You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@maven.apache.org by hb...@apache.org on 2021/10/09 16:52:00 UTC

[maven-artifact-plugin] branch master updated: [MARTIFACT-27] warn if Reproducible Builds mode not activated

This is an automated email from the ASF dual-hosted git repository.

hboutemy pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/maven-artifact-plugin.git


The following commit(s) were added to refs/heads/master by this push:
     new f928592  [MARTIFACT-27] warn if Reproducible Builds mode not activated
f928592 is described below

commit f928592805501ade09d031c156ad1696628137f6
Author: Hervé Boutemy <hb...@apache.org>
AuthorDate: Sat Oct 9 18:51:57 2021 +0200

    [MARTIFACT-27] warn if Reproducible Builds mode not activated
---
 pgp-keys-map.list                                  |  2 ++
 pom.xml                                            | 19 +++++++++++++++
 .../artifact/buildinfo/AbstractBuildinfoMojo.java  | 27 +++++++++++++++++++++-
 3 files changed, 47 insertions(+), 1 deletion(-)

diff --git a/pgp-keys-map.list b/pgp-keys-map.list
index 7b180a6..8040121 100644
--- a/pgp-keys-map.list
+++ b/pgp-keys-map.list
@@ -18,4 +18,6 @@
 commons-codec:commons-codec = 0xBC87A3FD0A54480F0BADBEBD21939FF0CA2A6567
 commons-io:commons-io = 0xCD5464315F0B98C77E6E8ECD9DAADC1C9FCC82D0
 org.apache.maven.* = 0xB920D295BF0E61CB4CF0896C33CD6733AF5EC452
+org.apache.maven:maven-archiver = 0xFA77DCFEF2EE6EB2DEBEDD2C012579464D01C06A
 org.codehaus.plexus = 0xFA77DCFEF2EE6EB2DEBEDD2C012579464D01C06A
+org.codehaus.plexus:plexus-interpolation = 0x47063E8BA7A6450E4A52E7AE466CAED6E0747D50
diff --git a/pom.xml b/pom.xml
index 0064326..b918008 100644
--- a/pom.xml
+++ b/pom.xml
@@ -115,6 +115,25 @@
       <version>3.3.3</version>
     </dependency>
     <dependency>
+      <groupId>org.apache.maven</groupId>
+      <artifactId>maven-archiver</artifactId>
+      <version>3.5.0</version>
+      <exclusions>
+        <exclusion>
+          <groupId>org.tukaani</groupId>
+          <artifactId>xz</artifactId>
+        </exclusion>
+        <exclusion>
+          <groupId>org.iq80.snappy</groupId>
+          <artifactId>snappy</artifactId>
+        </exclusion>
+        <exclusion>
+          <groupId>org.apache.commons</groupId>
+          <artifactId>commons-compress</artifactId>
+        </exclusion>
+      </exclusions>
+    </dependency>
+    <dependency>
       <groupId>commons-codec</groupId>
       <artifactId>commons-codec</artifactId>
       <version>1.15</version>
diff --git a/src/main/java/org/apache/maven/plugins/artifact/buildinfo/AbstractBuildinfoMojo.java b/src/main/java/org/apache/maven/plugins/artifact/buildinfo/AbstractBuildinfoMojo.java
index 5251a51..07ed000 100644
--- a/src/main/java/org/apache/maven/plugins/artifact/buildinfo/AbstractBuildinfoMojo.java
+++ b/src/main/java/org/apache/maven/plugins/artifact/buildinfo/AbstractBuildinfoMojo.java
@@ -19,11 +19,11 @@ package org.apache.maven.plugins.artifact.buildinfo;
  * under the License.
  */
 
+import org.apache.maven.archiver.MavenArchiver;
 import org.apache.maven.artifact.Artifact;
 import org.apache.maven.execution.MavenSession;
 import org.apache.maven.plugin.AbstractMojo;
 import org.apache.maven.plugin.MojoExecutionException;
-
 import org.apache.maven.plugins.annotations.Component;
 import org.apache.maven.plugins.annotations.Parameter;
 import org.apache.maven.project.MavenProject;
@@ -38,6 +38,8 @@ import java.io.IOException;
 import java.io.OutputStreamWriter;
 import java.io.PrintWriter;
 import java.nio.charset.StandardCharsets;
+import java.text.SimpleDateFormat;
+import java.util.Date;
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
@@ -103,6 +105,16 @@ public abstract class AbstractBuildinfoMojo
     private MavenSession session;
 
     /**
+     * Timestamp for reproducible output archive entries, either formatted as ISO 8601
+     * <code>yyyy-MM-dd'T'HH:mm:ssXXX</code> or as an int representing seconds since the epoch (like
+     * <a href="https://reproducible-builds.org/docs/source-date-epoch/">SOURCE_DATE_EPOCH</a>).
+     *
+     * @since 3.2.0
+     */
+    @Parameter( defaultValue = "${project.build.outputTimestamp}" )
+    private String outputTimestamp;
+
+    /**
      * To obtain a toolchain if possible.
      */
     @Component
@@ -131,6 +143,19 @@ public abstract class AbstractBuildinfoMojo
             }
         }
 
+        MavenArchiver archiver = new MavenArchiver();
+        Date timestamp = archiver.parseOutputTimestamp( outputTimestamp );
+        if ( timestamp == null )
+        {
+            getLog().warn( "Reproducible Build not activated by project.build.outputTimestamp property: "
+                + "see https://maven.apache.org/guides/mini/guide-reproducible-builds.html" );
+        }
+        else if ( getLog().isDebugEnabled() )
+        {
+            getLog().debug( "project.build.outputTimestamp = \"" + outputTimestamp + "\" => "
+                + new SimpleDateFormat( "yyyy-MM-dd'T'HH:mm:ssXXX" ).format( timestamp ) );
+        }
+
         // generate buildinfo
         Map<Artifact, String> artifacts = generateBuildinfo( mono );
         getLog().info( "Saved " + ( mono ? "" : "aggregate " ) + "info on build to " + buildinfoFile );