[ https://issues.apache.org/jira/browse/MSHARED-1453?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17901320#comment-17901320 ]
ASF GitHub Bot commented on MSHARED-1453: ----------------------------------------- elharo commented on code in PR #77: URL: https://github.com/apache/maven-archiver/pull/77#discussion_r1859346892 ########## src/main/java/org/apache/maven/shared/archiver/PomPropertiesUtil.java: ########## @@ -61,34 +59,29 @@ private boolean sameContents(Properties props, Path file) throws IOException { return fileProps.equals(props); } - private void createPropertiesFile(Properties properties, Path outputFile, boolean forceCreation) + private void createPropertiesFile(Properties unsortedProperties, Path outputFile, boolean forceCreation) throws IOException { Path outputDir = outputFile.getParent(); if (outputDir != null && !Files.isDirectory(outputDir)) { Files.createDirectories(outputDir); } - if (!forceCreation && sameContents(properties, outputFile)) { + if (!forceCreation && sameContents(unsortedProperties, outputFile)) { return; } - try (PrintWriter pw = new PrintWriter(outputFile.toFile(), StandardCharsets.ISO_8859_1.name()); - StringWriter sw = new StringWriter()) { - - properties.store(sw, null); - - List<String> lines = new ArrayList<>(); - try (BufferedReader r = new BufferedReader(new StringReader(sw.toString()))) { - String line; - while ((line = r.readLine()) != null) { - if (!line.startsWith("#")) { - lines.add(line); - } - } - } - - Collections.sort(lines); - for (String l : lines) { - pw.println(l); + // For reproducible builds, sort the properties and drop comments. + // The java.util.Properties class doesn't guarantee order so we have + // to write the file using a Writer. + Set<String> propertyNames = unsortedProperties.stringPropertyNames(); + List<String> sortedPropertyNames = new ArrayList<>(propertyNames); + Collections.sort(sortedPropertyNames); + + try (Writer out = Files.newBufferedWriter(outputFile, StandardCharsets.ISO_8859_1)) { + for (String key : sortedPropertyNames) { + out.write(key); + out.write(": "); + out.write(unsortedProperties.getProperty(key)); Review Comment: To guarantee the output, I think we are going to need to reimplement the escaping here. This could be tricky. What are the rules about copy-pasting OpenJDK code into an Apache project? We probably can't do that since it's GPL, not ASpache licensed. > Canonicalize properties files for reproducible builds > ----------------------------------------------------- > > Key: MSHARED-1453 > URL: https://issues.apache.org/jira/browse/MSHARED-1453 > Project: Maven Shared Components > Issue Type: Bug > Components: maven-archiver > Reporter: Elliotte Rusty Harold > Assignee: Elliotte Rusty Harold > Priority: Minor > > See discussion on https://github.com/apache/maven-archiver/pull/77/files > Briefly, properties files have non-unique representations and there's no > guarantee two JDKs from different companies and Java versions produce the > same byte-per-byte serialization. Our current code accounts for property > order and comments, but not variations in escaping (hex vs. UTF-8), separator > characters, and insignificant whitespace. -- This message was sent by Atlassian Jira (v8.20.10#820010)