Your message dated Thu, 28 Mar 2024 08:49:51 +0000
with message-id <e1rplsj-00aku1...@fasolo.debian.org>
and subject line Bug#1066045: fixed in maven-bundle-plugin 3.5.1-2.1
has caused the Debian Bug report #1066045,
regarding maven-bundle-plugin: produces nondeterministic ordering in
MANIFEST.MF headers
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1066045: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1066045
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: libmaven-bundle-plugin-java
Severity: wishlist
Tags: patch
User: reproducible-bui...@lists.alioth.debian.org
Usertags: toolchain
Dear Maintainer,
The maven-bundle-plugin utility creates Java .jar archives that contain
non-deterministic contents in the Export-Package, Private-Package and
Include-Resource header fields of the MANIFEST.MF file when listing those files
from the underlying filesystem returns them in differing order.
There is an exisiting report[1] of this problem upstream in the Apache Felix
project, and it has been resolved by a subsequent change[2] to sort the
contents of the relevant field values before they're written to the manifest.
Please find attached a backport of the upstream changeset, which applies
cleanly to the maven-bundle-plugin-3.5.1 sources.
Thank you,
James
[1] - https://issues.apache.org/jira/browse/FELIX-6602
[2] - https://github.com/apache/felix-dev/pull/208
>From d885d99a6a16660f655a4fd18e8a1a39beef0a15 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Herv=C3=A9=20Boutemy?= <hbout...@apache.org>
Date: Sat, 25 Mar 2023 00:18:11 +0100
Subject: [PATCH] FELIX-6602 sort resources and exported packages
---
.../java/org/apache/felix/bundleplugin/BundlePlugin.java | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
--- a/src/main/java/org/apache/felix/bundleplugin/BundlePlugin.java
+++ b/src/main/java/org/apache/felix/bundleplugin/BundlePlugin.java
@@ -1938,6 +1938,7 @@ public class BundlePlugin extends AbstractMojo
scanner.scan();
String[] paths = scanner.getIncludedFiles();
+ Arrays.sort( paths );
for ( int i = 0; i < paths.length; i++ )
{
packages.put( analyzer.getPackageRef( getPackageName( paths[i]
) ) );
@@ -2076,7 +2077,9 @@ public class BundlePlugin extends AbstractMojo
scanner.addDefaultExcludes();
scanner.scan();
- List<String> includedFiles = Arrays.asList(
scanner.getIncludedFiles() );
+ String[] f = scanner.getIncludedFiles();
+ Arrays.sort( f );
+ List<String> includedFiles = Arrays.asList( f );
for ( Iterator<String> j = includedFiles.iterator();
j.hasNext(); )
{
--
2.43.0
--- End Message ---
--- Begin Message ---
Source: maven-bundle-plugin
Source-Version: 3.5.1-2.1
Done: Mattia Rizzolo <mat...@debian.org>
We believe that the bug you reported is fixed in the latest version of
maven-bundle-plugin, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1066...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Mattia Rizzolo <mat...@debian.org> (supplier of updated maven-bundle-plugin
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 27 Mar 2024 18:13:06 +0100
Source: maven-bundle-plugin
Architecture: source
Version: 3.5.1-2.1
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers
<pkg-java-maintain...@lists.alioth.debian.org>
Changed-By: Mattia Rizzolo <mat...@debian.org>
Closes: 1066045
Changes:
maven-bundle-plugin (3.5.1-2.1) unstable; urgency=medium
.
* Non-maintainer upload.
* Apply patch from upstream to fix nondeterministic ordering in MANIFEST.MF
headers. Closes: #1066045
Thanks to James Addison <j...@jp-hosting.net> for bringing up the patch.
Checksums-Sha1:
2d62d1229202afb2c698da7edd7f4f7ef1c8f9f2 2528 maven-bundle-plugin_3.5.1-2.1.dsc
462903578303f600dd3738186596caa41c0053e3 9880
maven-bundle-plugin_3.5.1-2.1.debian.tar.xz
bb3b8c4c230bc869366907e16e2bf0a61e479fa5 11473
maven-bundle-plugin_3.5.1-2.1_amd64.buildinfo
Checksums-Sha256:
cd5e51ce3e59d563d964a883dcff27bcbf965e4d7008605b1f5f9a7b477a65e1 2528
maven-bundle-plugin_3.5.1-2.1.dsc
866ebb653bc825b05a9f272f7c518132631a59bd88a77de2a70399b71883a9bb 9880
maven-bundle-plugin_3.5.1-2.1.debian.tar.xz
c37af9fb759db45d627b2fc1fd8973d2b1476ef9b39d466881fed8f8603be75b 11473
maven-bundle-plugin_3.5.1-2.1_amd64.buildinfo
Files:
ed0b3f2fae1ae6adcf444a1479aab51f 2528 java optional
maven-bundle-plugin_3.5.1-2.1.dsc
bde0e4a92b81419bca6d960fdcd60c4f 9880 java optional
maven-bundle-plugin_3.5.1-2.1.debian.tar.xz
1cb29af7a0b3c2077af23c98adc754ce 11473 java optional
maven-bundle-plugin_3.5.1-2.1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEi3hoeGwz5cZMTQpICBa54Yx2K60FAmYEVQMACgkQCBa54Yx2
K62AaQ/9E4Ha2oZjo+Fbt5qFnDqeFBSuQAK4/D1xa/rvLoWK/S+GrNQhVCxUK6xo
xmg3RVd1eezdnU3Px8Ia0DRRhqYHtqKXyQNEkY6vR5wvzFrDqB+6kx/aKc4HFjJE
Q+IuhmIdTmFJIpjbzCYXI8xpdBXY34C1yxV3bF3tTR+aB6vUJ6/orkx2z7t6jUYj
M3WEsN8EPax1oZxR6c3zVbvG539zEPs6sHI4/236ImWiURe3VtiHmyan/K1GkbGC
VxeUgGnMkMGzS0p0cIX/I5kZMvGR8hEcy9ztLcoFTvXCm5DMf92s4eTE8i7Qm7Az
z4Sj/S0tiEKeVuUe4yuQac9ir5t3s5Plud0Fnx8JHsD5oc0ToVm0jfFwkcXsKOrc
NlyRD6QJORFBncyOMqu1uwjEF3jGJ45lMB75vwEarQWBZE0QofoiLg80uPTciWMa
TmSzQEZex1l0BbJ2bljQAf2Gu3v3x1NWIU4hiSrxHXpD+yENj15PyexShAWcK2RY
O2e+o8kKuiz9KOXSBJ6ffpx96iN5+R5AkU1yXb8ipYknS1zMsW6m3K3gupBO+cIr
fEUC1U1EO+YGe8UOEwgWjgg7+2ptJVRInCQzslAAvjN+zyp7Bw4XpbUKsqagZ8ip
Qvw+4XExOV022/S6z3buL/5CT6dxrbDDBsLMldcnG3G9mkJMLnA=
=2NOr
-----END PGP SIGNATURE-----
pgpO_oiVFiawB.pgp
Description: PGP signature
--- End Message ---
__
This is the maintainer address of Debian's Java team
<https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
Please use
debian-j...@lists.debian.org for discussions and questions.
