buildinfo file not found: it will be generated from downloaded reference artifacts [INFO] Minimal buildinfo generated from downloaded artifacts: /var/osipovmi/Projekte/maven-site-plugin/target/reference/maven-site-plugin-3.9.0.buildinfo [WARNING] size mismatch maven-site-plugin-3.9.0.jar: diffoscope target/reference/maven-site-plugin-3.9.0.jar target/maven-site-plugin-3.9.0.jar [WARNING] size mismatch maven-site-plugin-3.9.0-sources.jar: diffoscope target/reference/maven-site-plugin-3.9.0-sources.jar target/maven-site-plugin-3.9.0-sources.jar [WARNING] size mismatch maven-site-plugin-3.9.0-source-release.zip: diffoscope target/reference/maven-site-plugin-3.9.0-source-release.zip target/maven-site-plugin-3.9.0-source-release.zip [WARNING] Reproducible Build output summary: 0 files ok, 3 different, 0 missing [WARNING] diff target/reference/maven-site-plugin-3.9.0.buildinfo target/maven-site-plugin-3.9.0.buildinfo This is expected because I am on 1.8.0_242. I don't have Java 7 installed anymore on the server. As note, reproducibility after some time is not always possible if nessary compilers/tools aren't available anymore -- as you can see. Michael - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
Re: [VOTE] Release Apache Maven Site Plugin version 3.9.0
Le samedi 7 mars 2020, 13:05:47 CET Karl Heinz Marbaise a écrit : > Hi, > > +1 from me. > > > I've tried to check reproducibility of the build but got a number of > JavaDoc errors (JDK8 1.8.0.232 MacOS) which failed the checking... yes, that's why I did this release using JDK 7 > That > means that the javadoc issues should be fixed for the next release... yes, a lot of Maven components have such javadoc issues: getting some help on this would be nice Regards, Hervé > > > Kind regards > Karl Heinz Marbaise > > On 06.03.20 22:03, Hervé BOUTEMY wrote: > > Hi, > > > > We solved 5 issues: > > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12317923&; > > version=12345725&styleName=Text > > > > Staging repo: > > https://repository.apache.org/content/repositories/maven-1554/ > > https://repository.apache.org/content/repositories/maven-1554/org/apache/m > > aven/plugins/maven-site-plugin/3.9.0/maven-site-plugin-3.9.0-source-releas > > e.zip > > > > Source release checksum(s): > > maven-site-plugin-3.9.0-source-release.zip sha512: > > b46a0c32e5799ee452f67c41c657271439ea328157e103cffee55be9fc93d980632ab2997 > > 2eed886bc3419b0240fe1051e8789effe4b6f158933eb0bf79ef3f6 > > > > Staging site: > > https://maven.apache.org/plugins-archives/maven-site-plugin-LATEST/ > > > > Guide to testing staged releases: > > https://maven.apache.org/guides/development/guide-testing-releases.html > > > > You can also easily test the reproducibility of this build: > > - install maven-buildinfo-plugin: see > > https://github.com/apache/maven-studies/tree/maven-buildinfo-plugin - on > > any Unix with JDK 7, launch: mvn -Papache-release verify buildinfo:save > > -Dgpg.skip > > -Dreference.repo=https://repository.apache.org/content/repositories/maven > > -1554/ > > > > Vote open for at least 72 hours. > > > > [ ] +1 > > [ ] +0 > > [ ] -1 > > > > > > > > - > > To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org > > For additional commands, e-mail: dev-h...@maven.apache.org > > Mit freundlichem Gruß > Karl-Heinz Marbaise > -- > SoftwareEntwicklung Beratung SchulungTel.: +49 (0) 2405 / 415 893 > Dipl.Ing.(FH) Karl-Heinz MarbaiseUSt.IdNr: DE191347579 > Hauptstrasse 177 > 52146 Würselen https://www.soebes.de > > - > To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org > For additional commands, e-mail: dev-h...@maven.apache.org - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
Re: [DISCUSS] checking reproducible builds
