You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@maven.apache.org by "Herve Boutemy (Jira)" <ji...@apache.org> on 2023/02/06 07:12:00 UTC

[jira] [Commented] (MASSEMBLY-941) file permissions removed during assembly:single since 3.2.0

    [ https://issues.apache.org/jira/browse/MASSEMBLY-941?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17684457#comment-17684457 ] 

Herve Boutemy commented on MASSEMBLY-941:
-----------------------------------------

just for reference, MASSEMBLY-921 flags were overridden to try to avoid depending on builder's umask configuration when cloning the source code, because usually some people use 002 and others 022 (I won't dig into more exotic cases...), and also avoid the consequences of one builder on Windows (that does not know about execution flag) while the other is on *nix

FYI, here is an example of different build results: by default, my local env has umask 002, but reference build was done with umask 022 => I had to add the umask requirement to rebuild with success the affected artifact https://github.com/jvm-repo-rebuild/reproducible-central/commit/626485c96d069fea2107a8162e8f388b358ebb67

> file permissions removed during assembly:single since 3.2.0
> -----------------------------------------------------------
>
>                 Key: MASSEMBLY-941
>                 URL: https://issues.apache.org/jira/browse/MASSEMBLY-941
>             Project: Maven Assembly Plugin
>          Issue Type: Bug
>          Components: permissions
>    Affects Versions: 3.2.0, 3.3.0
>            Reporter: Christopher Tubbs
>            Assignee: Herve Boutemy
>            Priority: Critical
>             Fix For: next-release
>
>
> Since MASSEMBLY-921 in 3.2.0, existing file permissions seem to be ignored when creating a tarball assembly, and files stored in the assembly do not have their original file permissions preserved.
> Using version 3.1.1 of this plugin and earlier, when creating a tar.gz, existing file permissions are normally preserved. This is now broken in 3.2.0, unless the component descriptor explicitly sets the fileModes.
> This was discovered trying to prepare a release candidate for Apache Accumulo using the apache-23.pom parent POM's predefined `source-release-tar` descriptor using the `single` goal. We noticed that the resulting source-release tarball had stripped all the executable permissions from our scripts, instead of preserving them. This makes the resulting source release more difficult to build from source.
> A source-release assembly, and any other assembly that does not specify the file permissions explicitly, should preserve the existing file permissions, just as it used to with 3.1.1 and earlier.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)