[jira] [Commented] (MASSEMBLY-975) Regression: 3.5.0 no longer uses default fileMode and directoryMode

[Herve Boutemy (Jira)]

    [ 
https://issues.apache.org/jira/browse/MASSEMBLY-975?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17694880#comment-17694880
 ] 

Herve Boutemy commented on MASSEMBLY-975:
-----------------------------------------

for example, see my comment in 
https://github.com/jvm-repo-rebuild/reproducible-central/blob/master/content/org/owasp/dependency-check/dependency-check-8.1.2.buildspec
My Linux distro is umask 002 by default, while the reference build has been 
done with umask 022: as expected, as a rebuilder, I have to do more efforts to 
have an environment equivalent to the reference build
I'm not really happy of this new aspect, but at least, this is the impact I 
expected (and I understand people were not happy about loosing the executable 
flag)

If you have any idea for maven-assembly-plugin to better match expectations 
from the 2 types of people:
- those interested in executable flag
- those interested in not being dependent on group write config in umask (002 
or 022)
don't hesitate to propose a new config.
For the moment, I'll have to cope with the 2 umask values (and I already 
anticipate that reproducing builds dons on Windows from my Linux box will add a 
new issue that my current mvncrlf script does not manage: Windows does not have 
the executable flag, but Linux has: I'll probably have to add a new emulation 
trick...)