thank you for testing little bug fixed: stupid me, I should have tested this case before asking for feedback: I tested only with central repository, provided as "central" id... please fetch the latest plugin update and retest :) Le samedi 7 mars 2020, 13:12:08 CET Karl Heinz Marbaise a écrit : > Hi Hervé, > > I've tried to check my release via the suggested recipe... > > > Downloaded the maven-studies repo and build the following commit: > 90b426758363123af6fcc9aa7190b837c0551359 (mvn clean install) > > Downloaded the source package > > curl -O > https://repository.apache.org/content/repositories/maven-1555/org/apache/mav > en/plugins/maven-dependency-plugin/3.1.2/maven-dependency-plugin-3.1.2-sourc > e-release.zip > > unzip maven-dependency-plugin-3.1.2-source-release.zip > > cd maven-dependency-plugin-3.1.2 and tried to run the following: > > mvn -Papache-release verify buildinfo:save -Dgpg.skip > -Dreference.repo=https://repository.apache.org/content/repositories/maven-15 > 55/ > > and got the following: > > > [ERROR] Failed to execute goal > org.apache.maven.plugins:maven-buildinfo-plugin:1.0-SNAPSHOT:save > (default-cli) on project maven-dependency-plugin: Error resolving > reference artifact > org.apache.maven.plugins:maven-dependency-plugin:buildinfo:3.1.2: Could > not transfer artifact > org.apache.maven.plugins:maven-dependency-plugin:buildinfo:3.1.2 from/to > reference > (https://repository.apache.org/content/repositories/maven-1555/): Cannot > access https://repository.apache.org/content/repositories/maven-1555/ > with type using the available connector factories: > BasicRepositoryConnectorFactory: Cannot access > https://repository.apache.org/content/repositories/maven-1555/ with type > using the available layout factories: Maven2RepositoryLayoutFactory: > Unsupported repository layout -> [Help 1] > [ERROR] > > > > Kind regards > Karl Heinz Marbaise > > On 07.03.20 11:36, Hervé BOUTEMY wrote: > > Hi, > > > > Yesterday, I made a key step forward for Reproducible Builds with Maven: I > > wrote code to easily check that your local build produces the same > > binaries as the reference binaries published either to staging or to > > Central repository. > > > > For a live example, see the last paragraph of Maven Site Plugin vote that > > just started [1]. > > > > Process to check build output is based on a single plugin goal, currently > > named buildinfo:save [2]: 1. it creates a buildinfo file during build > > recording output fingerprints, that will eventually in the future be > > published to Central repository 2. it downloads reference artifacts > > and/or reference buildinfo and checks that the output of the local build > > is the same as the reference. > > > > Now I want to discuss: is it clear? can you test and report, please? > > > > If the feedback is positive, the next question will be: in which plugin > > should we put this goal to make a release and add it to our parent pom > > during release, so we publish reference buildinfo along our reference > > binaries to Central repository. > > > > Thanks for your feedback > > > > Regards, > > > > Hervé > > > > [1] > > https://lists.apache.org/thread.html/rd3af15d383ddceeb950cd90569e3dcdd6e5 > > a0f5d3cd653ec534b0609%40%3Cdev.maven.apache.org%3E > > > > [2] https://github.com/apache/maven-studies/tree/maven-buildinfo-plugin > > - > To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org > For additional commands, e-mail: dev-h...@maven.apache.org - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
Re: [DISCUSS] checking reproducible builds
Hi, On 07.03.20 14:19, Michael Osipov wrote: Am 2020-03-07 um 11:36 schrieb Hervé BOUTEMY: Hi, Yesterday, I made a key step forward for Reproducible Builds with Maven: I wrote code to easily check that your local build produces the same binaries as the reference binaries published either to staging or to Central repository. For a live example, see the last paragraph of Maven Site Plugin vote that just started [1]. Process to check build output is based on a single plugin goal, currently named buildinfo:save [2]: 1. it creates a buildinfo file during build recording output fingerprints, that