You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@commons.apache.org by "Chanseok Oh (Jira)" <ji...@apache.org> on 2021/07/21 22:15:04 UTC

[jira] [Updated] (COMPRESS-583) 1.21 generates different output binaries compared to older versions as well as on different OSes

     [ https://issues.apache.org/jira/browse/COMPRESS-583?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Chanseok Oh updated COMPRESS-583:
---------------------------------
    Description: 
Upgrading {{commons-compress}} had always been generating the same compressed output byte-to-byte for the same input (i.e., their SHA checksum didn't change between versions). However, starting with 1.21, we noticed it's generating different output than what previous versions are generating.

We also noticed that the same code generates different binaries on different OSes. For example, 1.21 on Linux is different from 1.21 on Mac.

However, at least on the same OS, 1.21 seems to reproducibly generate the same output.

See the context at [https://github.com/GoogleContainerTools/jib/pull/3342]

 
----
UPDATE: running diffoscope reveals that 1.21 is picking up the user and group of a local environment for a tar directory entry.

(output below is manually reformatted for readability)

{{$ diffoscope 6d2763b0f3940d324ea6b55386429e5b173899608abf7d1bff62e25dd2e4dcea.tar.gz 32258c626498c13412679442e3417811bc7ab801c6928da2c2a97e0bbc380a88.tar.gz }}
{{--- 6d2763b0f3940d324ea6b55386429e5b173899608abf7d1bff62e25dd2e4dcea.tar.gz}}
{{+++ 32258c626498c13412679442e3417811bc7ab801c6928da2c2a97e0bbc380a88.tar.gz}}
{{│ --- 6d2763b0f3940d324ea6b55386429e5b173899608abf7d1bff62e25dd2e4dcea.tar}}
{{├── +++ 32258c626498c13412679442e3417811bc7ab801c6928da2c2a97e0bbc380a88.tar}}
{{│ ├── file list}}
{{│ │ @@ -1,3 +1,3 @@}}
{{│ │ {color:#00875a}-drwxr-xr-x 0                 0          0 0 1970-01-01 00:00:01.000000 app/{color}}}
{{│ │ {color:#FF0000}+drwxr-xr-x 0 chanseok (252384) eng (5000) 0 1970-01-01 00:00:01.000000 app/{color}}}
{{│ │ -rw-r--r--  0                 0          0 0 1970-01-01 00:00:01.000000 app/fileB.txt}}
{{│ │ -rw-r--r--  0                 0          0 0 1970-01-01 00:00:01.000000 app/fileC.txt}}

 

  was:
Upgrading {{commons-compress}} had always been generating the same compressed output byte-to-byte for the same input (i.e., their SHA checksum didn't change between versions). However, starting with 1.21, we noticed it's generating different output than what previous versions are generating.

We also noticed that the same code generates different binaries on different OSes. For example, 1.21 on Linux is different from 1.21 on Mac.

However, at least on the same OS, 1.21 seems to reproducibly generate the same output.

See the context at https://github.com/GoogleContainerTools/jib/pull/3342


> 1.21 generates different output binaries compared to older versions as well as on different OSes
> ------------------------------------------------------------------------------------------------
>
>                 Key: COMPRESS-583
>                 URL: https://issues.apache.org/jira/browse/COMPRESS-583
>             Project: Commons Compress
>          Issue Type: Bug
>    Affects Versions: 1.21
>            Reporter: Chanseok Oh
>            Priority: Major
>
> Upgrading {{commons-compress}} had always been generating the same compressed output byte-to-byte for the same input (i.e., their SHA checksum didn't change between versions). However, starting with 1.21, we noticed it's generating different output than what previous versions are generating.
> We also noticed that the same code generates different binaries on different OSes. For example, 1.21 on Linux is different from 1.21 on Mac.
> However, at least on the same OS, 1.21 seems to reproducibly generate the same output.
> See the context at [https://github.com/GoogleContainerTools/jib/pull/3342]
>  
> ----
> UPDATE: running diffoscope reveals that 1.21 is picking up the user and group of a local environment for a tar directory entry.
> (output below is manually reformatted for readability)
> {{$ diffoscope 6d2763b0f3940d324ea6b55386429e5b173899608abf7d1bff62e25dd2e4dcea.tar.gz 32258c626498c13412679442e3417811bc7ab801c6928da2c2a97e0bbc380a88.tar.gz }}
> {{--- 6d2763b0f3940d324ea6b55386429e5b173899608abf7d1bff62e25dd2e4dcea.tar.gz}}
> {{+++ 32258c626498c13412679442e3417811bc7ab801c6928da2c2a97e0bbc380a88.tar.gz}}
> {{│ --- 6d2763b0f3940d324ea6b55386429e5b173899608abf7d1bff62e25dd2e4dcea.tar}}
> {{├── +++ 32258c626498c13412679442e3417811bc7ab801c6928da2c2a97e0bbc380a88.tar}}
> {{│ ├── file list}}
> {{│ │ @@ -1,3 +1,3 @@}}
> {{│ │ {color:#00875a}-drwxr-xr-x 0                 0          0 0 1970-01-01 00:00:01.000000 app/{color}}}
> {{│ │ {color:#FF0000}+drwxr-xr-x 0 chanseok (252384) eng (5000) 0 1970-01-01 00:00:01.000000 app/{color}}}
> {{│ │ -rw-r--r--  0                 0          0 0 1970-01-01 00:00:01.000000 app/fileB.txt}}
> {{│ │ -rw-r--r--  0                 0          0 0 1970-01-01 00:00:01.000000 app/fileC.txt}}
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)