You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@maven.apache.org by "Hans-Christoph Steiner (Jira)" <ji...@apache.org> on 2019/12/19 11:07:00 UTC

[jira] [Comment Edited] (MSHARED-849) archiver sorts META-INF/MANIFEST.MF before META-INF/ in ZIP header

    [ https://issues.apache.org/jira/browse/MSHARED-849?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16999964#comment-16999964 ] 

Hans-Christoph Steiner edited comment on MSHARED-849 at 12/19/19 11:06 AM:
---------------------------------------------------------------------------

Android APKs provide a perhaps interesting and relevant example, the Android tools entirely omit the directory-only entries. APK is based on JAR, with some differences, like `AndroidManifest.xml` being the first entry rather than `META-INF/MANIFEST.MF`:


{{ $ unzip -l app/build/outputs/apk/debug/app-debug.apk }}
{{ Archive: app/build/outputs/apk/debug/app-debug.apk}}
{{ Length Date Time Name}}
{{ --------- ---------- ----- ----}}
{{ 4720 1980-00-00 00:00 AndroidManifest.xml}}
{{ 784 1980-00-00 00:00 META-INF/CERT.RSA}}
{{ 9805 1980-00-00 00:00 META-INF/CERT.SF}}
{{ 9743 1980-00-00 00:00 META-INF/MANIFEST.MF}}
{{ 6 1980-00-00 00:00 META-INF/androidx.localbroadcastmanager_localbroadcastmanager.version}}
{{ 308 1980-00-00 00:00 META-INF/proguard/androidx-annotations.pro}}
{{ 4913550 1980-00-00 00:00 assets/geoip}}
{{ 3156350 1980-00-00 00:00 assets/geoip6}}
{{ 202280 1980-00-00 00:00 classes.dex}}
{{ 5686724 1980-00-00 00:00 lib/x86/libtor.so}}
{{ 832 1980-00-00 00:00 res/drawable/ic_launcher.xml}}
{{ 2968 1980-00-00 00:00 res/layout/activity_about.xml}}
{{ 1472 1980-00-00 00:00 res/xml/preferences.xml}}
{{ 3088 1980-00-00 00:00 resources.arsc}}
{{ --------- -------}}


was (Author: eighthave):
Android APKs provide a perhaps interesting and relevant example, the Android tools entirely omit the directory-only entries.  APK is based on JAR, with some differences, like `AndroidManifest.xml` being the first entry rather than `META-INF/MANIFEST.MF`:

{{
$ unzip -l app/build/outputs/apk/debug/app-debug.apk 
Archive:  app/build/outputs/apk/debug/app-debug.apk
  Length      Date    Time    Name
---------  ---------- -----   ----
     4720  1980-00-00 00:00   AndroidManifest.xml
      784  1980-00-00 00:00   META-INF/CERT.RSA
     9805  1980-00-00 00:00   META-INF/CERT.SF
     9743  1980-00-00 00:00   META-INF/MANIFEST.MF
        6  1980-00-00 00:00   META-INF/androidx.localbroadcastmanager_localbroadcastmanager.version
      308  1980-00-00 00:00   META-INF/proguard/androidx-annotations.pro
     8939  1980-00-00 00:00   allclasses-index.html
     2763  1980-00-00 00:00   allclasses.html
     5047  1980-00-00 00:00   allpackages-index.html
  4913550  1980-00-00 00:00   assets/geoip
  3156350  1980-00-00 00:00   assets/geoip6
   202280  1980-00-00 00:00   classes.dex
  5686724  1980-00-00 00:00   lib/x86/libtor.so
      832  1980-00-00 00:00   res/drawable/ic_launcher.xml
     2968  1980-00-00 00:00   res/layout/activity_about.xml
     1472  1980-00-00 00:00   res/xml/preferences.xml
     3088  1980-00-00 00:00   resources.arsc
---------                     -------
}}