will eventually in the future be published to Central repository 2. it downloads reference artifacts and/or reference buildinfo and checks that the output of the local build is the same as the reference. Now I want to discuss: is it clear? can you test and report, please? If the feedback is positive, the next question will be: in which plugin should we put this goal to make a release and add it to our parent pom during release, so we publish reference buildinfo along our reference binaries to Central repository. After even reverting the offending commit from Maven master, I still get: [INFO] --- maven-buildinfo-plugin:1.0-SNAPSHOT:save (default-cli) @ maven-site-plugin --- [INFO] Saved info on build to /var/osipovmi/Projekte/maven-site-plugin/target/maven-site-plugin-3.9.0.buildinfo [INFO] Checking against reference build from https://repository.apache.org/content/repositories/maven-1554/... [INFO] [INFO] BUILD FAILURE [INFO] [INFO] Total time: 01:12 min [INFO] Finished at: 2020-03-07T14:16:18+01:00 [INFO] [ERROR] Failed to execute goal org.apache.maven.plugins:maven-buildinfo-plugin:1.0-SNAPSHOT:save (default-cli) on project maven-site-plugin: Error resolving reference artifact org.apache.maven.plugins:maven-site-plugin:buildinfo:3.9.0: Could not transfer artifact org.apache.maven.plugins:maven-site-plugin:buildinfo:3.9.0 from/to reference (https://repository.apache.org/content/repositories/maven-1554/): Cannot access https://repository.apache.org/content/repositories/maven-1554/ with type using the available connector factories: BasicRepositoryConnectorFactory: Cannot access https://repository.apache.org/content/repositories/maven-1554/ with type using the available layout factories: Maven2RepositoryLayoutFactory: Unsupported repository layout -> [Help 1] [ERROR] [ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch. [ERROR] Re-run Maven using the -X switch to enable full debug logging. [ERROR] [ERROR] For more information about the errors and possible solutions, please read the following articles: [ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException That's exactly the same issue I have reported with Maven 3.6.3 ... Kind regards Karl Heinz Marbaise - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
Re: [DISCUSS] checking reproducible builds
Am 2020-03-07 um 11:36 schrieb Hervé BOUTEMY: Hi, Yesterday, I made a key step forward for Reproducible Builds with Maven: I wrote code to easily check that your local build produces the same binaries as the reference binaries published either to staging or to Central repository. For a live example, see the last paragraph of Maven Site Plugin vote that just started [1]. Process to check build output is based on a single plugin goal, currently named buildinfo:save [2]: 1. it creates a buildinfo file during build recording output fingerprints, that will eventually in the future be published to Central repository 2. it downloads reference artifacts and/or reference buildinfo and checks that the output of the local build is the same as the reference. Now I want to discuss: is it clear? can you test and report, please? If the feedback is positive, the next question will be: in which plugin should we put this goal to make a release and add it to our parent pom during release, so we publish reference buildinfo along our reference binaries to Central repository. After even reverting the offending commit from Maven master, I still get: [INFO] --- maven-buildinfo-plugin:1.0-SNAPSHOT:save (default-cli) @ maven-site-plugin --- [INFO] Saved info on build to /var/osipovmi/Projekte/maven-site-plugin/target/maven-site-plugin-3.9.0.buildinfo [INFO] Checking against reference build from https://repository.apache.org/content/repositories/maven-1554/... [INFO] [INFO] BUILD FAILURE [INFO] [INFO] Total time: 01:12 min [INFO] Finished at: 2020-03-07T14:16:18+01:00 [INFO] [ERROR] Failed to execute goal org.apache.maven.plugins:maven-buildinfo-plugin:1.0-SNAPSHOT:save (default-cli) on project maven-site-plugin: Error resolving reference artifact org.apache.maven.plugins:maven-site-plugin:buildinfo:3.9.0: Could not transfer artifact org.apache.maven.plugins:maven-site-plugin:buildinfo:3.9.0 from/to reference (https://repository.apache.org/content/repositories/maven-1554/): Cannot access https://repository.apache.org/content/repositories/maven-1554/ with type using the available connector factories: BasicRepositoryConnectorFactory: Cannot access https://repository.apache.org/content/repositories/maven-1554/ with type using the available layout factories: Maven2RepositoryLayoutFactory: Unsupported repository layout -> [Help 1] [ERROR] [ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch. [ERROR] Re-run Maven using the -X switch to enable full debug logging. [ERROR] [ERROR] For more information about the errors and possible solutions, please read the following articles: [ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
Re: [DISCUSS] checking reproducible builds
Am 2020-03-07 um 13:45 schrieb Michael Osipov: Am 2020-03-07 um 11:36 schrieb Hervé BOUTEMY: Hi, Yesterday, I made a key step forward for Reproducible Builds with Maven: I wrote code to easily check that your local build produces the same binaries as the reference binaries published either to staging or to Central repository. For a live example, see the last paragraph of Maven Site Plugin vote that just started [1]. Process to check build output is based on a single plugin goal, currently named buildinfo:save [2]: 1. it creates a buildinfo file during build recording output fingerprints, that will eventually in the future be published to Central repository 2. it downloads reference artifacts and/or reference buildinfo and checks that the output of the local build is the same as the reference. Now I want to discuss: is it clear? can you test and report, please? If the feedback is positive, the next question will be: in which plugin should we put this goal to make a release and add it to our parent pom during release, so we publish reference buildinfo along our reference binaries to Central repository. Fails for me with: osipovmi@deblndw011x:~/var/Projekte/maven-site-plugin ((maven-site-plugin-3.9.0) $ ~/apache-maven-3.7.0-SNAPSHOT/bin/mvn -v Apache Maven 3.7.0-SNAPSHOT (f2e9afd788de919646717532d26eca38826e9924) Maven home: /net/home/osipovmi/apache-maven-3.7.0-SNAPSHOT Java version: 1.8.0_242, vendor: Oracle Corporation, runtime: /usr/local/openjdk8/jre Default locale: de_DE, platform encoding: UTF-8 OS name: "freebsd", version: "12.1-stable", arch: "amd64", family: "unix" The build completely stalls at [INFO] Replacing /var/osipovmi/Projekte/maven-site-plugin/target/maven-site-plugin-3.9.0.jar with /var/osipovmi/Projekte/maven-site-plugin/target/maven-site-plugin-3.9.0-shaded.jar [INFO] Dependency-reduced POM written at: /var/osipovmi/Projekte/maven-site-plugin/dependency-reduced-pom.xml CPU time is consumed like hell, I killed the process after 10 min. Looking at it with JConsole shows that main thread is heavy working on org.eclipse.aether.internal.impl.DefaultArtifactResolver.resolve(DefaultArtifactResolver.java:317) org.eclipse.aether.internal.impl.DefaultArtifactResolver.resolveArtifacts(DefaultArtifactResolver.java:229) org.eclipse.aether.internal.impl.DefaultRepositorySystem.resolveDependencies(DefaultRepositorySystem.java:340) org.apache.maven.project.DefaultProjectDependenciesResolver.resolve(DefaultProjectDependenciesResolver.java:203) org.apache.maven.shared.dependency.graph.internal.Maven31DependencyGraphBuilder.resolveDependencies(Maven31DependencyGraphBuilder.java:124) org.apache.maven.shared.dependency.graph.internal.Maven31DependencyGraphBuilder.buildDependencyGraph(Maven31DependencyGraphBuilder.java:110) org.apache.maven.shared.dependency.graph.internal.DefaultDependencyGraphBuilder.buildDependencyGraph(DefaultDependencyGraphBuilder.java:98) org.apache.maven.shared.dependency.graph.internal.DefaultDependencyGraphBuilder.buildDependencyGraph(DefaultDependencyGraphBuilder.java:67 