You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@maven.apache.org by "Herve Boutemy (Jira)" <ji...@apache.org> on 2020/06/19 06:36:00 UTC
[jira] [Updated] (SUREFIRE-1803) fix reproducibility fragility of
DEPENDENCIES generation
[ https://issues.apache.org/jira/browse/SUREFIRE-1803?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Herve Boutemy updated SUREFIRE-1803:
------------------------------------
Description:
same issue for:
* maven-surefire-plugin-3.0.0-M5.jar
* maven-failsafe-plugin-3.0.0-M5.jar
* maven-surefire-plugin-3.0.0-M5-sources.jar
* maven-failsafe-plugin-3.0.0-M5-sources.jar
{noformat}diffoscope target/reference/maven-surefire-plugin-3.0.0-M5-sources.jar maven-surefire-plugin/target/maven-surefire-plugin-3.0.0-M5-sources.jar
--- target/reference/maven-surefire-plugin-3.0.0-M5-sources.jar
+++ maven-surefire-plugin/target/maven-surefire-plugin-3.0.0-M5-sources.jar
├── zipinfo /dev/stdin
│ @@ -1,19 +1,19 @@
│ -Zip file size: 19946 bytes, number of entries: 17
│ +Zip file size: 19993 bytes, number of entries: 17
│ -rw-r--r-- 2.0 unx 64 b- defN 20-Jun-10 18:11 META-INF/MANIFEST.MF
│ drwxr-xr-x 2.0 unx 0 b- stor 20-Jun-10 18:11 META-INF/
│ drwxr-xr-x 2.0 unx 0 b- stor 20-Jun-10 18:11 org/
│ drwxr-xr-x 2.0 unx 0 b- stor 20-Jun-10 18:11 org/apache/
│ drwxr-xr-x 2.0 unx 0 b- stor 20-Jun-10 18:11 org/apache/maven/
│ drwxr-xr-x 2.0 unx 0 b- stor 20-Jun-10 18:11 org/apache/maven/plugin/
│ drwxr-xr-x 2.0 unx 0 b- stor 20-Jun-10 18:11 org/apache/maven/plugin/surefire/
│ drwxr-xr-x 2.0 unx 0 b- stor 20-Jun-10 18:11 META-INF/maven/
│ drwxr-xr-x 2.0 unx 0 b- stor 20-Jun-10 18:11 META-INF/maven/org.apache.maven.plugins/
│ drwxr-xr-x 2.0 unx 0 b- stor 20-Jun-10 18:11 META-INF/maven/org.apache.maven.plugins/maven-surefire-plugin/
│ --rw-r--r-- 2.0 unx 3842 b- defN 20-Jun-10 18:11 META-INF/DEPENDENCIES
│ +-rw-r--r-- 2.0 unx 4309 b- defN 20-Jun-10 18:11 META-INF/DEPENDENCIES
│ -rw-r--r-- 2.0 unx 11358 b- defN 20-Jun-10 18:11 META-INF/LICENSE
│ -rw-r--r-- 2.0 unx 178 b- defN 20-Jun-10 18:11 META-INF/NOTICE
│ -rw-r--r-- 2.0 unx 28497 b- defN 20-Jun-10 18:11 org/apache/maven/plugin/surefire/SurefirePlugin.java
│ -rw-r--r-- 2.0 unx 15261 b- defN 20-Jun-10 18:11 org/apache/maven/plugin/surefire/HelpMojo.java
│ -rw-r--r-- 2.0 unx 8047 b- defN 20-Jun-10 18:11 META-INF/maven/org.apache.maven.plugins/maven-surefire-plugin/pom.xml
│ -rw-r--r-- 2.0 unx 86 b- defN 20-Jun-10 18:11 META-INF/maven/org.apache.maven.plugins/maven-surefire-plugin/pom.properties
│ -17 files, 67333 bytes uncompressed, 17572 bytes compressed: 73.9%
│ +17 files, 67800 bytes uncompressed, 17619 bytes compressed: 74.0%
├── META-INF/DEPENDENCIES
│ @@ -6,23 +6,29 @@
│ Maven Surefire Plugin
│
│
│ From: 'an unknown organization'
│ - QDox (https://github.com/paul-hammant/qdox) com.thoughtworks.qdox:qdox:jar:2.0-M9
│ License: The Apache Software License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0.txt)
│
│ +From: 'Codehaus' (http://www.codehaus.org/)
│ + - Plexus Common Utilities (http://plexus.codehaus.org/plexus-utils) org.codehaus.plexus:plexus-utils:jar:1.5.5
│ + License: The Apache Software License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0.txt)
│ +
│ From: 'Codehaus Plexus' (https://codehaus-plexus.github.io/)
│ - Plexus Languages :: Java (https://codehaus-plexus.github.io/plexus-languages/plexus-java/) org.codehaus.plexus:plexus-java:jar:1.0.5