> archiver sorts META-INF/MANIFEST.MF before META-INF/ in ZIP header
> ------------------------------------------------------------------
>
>                 Key: MSHARED-849
>                 URL: https://issues.apache.org/jira/browse/MSHARED-849
>             Project: Maven Shared Components
>          Issue Type: Bug
>          Components: maven-archiver
>    Affects Versions: maven-archiver-3.5.0
>         Environment: Debian/buster
>            Reporter: Hans-Christoph Steiner
>            Priority: Major
>              Labels: reproducible-builds
>
> I found a small bug in maven archiver: META-INF/ is added to the ZIP after
>  META-INF/MANIFEST.MF, while _gradle_ always puts the dir before any files
>  in that dir (which I think makes sense). Here is a diff of the same library built with _maven_ and _gradle_ to illustrate this:
> {code:bash}
> $ diffoscope target/jtorctl-0.3.1-SNAPSHOT.jar build/libs/jtorctl-0.4-3-g27c6980.jar
> --- target/jtorctl-0.3.1-SNAPSHOT.jar
> +++ build/libs/jtorctl-0.4-3-g27c6980.jar
> ├── zipinfo /dev/stdin
> │ @@ -1,22 +1,22 @@
> │ -Zip file size: 26915 bytes, number of entries: 20
> │ +Zip file size: 26925 bytes, number of entries: 20
> │ +drwxr-xr-x  2.0 unx        0 b- defN 80-Feb-01 00:00 META-INF/
> │  -rw-r--r--  2.0 unx       25 b- defN 80-Feb-01 00:00 META-INF/MANIFEST.MF
> │ -drwxr-xr-x  2.0 unx        0 b- stor 80-Feb-01 00:00 META-INF/
> │ -drwxr-xr-x  2.0 unx        0 b- stor 80-Feb-01 00:00 net/
> │ -drwxr-xr-x  2.0 unx        0 b- stor 80-Feb-01 00:00 net/freehaven/
> │ -drwxr-xr-x  2.0 unx        0 b- stor 80-Feb-01 00:00 net/freehaven/tor/
> │ -drwxr-xr-x  2.0 unx        0 b- stor 80-Feb-01 00:00 net/freehaven/tor/control/
> │ +drwxr-xr-x  2.0 unx        0 b- defN 80-Feb-01 00:00 net/
> │ +drwxr-xr-x  2.0 unx        0 b- defN 80-Feb-01 00:00 net/freehaven/
> │ +drwxr-xr-x  2.0 unx        0 b- defN 80-Feb-01 00:00 net/freehaven/tor/
> │ +drwxr-xr-x  2.0 unx        0 b- defN 80-Feb-01 00:00 net/freehaven/tor/control/
> │  -rw-r--r--  2.0 unx     2933 b- defN 80-Feb-01 00:00 net/freehaven/tor/control/Bytes.class
> │  -rw-r--r--  2.0 unx      650 b- defN 80-Feb-01 00:00 net/freehaven/tor/control/ConfigEntry.class
> │  -rw-r--r--  2.0 unx      485 b- defN 80-Feb-01 00:00 net/freehaven/tor/control/EventHandler.class
> │  -rw-r--r--  2.0 unx     3621 b- defN 80-Feb-01 00:00 net/freehaven/tor/control/EventListener.class
> │  -rw-r--r--  2.0 unx     1448 b- defN 80-Feb-01 00:00 net/freehaven/tor/control/NullEventHandler.class
> │  -rw-r--r--  2.0 unx     2507 b- defN 80-Feb-01 00:00 net/freehaven/tor/control/PasswordDigest.class
> │  -rw-r--r--  2.0 unx      197 b- defN 80-Feb-01 00:00 net/freehaven/tor/control/RawEventListener.class
> │  -rw-r--r--  2.0 unx     9741 b- defN 80-Feb-01 00:00 net/freehaven/tor/control/TorControlCommands.class
> │  -rw-r--r--  2.0 unx      962 b- defN 80-Feb-01 00:00 net/freehaven/tor/control/TorControlConnection$ControlParseThread.class
> │  -rw-r--r--  2.0 unx      662 b- defN 80-Feb-01 00:00 net/freehaven/tor/control/TorControlConnection$ReplyLine.class
> │  -rw-r--r--  2.0 unx     1403 b- defN 80-Feb-01 00:00 net/freehaven/tor/control/TorControlConnection$Waiter.class
> │  -rw-r--r--  2.0 unx    27243 b- defN 80-Feb-01 00:00 net/freehaven/tor/control/TorControlConnection.class
> │  -rw-r--r--  2.0 unx     1299 b- defN 80-Feb-01 00:00 net/freehaven/tor/control/TorControlError.class
> │  -rw-r--r--  2.0 unx      461 b- defN 80-Feb-01 00:00 net/freehaven/tor/control/TorControlSyntaxError.class
> │ -20 files, 53637 bytes uncompressed, 23781 bytes compressed:  55.7%
> │ +20 files, 53637 bytes uncompressed, 23791 bytes compressed:  55.6%
> ├── zipnote {}
> │ @@ -1,11 +1,11 @@
> │ -Filename: META-INF/MANIFEST.MF
> │ +Filename: META-INF/
> │  Comment:
> │
> │ -Filename: META-INF/
> │ +Filename: META-INF/MANIFEST.MF
> │  Comment:
> │
> │  Filename: net/
> │  Comment:
> │
> │  Filename: net/freehaven/
> │  Comment:
> ├── filetype from file(1)
> │ @@ -1 +1 @@
> │ -Zip archive data, at least v2.0 to extract
> │ +Zip archive data, at least v1.0 to extract
> {code}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)