org.apache.maven.plugins.shade.mojo.ShadeMojo.updateExcludesInDeps(ShadeMojo.java:1266) org.apache.maven.plugins.shade.mojo.ShadeMojo.rewriteDependencyReducedPomIfWeHaveReduction(ShadeMojo.java:1188) org.apache.maven.plugins.shade.mojo.ShadeMojo.createDependencyReducedPom(ShadeMojo.java:1098) org.apache.maven.plugins.shade.mojo.ShadeMojo.execute(ShadeMojo.java:599) org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo(DefaultBuildPlug This is a complete contrast to Maven 3.5.4 and not related to this new plugin. A mere "mvn clean verify" on MSITE stalls completely during shade. Need to test more. OK, found it: 716cc1fe02661897232a7cc3e4c1bb3b3df3b832 is the first bad commit commit 716cc1fe02661897232a7cc3e4c1bb3b3df3b832 Author: rfscholte Date: Wed Jan 29 21:18:42 2020 +0100 [MNG-5669] same pom.xml is read multiple times .../java/org/apache/maven/building/FileSource.java | 31 .../org/apache/maven/building/StringSource.java| 33 +++- .../java/org/apache/maven/building/UrlSource.java | 32 +++- .../apache/maven/project/ReactorModelCache.java| 78 +++- .../maven/model/building/ArtifactModelSource.java | 59 ++ .../maven/model/building/DefaultModelBuilder.java | 206 - .../maven/model/building/FileModelSource.java | 9 +- .../apache/maven/model/building/ModelCache.java| 29 +++ .../apache/maven/model/building/ModelCacheTag.java | 26 +++ .../model/superpom/DefaultSuperPomProvider.java| 2 +- .../internal/DefaultArtifactDescriptorReader.java | 7 +- .../repository/internal/DefaultModelResolver.java | 7 +- 12 files changed, 451 insertions(+), 68 deletions(-) create mode 100644 maven-model-builder/src/main/java/org/apache/maven/model/b @Robert, do you want to revert? This requires more testing obviously. Michael
Re: [DISCUSS] checking reproducible builds
Am 2020-03-07 um 11:36 schrieb Hervé BOUTEMY: Hi, Yesterday, I made a key step forward for Reproducible Builds with Maven: I wrote code to easily check that your local build produces the same binaries as the reference binaries published either to staging or to Central repository. For a live example, see the last paragraph of Maven Site Plugin vote that just started [1]. Process to check build output is based on a single plugin goal, currently named buildinfo:save [2]: 1. it creates a buildinfo file during build recording output fingerprints, that will eventually in the future be published to Central repository 2. it downloads reference artifacts and/or reference buildinfo and checks that the output of the local build is the same as the reference. Now I want to discuss: is it clear? can you test and report, please? If the feedback is positive, the next question will be: in which plugin should we put this goal to make a release and add it to our parent pom during release, so we publish reference buildinfo along our reference binaries to Central repository. Fails for me with: osipovmi@deblndw011x:~/var/Projekte/maven-site-plugin ((maven-site-plugin-3.9.0) $ ~/apache-maven-3.7.0-SNAPSHOT/bin/mvn -v Apache Maven 3.7.0-SNAPSHOT (f2e9afd788de919646717532d26eca38826e9924) Maven home: /net/home/osipovmi/apache-maven-3.7.0-SNAPSHOT Java version: 1.8.0_242, vendor: Oracle Corporation, runtime: /usr/local/openjdk8/jre Default locale: de_DE, platform encoding: UTF-8 OS name: "freebsd", version: "12.1-stable", arch: "amd64", family: "unix" The build completely stalls at [INFO] Replacing /var/osipovmi/Projekte/maven-site-plugin/target/maven-site-plugin-3.9.0.jar with /var/osipovmi/Projekte/maven-site-plugin/target/maven-site-plugin-3.9.0-shaded.jar [INFO] Dependency-reduced POM written at: /var/osipovmi/Projekte/maven-site-plugin/dependency-reduced-pom.xml CPU time is consumed like hell, I killed the process after 10 min. Looking at it with JConsole shows that main thread is heavy working on