│ License: Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0.txt)
│
│ From: 'OW2' (http://www.ow2.org/)
│ - asm (http://asm.ow2.io/) org.ow2.asm:asm:jar:7.2
│ License: BSD-3-Clause (https://asm.ow2.io/license.html)
│
│ From: 'The Apache Software Foundation' (http://www.apache.org/)
│ + - Maven Artifact (http://maven.apache.org/maven-artifact/) org.apache.maven:maven-artifact:jar:3.0
│ + License: The Apache Software License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0.txt)
│ - Maven Plugin API (http://maven.apache.org/maven-plugin-api/) org.apache.maven:maven-plugin-api:jar:3.0
│ License: The Apache Software License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0.txt)
│ - Maven Toolchains (http://maven.apache.org/maven-toolchain/) org.apache.maven:maven-toolchain:jar:3.0-alpha-2
│ License: The Apache Software License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0.txt)
│
│ From: 'The Apache Software Foundation' (https://www.apache.org/)
│ - Apache Commons Codec (http://commons.apache.org/proper/commons-codec/) commons-codec:commons-codec:jar:1.11{noformat}
it looks like the reference build has failed to get the license for 2 dependencies (plexus-utils and maven-artifact), which was silently ignored...
was:
same issue for:
* maven-surefire-plugin-3.0.0-M5.jar
* maven-failsafe-plugin-3.0.0-M5.jar
*
{noformat}diffoscope target/reference/maven-surefire-plugin-3.0.0-M5-sources.jar maven-surefire-plugin/target/maven-surefire-plugin-3.0.0-M5-sources.jar
--- target/reference/maven-surefire-plugin-3.0.0-M5-sources.jar
+++ maven-surefire-plugin/target/maven-surefire-plugin-3.0.0-M5-sources.jar
├── zipinfo /dev/stdin
│ @@ -1,19 +1,19 @@
│ -Zip file size: 19946 bytes, number of entries: 17
│ +Zip file size: 19993 bytes, number of entries: 17
│ -rw-r--r-- 2.0 unx 64 b- defN 20-Jun-10 18:11 META-INF/MANIFEST.MF
│ drwxr-xr-x 2.0 unx 0 b- stor 20-Jun-10 18:11 META-INF/
│ drwxr-xr-x 2.0 unx 0 b- stor 20-Jun-10 18:11 org/
│ drwxr-xr-x 2.0 unx 0 b- stor 20-Jun-10 18:11 org/apache/
│ drwxr-xr-x 2.0 unx 0 b- stor 20-Jun-10 18:11 org/apache/maven/
│ drwxr-xr-x 2.0 unx 0 b- stor 20-Jun-10 18:11 org/apache/maven/plugin/
│ drwxr-xr-x 2.0 unx 0 b- stor 20-Jun-10 18:11 org/apache/maven/plugin/surefire/
│ drwxr-xr-x 2.0 unx 0 b- stor 20-Jun-10 18:11 META-INF/maven/
│ drwxr-xr-x 2.0 unx 0 b- stor 20-Jun-10 18:11 META-INF/maven/org.apache.maven.plugins/
│ drwxr-xr-x 2.0 unx 0 b- stor 20-Jun-10 18:11 META-INF/maven/org.apache.maven.plugins/maven-surefire-plugin/
│ --rw-r--r-- 2.0 unx 3842 b- defN 20-Jun-10 18:11 META-INF/DEPENDENCIES
│ +-rw-r--r-- 2.0 unx 4309 b- defN 20-Jun-10 18:11 META-INF/DEPENDENCIES
│ -rw-r--r-- 2.0 unx 11358 b- defN 20-Jun-10 18:11 META-INF/LICENSE
│ -rw-r--r-- 2.0 unx 178 b- defN 20-Jun-10 18:11 META-INF/NOTICE
│ -rw-r--r-- 2.0 unx 28497 b- defN 20-Jun-10 18:11 org/apache/maven/plugin/surefire/SurefirePlugin.java
│ -rw-r--r-- 2.0 unx 15261 b- defN 20-Jun-10 18:11 org/apache/maven/plugin/surefire/HelpMojo.java
│ -rw-r--r-- 2.0 unx 8047 b- defN 20-Jun-10 18:11 META-INF/maven/org.apache.maven.plugins/maven-surefire-plugin/pom.xml
│ -rw-r--r-- 2.0 unx 86 b- defN 20-Jun-10 18:11 META-INF/maven/org.apache.maven.plugins/maven-surefire-plugin/pom.properties
│ -17 files, 67333 bytes uncompressed, 17572 bytes compressed: 73.9%
│ +17 files, 67800 bytes uncompressed, 17619 bytes compressed: 74.0%
