On Sun, Sep 1, 2024 at 5:09 PM Piotr P. Karwasz <piotr.karw...@gmail.com> wrote:
>
> Hi Gary,
>
> On Sun, 1 Sept 2024 at 23:00, Piotr P. Karwasz <piotr.karw...@gmail.com> 
> wrote:
> > On Sun, 1 Sept 2024 at 22:44, Gary Gregory <garydgreg...@gmail.com> wrote:
> > > [ERROR] sha512 mismatch log4j-bom-2.24.0-cyclonedx.xml: investigate
> > > with diffoscope
> > > target/reference/org.apache.logging.log4j/log4j-bom-2.24.0-cyclonedx.xml
> > > target/bom.xml
> >
> > Could you investigate with `diff
> > target/reference/org.apache.logging.log4j/log4j-bom-2.24.0-cyclonedx.xml
> > target/bom.xml`?
>
> Since you are the main Release Manager of Apache Commons, try clearing
> the local Maven cache (e.g. `~/.m2/repository/org/apache/commons`). It
> is possible you have some unofficial Commons releases in your cache,
> which breaks the reproducibility of the SBOM.

Yep, that helped! TY Piotr.

rm -rf ~/.m2/repository/org/apache/commons
sh mvnw -Prelease verify artifact:compare -Dreference.repo=$NEXUS_REPO

Now I get:

[INFO] Results:
[INFO]
[ERROR] Failures:
[ERROR]   NetUtilsTest.testCanonicalHostName:78
Expecting actual:
  "localhost"
to contain:
  "."
[INFO]
[ERROR] Tests run: 2253, Failures: 1, Errors: 0, Skipped: 31
[INFO]

?

Gary

>
> Piotr

Reply via email to