org.eclipse.aether.internal.impl.DefaultArtifactResolver.resolve(DefaultArtifactResolver.java:317) org.eclipse.aether.internal.impl.DefaultArtifactResolver.resolveArtifacts(DefaultArtifactResolver.java:229) org.eclipse.aether.internal.impl.DefaultRepositorySystem.resolveDependencies(DefaultRepositorySystem.java:340) org.apache.maven.project.DefaultProjectDependenciesResolver.resolve(DefaultProjectDependenciesResolver.java:203) org.apache.maven.shared.dependency.graph.internal.Maven31DependencyGraphBuilder.resolveDependencies(Maven31DependencyGraphBuilder.java:124) org.apache.maven.shared.dependency.graph.internal.Maven31DependencyGraphBuilder.buildDependencyGraph(Maven31DependencyGraphBuilder.java:110) org.apache.maven.shared.dependency.graph.internal.DefaultDependencyGraphBuilder.buildDependencyGraph(DefaultDependencyGraphBuilder.java:98) org.apache.maven.shared.dependency.graph.internal.DefaultDependencyGraphBuilder.buildDependencyGraph(DefaultDependencyGraphBuilder.java:67 org.apache.maven.plugins.shade.mojo.ShadeMojo.updateExcludesInDeps(ShadeMojo.java:1266) org.apache.maven.plugins.shade.mojo.ShadeMojo.rewriteDependencyReducedPomIfWeHaveReduction(ShadeMojo.java:1188) org.apache.maven.plugins.shade.mojo.ShadeMojo.createDependencyReducedPom(ShadeMojo.java:1098) org.apache.maven.plugins.shade.mojo.ShadeMojo.execute(ShadeMojo.java:599) org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo(DefaultBuildPlug This is a complete contrast to Maven 3.5.4 and not related to this new plugin. A mere "mvn clean verify" on MSITE stalls completely during shade. Need to test more. Michael - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
Re: [DISCUSS] checking reproducible builds
Am 2020-03-07 um 13:12 schrieb Karl Heinz Marbaise: Hi Hervé, I've tried to check my release via the suggested recipe... Downloaded the maven-studies repo and build the following commit: 90b426758363123af6fcc9aa7190b837c0551359 (mvn clean install) Downloaded the source package curl -O https://repository.apache.org/content/repositories/maven-1555/org/apache/maven/plugins/maven-dependency-plugin/3.1.2/maven-dependency-plugin-3.1.2-source-release.zip unzip maven-dependency-plugin-3.1.2-source-release.zip cd maven-dependency-plugin-3.1.2 and tried to run the following: mvn -Papache-release verify buildinfo:save -Dgpg.skip -Dreference.repo=https://repository.apache.org/content/repositories/maven-1555/ and got the following: [ERROR] Failed to execute goal org.apache.maven.plugins:maven-buildinfo-plugin:1.0-SNAPSHOT:save (default-cli) on project maven-dependency-plugin: Error resolving reference artifact org.apache.maven.plugins:maven-dependency-plugin:buildinfo:3.1.2: Could not transfer artifact org.apache.maven.plugins:maven-dependency-plugin:buildinfo:3.1.2 from/to reference (https://repository.apache.org/content/repositories/maven-1555/): Cannot access https://repository.apache.org/content/repositories/maven-1555/ with type using the available connector factories: BasicRepositoryConnectorFactory: Cannot access https://repository.apache.org/content/repositories/maven-1555/ with type using the available layout factories: Maven2RepositoryLayoutFactory: Unsupported repository layout -> [Help 1] [ERROR] Same here with Maven 3.5.4. - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
Re: [DISCUSS] checking reproducible builds
Hi Hervé, I've tried to check my release via the suggested recipe... Downloaded the maven-studies repo and build the following commit: 90b426758363123af6fcc9aa7190b837c0551359 (mvn clean install) Downloaded the source package curl -O https://repository.apache.org/content/repositories/maven-1555/org/apache/maven/plugins/maven-dependency-plugin/3.1.2/maven-dependency-plugin-3.1.2-source-release.zip unzip maven-dependency-plugin-3.1.2-source-release.zip cd maven-dependency-plugin-3.1.2 and tried to run the following: mvn -Papache-release verify buildinfo:save -Dgpg.skip -Dreference.repo=https://repository.apache.org/content/repositories/maven-1555/ and got the following: [ERROR] Failed to execute goal org.apache.maven.plugins:maven-buildinfo-plugin:1.0-SNAPSHOT:save (default-cli) on project maven-dependency-plugin: Error resolving reference artifact org.apache.maven.plugins:maven-dependency-plugin:buildinfo:3.1.2: Could not transfer artifact org.apache.maven.plugins:maven-dependency-plugin:buildinfo:3.1.2 from/to reference (https://repository.apache.org/content/repositories/maven-1555/): Cannot access https://repository.apache.org/content/repositories/maven-1555/ with type using the available connector factories: BasicRepositoryConnectorFactory: Cannot access https://repository.apache.org/content/repositories/maven-1555/ with type using the available layout factories: Maven2RepositoryLayoutFactory: Unsupported repository layout -> [Help 1] [ERROR] Kind regards Karl Heinz Marbaise On 07.03.20 11:36, Hervé BOUTEMY wrote: Hi, Yesterday, I made a key step forward for Reproducible Builds with Maven: I wrote code to easily check that your local build produces the same binaries as the reference binaries published either to staging or to Central repository. For a live example, see the last paragraph of Maven Site Plugin vote that just started [1]. Process to check build output is based on a single plugin goal, currently named buildinfo:save [2]: 1. it creates a buildinfo file during build recording output fingerprints, that will eventually in the future be published to Central repository 2. it downloads reference artifacts and/or reference buildinfo and checks that the output of the local build is the same as the reference. Now I want to discuss: is it clear? can you test and report, please? If the feedback is positive, the next question will be: in which plugin should we put this goal to make a release and add it to our parent pom during release, so we publish reference buildinfo along our reference binaries to Central repository. Thanks for your feedback Regards, Hervé [1] https://lists.apache.org/thread.html/rd3af15d383ddceeb950cd90569e3dcdd6e5a0f5d3cd653ec534b0609%40%3Cdev.maven.apache.org%3E [2] https://github.com/apache/maven-studies/tree/maven-buildinfo-plugin - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
Re: [VOTE] Release Apache Maven Site Plugin version 3.9.0
Hi, +1 from me. I've tried to check reproducibility of the build but got a number of JavaDoc errors (JDK8 1.8.0.232 MacOS) which failed the checking...That means that the javadoc issues should be fixed for the next release... Kind regards Karl Heinz Marbaise On 06.03.20 22:03, Hervé BOUTEMY wrote: Hi, We solved 5 issues: https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12317923&version=12345725&styleName=Text Staging repo: https://repository.apache.org/content/repositories/maven-1554/ https://repository.apache.org/content/repositories/maven-1554/org/apache/maven/plugins/maven-site-plugin/3.9.0/maven-site-plugin-3.9.0-source-release.zip Source release checksum(s): maven-site-plugin-3.9.0-source-release.zip sha512: b46a0c32e5799ee452f67c41c657271439ea328157e103cffee55be9fc93d980632ab29972eed886bc3419b0240fe1051e8789effe4b6f158933eb0bf79ef3f6 Staging site: https://maven.apache.org/plugins-archives/maven-site-plugin-LATEST/ Guide to testing staged releases: https://maven.apache.org/guides/development/guide-testing-releases.html You can also easily test the reproducibility of this build: - install maven-buildinfo-plugin: see https://github.com/apache/maven-studies/tree/maven-buildinfo-plugin - on any Unix with JDK 7, launch: mvn -Papache-release verify buildinfo:save -Dgpg.skip -Dreference.repo=https://repository.apache.org/content/repositories/maven-1554/ Vote open for at least 72 hours. [ ] +1 [ ] +0 [ ] -1 - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org Mit freundlichem Gruß Karl-Heinz Marbaise -- SoftwareEntwicklung Beratung SchulungTel.: +49 (0) 2405 / 415 893 Dipl.Ing.(FH) Karl-Heinz MarbaiseUSt.IdNr: DE191347579 Hauptstrasse 177 52146 Würselen https://www.soebes.de - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