├── META-INF/DEPENDENCIES
│ @@ -6,23 +6,29 @@
│ Maven Surefire Plugin
│
│
│ From: 'an unknown organization'
│ - QDox (https://github.com/paul-hammant/qdox) com.thoughtworks.qdox:qdox:jar:2.0-M9
│ License: The Apache Software License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0.txt)
│
│ +From: 'Codehaus' (http://www.codehaus.org/)
│ + - Plexus Common Utilities (http://plexus.codehaus.org/plexus-utils) org.codehaus.plexus:plexus-utils:jar:1.5.5
│ + License: The Apache Software License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0.txt)
│ +
│ From: 'Codehaus Plexus' (https://codehaus-plexus.github.io/)
│ - Plexus Languages :: Java (https://codehaus-plexus.github.io/plexus-languages/plexus-java/) org.codehaus.plexus:plexus-java:jar:1.0.5
│ License: Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0.txt)
│
│ From: 'OW2' (http://www.ow2.org/)
│ - asm (http://asm.ow2.io/) org.ow2.asm:asm:jar:7.2
│ License: BSD-3-Clause (https://asm.ow2.io/license.html)
│
│ From: 'The Apache Software Foundation' (http://www.apache.org/)
│ + - Maven Artifact (http://maven.apache.org/maven-artifact/) org.apache.maven:maven-artifact:jar:3.0
│ + License: The Apache Software License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0.txt)
│ - Maven Plugin API (http://maven.apache.org/maven-plugin-api/) org.apache.maven:maven-plugin-api:jar:3.0
│ License: The Apache Software License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0.txt)
│ - Maven Toolchains (http://maven.apache.org/maven-toolchain/) org.apache.maven:maven-toolchain:jar:3.0-alpha-2
│ License: The Apache Software License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0.txt)
│
│ From: 'The Apache Software Foundation' (https://www.apache.org/)
│ - Apache Commons Codec (http://commons.apache.org/proper/commons-codec/) commons-codec:commons-codec:jar:1.11{noformat}
it looks like the reference build has failed to get the license for 2 dependencies (plexus-utils and maven-artifact), which was silently ignored...
> fix reproducibility fragility of DEPENDENCIES generation
> --------------------------------------------------------
>
> Key: SUREFIRE-1803
> URL: https://issues.apache.org/jira/browse/SUREFIRE-1803
> Project: Maven Surefire
> Issue Type: Sub-task
> Affects Versions: 3.0.0-M5
> Reporter: Herve Boutemy
> Priority: Major
>
> same issue for:
> * maven-surefire-plugin-3.0.0-M5.jar
> * maven-failsafe-plugin-3.0.0-M5.jar
> * maven-surefire-plugin-3.0.0-M5-sources.jar
> * maven-failsafe-plugin-3.0.0-M5-sources.jar
> {noformat}diffoscope target/reference/maven-surefire-plugin-3.0.0-M5-sources.jar maven-surefire-plugin/target/maven-surefire-plugin-3.0.0-M5-sources.jar
> --- target/reference/maven-surefire-plugin-3.0.0-M5-sources.jar
> +++ maven-surefire-plugin/target/maven-surefire-plugin-3.0.0-M5-sources.jar
> ├── zipinfo /dev/stdin
> │ @@ -1,19 +1,19 @@
> │ -Zip file size: 19946 bytes, number of entries: 17
> │ +Zip file size: 19993 bytes, number of entries: 17
> │ -rw-r--r-- 2.0 unx 64 b- defN 20-Jun-10 18:11 META-INF/MANIFEST.MF
> │ drwxr-xr-x 2.0 unx 0 b- stor 20-Jun-10 18:11 META-INF/
> │ drwxr-xr-x 2.0 unx 0 b- stor 20-Jun-10 18:11 org/
> │ drwxr-xr-x 2.0 unx 0 b- stor 20-Jun-10 18:11 org/apache/
> │ drwxr-xr-x 2.0 unx 0 b- stor 20-Jun-10 18:11 org/apache/maven/
> │ drwxr-xr-x 2.0 unx 0 b- stor 20-Jun-10 18:11 org/apache/maven/plugin/