> Regression: 3.5.0 no longer uses default fileMode and directoryMode
> -------------------------------------------------------------------
>
>                 Key: MASSEMBLY-975
>                 URL: https://issues.apache.org/jira/browse/MASSEMBLY-975
>             Project: Maven Assembly Plugin
>          Issue Type: Bug
>    Affects Versions: 3.5.0
>            Reporter: Niels Basjes
>            Priority: Critical
>
> If the fileMode and directoryMode have not been specified with the 3.5.0 
> version then the umask of the system at hand will determine the permissions 
> of the files in the jar generated by the assembly plugin.
> This is a bug because it has been documented that it should use the 
> documented defaults in this case.
> If I change the version of the plugin from 3.5.0 to 3.4.2 then it works as 
> expected.
> I made a simple reproduction project:
> https://github.com/nielsbasjes/BugreportMavenAssemblyUMask
> This builds the same trivial project (with 3 different umask settings) and 
> assembles a jar with the default and explicitly set the same as the 
> documented defaults.
> The base files are all the same (md5sum output)
> {code}
> ec364137a2c7678ef0c8f495652efe36  target-0002/assemblyumask-1.0-SNAPSHOT.jar
> ec364137a2c7678ef0c8f495652efe36  target-0022/assemblyumask-1.0-SNAPSHOT.jar
> ec364137a2c7678ef0c8f495652efe36  target-0055/assemblyumask-1.0-SNAPSHOT.jar
> {code}
> The maven-assembly-plugin created files WITH fileMode and directoryMode are 
> all the same
> {code}
> ba12113ad2b95a4fc75d99aa5bfd4e4f  
> target-0002/assemblyumask-1.0-SNAPSHOT-udf-mode.jar
> ba12113ad2b95a4fc75d99aa5bfd4e4f  
> target-0022/assemblyumask-1.0-SNAPSHOT-udf-mode.jar
> ba12113ad2b95a4fc75d99aa5bfd4e4f  
> target-0055/assemblyumask-1.0-SNAPSHOT-udf-mode.jar
> {code}
> The maven-assembly-plugin created files WITHOUT fileMode and directoryMode 
> are all different
> {code}
> 316e5d6b2e85b7d829e938a5797370d7  
> target-0022/assemblyumask-1.0-SNAPSHOT-udf-default.jar
> 3375500189ef3087f8943d518209a5e6  
> target-0055/assemblyumask-1.0-SNAPSHOT-udf-default.jar
> c341cbbc9f21bb64b817b8bbdaae8608  
> target-0002/assemblyumask-1.0-SNAPSHOT-udf-default.jar
> {code}
> The permissions IN the files are the difference:
> {code}
> $ diffoscope target-0055/assemblyumask-1.0-SNAPSHOT-udf-mode.jar 
> target-0055/assemblyumask-1.0-SNAPSHOT-udf-default.jar
> --- target-0055/assemblyumask-1.0-SNAPSHOT-udf-mode.jar
> +++ target-0055/assemblyumask-1.0-SNAPSHOT-udf-default.jar
> │┄ Archive contents identical but files differ, possibly due to different 
> compression levels. Falling back to binary comparison.
> ├── zipinfo {}
> │ @@ -1,13 +1,13 @@
> │  Zip file size: 2152173 bytes, number of entries: 1515
> │  drwxr-xr-x  2.0 unx        0 b- stor 03-Mar-03 03:03 META-INF/
> │  -rw-r--r--  2.0 unx       79 b- defN 03-Mar-03 03:03 META-INF/MANIFEST.MF
> │ -drwxr-xr-x  2.0 unx        0 b- stor 03-Mar-03 03:03 nl/
> │ -drwxr-xr-x  2.0 unx        0 b- stor 03-Mar-03 03:03 nl/basjes/
> │ -drwxr-xr-x  2.0 unx        0 b- stor 03-Mar-03 03:03 nl/basjes/bugreports/
> │ +drwx-w--w-  2.0 unx        0 b- stor 03-Mar-03 03:03 nl/
> │ +drwx-w--w-  2.0 unx        0 b- stor 03-Mar-03 03:03 nl/basjes/
> │ +drwx-w--w-  2.0 unx        0 b- stor 03-Mar-03 03:03 nl/basjes/bugreports/
> │  drwxr-xr-x  2.0 unx        0 b- stor 03-Mar-03 03:03 META-INF/org/
> │  drwxr-xr-x  2.0 unx        0 b- stor 03-Mar-03 03:03 META-INF/org/apache/
> │  drwxr-xr-x  2.0 unx        0 b- stor 03-Mar-03 03:03 
> META-INF/org/apache/logging/
> │  drwxr-xr-x  2.0 unx        0 b- stor 03-Mar-03 03:03 
> META-INF/org/apache/logging/log4j/
> │  drwxr-xr-x  2.0 unx        0 b- stor 03-Mar-03 03:03 
> META-INF/org/apache/logging/log4j/core/
> │  drwxr-xr-x  2.0 unx        0 b- stor 03-Mar-03 03:03 
> META-INF/org/apache/logging/log4j/core/config/
> │  drwxr-xr-x  2.0 unx        0 b- stor 03-Mar-03 03:03 
> META-INF/org/apache/logging/log4j/core/config/plugins/
> │ @@ -1508,10 +1508,10 @@
> │  -rw-r--r--  2.0 unx      223 b- defN 03-Mar-03 03:03 
> org/apache/logging/log4j/util/Unbox$1.class
> │  -rw-r--r--  2.0 unx     1135 b- defN 03-Mar-03 03:03 
> org/apache/logging/log4j/util/Unbox$State.class
> │  -rw-r--r--  2.0 unx     1779 b- defN 03-Mar-03 03:03 
> org/apache/logging/log4j/util/Unbox$WebSafeState.class
> │  -rw-r--r--  2.0 unx     4595 b- defN 03-Mar-03 03:03 
> org/apache/logging/log4j/util/Unbox.class
> │  -rw-r--r--  2.0 unx      135 b- defN 03-Mar-03 03:03 
> org/apache/logging/log4j/util/package-info.class
> │  -rw-r--r--  2.0 unx     6283 b- defN 03-Mar-03 03:03 
> META-INF/maven/org.apache.logging.log4j/log4j-api/pom.xml
> │  -rw-r--r--  2.0 unx       69 b- defN 03-Mar-03 03:03 
> META-INF/maven/org.apache.logging.log4j/log4j-api/pom.properties
> │ --rw-r--r--  2.0 unx      494 b- defN 03-Mar-03 03:03 log4j2.xml
> │ --rw-r--r--  2.0 unx      605 b- defN 03-Mar-03 03:03 
> nl/basjes/bugreports/App.class
> │ +-rw-rw-r--  2.0 unx      494 b- defN 03-Mar-03 03:03 log4j2.xml
> │ +-rw--w--w-  2.0 unx      605 b- defN 03-Mar-03 03:03 
> nl/basjes/bugreports/App.class
> │  1515 files, 4853233 bytes uncompressed, 1839331 bytes compressed:  62.1%
> {code}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)