[VOTE] Release Apache Maven Dependency Plugin version 3.1.2
We solved 23 issues: https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12317227&version=12343772 There are still a couple of issues left in JIRA: https://issues.apache.org/jira/issues/?jql=project%20%3D%20MDEP%20AND%20resolution%20%3D%20Unresolved%20ORDER%20BY%20key%20DESC%2C%20priority%20DESC%2C%20updated%20DESC Staging repo: https://repository.apache.org/content/repositories/maven-1555 https://repository.apache.org/content/repositories/maven-1555/org/apache/maven/plugins/maven-dependency-plugin/3.1.2/maven-dependency-plugin-3.1.2-source-release.zip Source release checksum(s): [NAME-OF]-source-release.zip sha512: e06c1696842682e599c2b7e6a24c58ac0c01ae0d5bf57fcc7269a7fd11092143c598fa82f908ee181d905cb949f44515e14b7b899e5df1aa184d68d2d308f83f Staging site: https://maven.apache.org/plugins-archives/maven-dependency-plugin-LATEST/ Guide to testing staged releases: https://maven.apache.org/guides/development/guide-testing-releases.html Vote open for at least 72 hours. [ ] +1 [ ] +0 [ ] -1 Kind regards Karl Heinz Marbaise - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
[DISCUSS] checking reproducible builds
Hi, Yesterday, I made a key step forward for Reproducible Builds with Maven: I wrote code to easily check that your local build produces the same binaries as the reference binaries published either to staging or to Central repository. For a live example, see the last paragraph of Maven Site Plugin vote that just started [1]. Process to check build output is based on a single plugin goal, currently named buildinfo:save [2]: 1. it creates a buildinfo file during build recording output fingerprints, that will eventually in the future be published to Central repository 2. it downloads reference artifacts and/or reference buildinfo and checks that the output of the local build is the same as the reference. Now I want to discuss: is it clear? can you test and report, please? If the feedback is positive, the next question will be: in which plugin should we put this goal to make a release and add it to our parent pom during release, so we publish reference buildinfo along our reference binaries to Central repository. Thanks for your feedback Regards, Hervé [1] https://lists.apache.org/thread.html/rd3af15d383ddceeb950cd90569e3dcdd6e5a0f5d3cd653ec534b0609%40%3Cdev.maven.apache.org%3E [2] https://github.com/apache/maven-studies/tree/maven-buildinfo-plugin - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
Re: [VOTE] Release Apache Maven Site Plugin version 3.9.0
Am 2020-03-06 um 22:03 schrieb Hervé BOUTEMY: Hi, We solved 5 issues: https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12317923&version=12345725&styleName=Text Staging repo: https://repository.apache.org/content/repositories/maven-1554/ https://repository.apache.org/content/repositories/maven-1554/org/apache/maven/plugins/maven-site-plugin/3.9.0/maven-site-plugin-3.9.0-source-release.zip Source release checksum(s): maven-site-plugin-3.9.0-source-release.zip sha512: b46a0c32e5799ee452f67c41c657271439ea328157e103cffee55be9fc93d980632ab29972eed886bc3419b0240fe1051e8789effe4b6f158933eb0bf79ef3f6 Staging site: https://maven.apache.org/plugins-archives/maven-site-plugin-LATEST/ Guide to testing staged releases: https://maven.apache.org/guides/development/guide-testing-releases.html You can also easily test the reproducibility of this build: - install maven-buildinfo-plugin: see https://github.com/apache/maven-studies/tree/maven-buildinfo-plugin - on any Unix with JDK 7, launch: mvn -Papache-release verify buildinfo:save -Dgpg.skip -Dreference.repo=https://repository.apache.org/content/repositories/maven-1554/ Vote open for at least 72 hours. +1 - To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