> │ drwxr-xr-x 2.0 unx 0 b- stor 20-Jun-10 18:11 org/apache/maven/plugin/surefire/
> │ drwxr-xr-x 2.0 unx 0 b- stor 20-Jun-10 18:11 META-INF/maven/
> │ drwxr-xr-x 2.0 unx 0 b- stor 20-Jun-10 18:11 META-INF/maven/org.apache.maven.plugins/
> │ drwxr-xr-x 2.0 unx 0 b- stor 20-Jun-10 18:11 META-INF/maven/org.apache.maven.plugins/maven-surefire-plugin/
> │ --rw-r--r-- 2.0 unx 3842 b- defN 20-Jun-10 18:11 META-INF/DEPENDENCIES
> │ +-rw-r--r-- 2.0 unx 4309 b- defN 20-Jun-10 18:11 META-INF/DEPENDENCIES
> │ -rw-r--r-- 2.0 unx 11358 b- defN 20-Jun-10 18:11 META-INF/LICENSE
> │ -rw-r--r-- 2.0 unx 178 b- defN 20-Jun-10 18:11 META-INF/NOTICE
> │ -rw-r--r-- 2.0 unx 28497 b- defN 20-Jun-10 18:11 org/apache/maven/plugin/surefire/SurefirePlugin.java
> │ -rw-r--r-- 2.0 unx 15261 b- defN 20-Jun-10 18:11 org/apache/maven/plugin/surefire/HelpMojo.java
> │ -rw-r--r-- 2.0 unx 8047 b- defN 20-Jun-10 18:11 META-INF/maven/org.apache.maven.plugins/maven-surefire-plugin/pom.xml
> │ -rw-r--r-- 2.0 unx 86 b- defN 20-Jun-10 18:11 META-INF/maven/org.apache.maven.plugins/maven-surefire-plugin/pom.properties
> │ -17 files, 67333 bytes uncompressed, 17572 bytes compressed: 73.9%
> │ +17 files, 67800 bytes uncompressed, 17619 bytes compressed: 74.0%
> ├── META-INF/DEPENDENCIES
> │ @@ -6,23 +6,29 @@
> │ Maven Surefire Plugin
> │
> │
> │ From: 'an unknown organization'
> │ - QDox (https://github.com/paul-hammant/qdox) com.thoughtworks.qdox:qdox:jar:2.0-M9
> │ License: The Apache Software License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0.txt)
> │
> │ +From: 'Codehaus' (http://www.codehaus.org/)
> │ + - Plexus Common Utilities (http://plexus.codehaus.org/plexus-utils) org.codehaus.plexus:plexus-utils:jar:1.5.5
> │ + License: The Apache Software License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0.txt)
> │ +
> │ From: 'Codehaus Plexus' (https://codehaus-plexus.github.io/)
> │ - Plexus Languages :: Java (https://codehaus-plexus.github.io/plexus-languages/plexus-java/) org.codehaus.plexus:plexus-java:jar:1.0.5
> │ License: Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0.txt)
> │
> │ From: 'OW2' (http://www.ow2.org/)
> │ - asm (http://asm.ow2.io/) org.ow2.asm:asm:jar:7.2
> │ License: BSD-3-Clause (https://asm.ow2.io/license.html)
> │
> │ From: 'The Apache Software Foundation' (http://www.apache.org/)
> │ + - Maven Artifact (http://maven.apache.org/maven-artifact/) org.apache.maven:maven-artifact:jar:3.0
> │ + License: The Apache Software License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0.txt)
> │ - Maven Plugin API (http://maven.apache.org/maven-plugin-api/) org.apache.maven:maven-plugin-api:jar:3.0
> │ License: The Apache Software License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0.txt)
> │ - Maven Toolchains (http://maven.apache.org/maven-toolchain/) org.apache.maven:maven-toolchain:jar:3.0-alpha-2
> │ License: The Apache Software License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0.txt)
> │
> │ From: 'The Apache Software Foundation' (https://www.apache.org/)
> │ - Apache Commons Codec (http://commons.apache.org/proper/commons-codec/) commons-codec:commons-codec:jar:1.11{noformat}
> it looks like the reference build has failed to get the license for 2 dependencies (plexus-utils and maven-artifact), which was silently ignored...
--
This message was sent by Atlassian Jira
(v8.3.4#803005)