[
https://issues.apache.org/jira/browse/MSHARED-849?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17469473#comment-17469473
]
Andreas Sewe commented on MSHARED-849:
--------------------------------------
{quote}I am aware of that non-publically documented fact in the JarInputStream.
The solution was worked out to fastly read the manifest and discard the JAR if
necessary. The fix in Plexus Archiver contains a test to assure the order of
boh ZIP entries. Moreover, I have used the snapshot to generate Maven and all
JARs were fine.
{quote}
Thanks for confirming this. From the {{BaseJarArchiverTest.java}} in the change
I couldn't figure out whether that was the case, as there was no assertion on a
{{META-INF}} entry beyond the {{MANIFEST.MF}} and the directory itself, e.g.,
in {{META-INF/maven}} being the _third_ entry or so.
Either way, its a pity that {{ConcurrentJarCreator}} ATM hardcodes the order
and cannot parameterized, since other JAR-like formats like {{.epub}} (or, more
specifically, the EPUB Open Container Format) have similar but slightly
different requirements: In {{{}.epub{}}}, a file called {{mimetype}} must come
before all other entries including the {{META-INF}} directory. But I guess if I
ever find time to implement the {{epub}} Maven packaging type and plugin, I'll
open a feature ticket for that. ;)
> archiver sorts META-INF/MANIFEST.MF before META-INF/ in ZIP header
> ------------------------------------------------------------------
>
> Key: MSHARED-849
> URL: https://issues.apache.org/jira/browse/MSHARED-849
> Project: Maven Shared Components
> Issue Type: Bug
> Components: maven-archiver
> Affects Versions: maven-archiver-3.5.0
> Environment: Debian/buster
> Reporter: Hans-Christoph Steiner
> Assignee: Michael Osipov
> Priority: Major
> Labels: reproducible-builds
> Fix For: maven-archiver-3.5.2
>
>
> I found a small bug in maven archiver: META-INF/ is added to the ZIP after
> META-INF/MANIFEST.MF, while _gradle_ always puts the dir before any files
> in that dir (which I think makes sense). Here is a diff of the same library
> built with _maven_ and _gradle_ to illustrate this:
> {code:bash}
> $ diffoscope target/jtorctl-0.3.1-SNAPSHOT.jar
> build/libs/jtorctl-0.4-3-g27c6980.jar
> --- target/jtorctl-0.3.1-SNAPSHOT.jar
> +++ build/libs/jtorctl-0.4-3-g27c6980.jar
> ├── zipinfo /dev/stdin
> │ @@ -1,22 +1,22 @@
> │ -Zip file size: 26915 bytes, number of entries: 20
> │ +Zip file size: 26925 bytes, number of entries: 20
> │ +drwxr-xr-x 2.0 unx 0 b- defN 80-Feb-01 00:00 META-INF/
> │ -rw-r--r-- 2.0 unx 25 b- defN 80-Feb-01 00:00 META-INF/MANIFEST.MF
> │ -drwxr-xr-x 2.0 unx 0 b- stor 80-Feb-01 00:00 META-INF/
> │ -drwxr-xr-x 2.0 unx 0 b- stor 80-Feb-01 00:00 net/
> │ -drwxr-xr-x 2.0 unx 0 b- stor 80-Feb-01 00:00 net/freehaven/
> │ -drwxr-xr-x 2.0 unx 0 b- stor 80-Feb-01 00:00 net/freehaven/tor/
> │ -drwxr-xr-x 2.0 unx 0 b- stor 80-Feb-01 00:00
> net/freehaven/tor/control/
> │ +drwxr-xr-x 2.0 unx 0 b- defN 80-Feb-01 00:00 net/
> │ +drwxr-xr-x 2.0 unx 0 b- defN 80-Feb-01 00:00 net/freehaven/
> │ +drwxr-xr-x 2.0 unx 0 b- defN 80-Feb-01 00:00 net/freehaven/tor/
> │ +drwxr-xr-x 2.0 unx 0 b- defN 80-Feb-01 00:00
> net/freehaven/tor/control/
> │ -rw-r--r-- 2.0 unx 2933 b- defN 80-Feb-01 00:00
> net/freehaven/tor/control/Bytes.class
> │ -rw-r--r-- 2.0 unx 650 b- defN 80-Feb-01 00:00
> net/freehaven/tor/control/ConfigEntry.class
> │ -rw-r--r-- 2.0 unx 485 b- defN 80-Feb-01 00:00
> net/freehaven/tor/control/EventHandler.class
> │ -rw-r--r-- 2.0 unx 3621 b- defN 80-Feb-01 00:00
> net/freehaven/tor/control/EventListener.class
> │ -rw-r--r-- 2.0 unx 1448 b- defN 80-Feb-01 00:00
> net/freehaven/tor/control/NullEventHandler.class
> │ -rw-r--r-- 2.0 unx 2507 b- defN 80-Feb-01 00:00
> net/freehaven/tor/control/PasswordDigest.class
> │ -rw-r--r-- 2.0 unx 197 b- defN 80-Feb-01 00:00
> net/freehaven/tor/control/RawEventListener.class
> │ -rw-r--r-- 2.0 unx 9741 b- defN 80-Feb-01 00:00
> net/freehaven/tor/control/TorControlCommands.class
> │ -rw-r--r-- 2.0 unx 962 b- defN 80-Feb-01 00:00
> net/freehaven/tor/control/TorControlConnection$ControlParseThread.class
> │ -rw-r--r-- 2.0 unx 662 b- defN 80-Feb-01 00:00
> net/freehaven/tor/control/TorControlConnection$ReplyLine.class
> │ -rw-r--r-- 2.0 unx 1403 b- defN 80-Feb-01 00:00
> net/freehaven/tor/control/TorControlConnection$Waiter.class
> │ -rw-r--r-- 2.0 unx 27243 b- defN 80-Feb-01 00:00
> net/freehaven/tor/control/TorControlConnection.class
> │ -rw-r--r-- 2.0 unx 1299 b- defN 80-Feb-01 00:00
> net/freehaven/tor/control/TorControlError.class
> │ -rw-r--r-- 2.0 unx 461 b- defN 80-Feb-01 00:00
> net/freehaven/tor/control/TorControlSyntaxError.class
> │ -20 files, 53637 bytes uncompressed, 23781 bytes compressed: 55.7%
> │ +20 files, 53637 bytes uncompressed, 23791 bytes compressed: 55.6%
> ├── zipnote {}
> │ @@ -1,11 +1,11 @@
> │ -Filename: META-INF/MANIFEST.MF
> │ +Filename: META-INF/
> │ Comment:
> │
> │ -Filename: META-INF/
> │ +Filename: META-INF/MANIFEST.MF
> │ Comment:
> │
> │ Filename: net/
> │ Comment:
> │
> │ Filename: net/freehaven/
> │ Comment:
> ├── filetype from file(1)
> │ @@ -1 +1 @@
> │ -Zip archive data, at least v2.0 to extract
> │ +Zip archive data, at least v1.0 to extract
> {code}
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
