Le mercredi 9 février 2022, 09:31:00 CET Delany a écrit : > Hi Herve, > > I see you already check that the project.parent was part of the reactor and > you don't issue the warning if it is. > An edge case is the -rf switch. Even though you have the opportunity to > change files, the sense is that it is the same build being resumed, so I > would also not warn in this case. PRs welcome and eventually an evaluation of "is this purely theory or really a use case I'll face?" aspect: I honestly don't see why I would do a reproducibility check with "-pr", or if it while making precisely one module reproducible, the message is not ideal but not really harmful
> > The word parent can have two meanings here so rather avoid it in the > message. If the project.parent is not part of the build, then can you warn > 'outputTimestamp is inherited from groupId:artifactId but it is not > included in the build'. message is coded here https://github.com/apache/maven-artifact-plugin/blob/ master/src/main/java/org/apache/maven/plugins/artifact/buildinfo/ AbstractBuildinfoMojo.java#L158 gives at runtime: [WARNING] project.build.outputTimestamp property should not be inherited but defined in parent POM from reactor /home/me/project/pom.xml please propose rephrasing > If you make this warning configurable then a more in-depth explanation > could be included in that documentation. what do you think should be configurable? > > BTW the build commands you gave suggest that artifact:compare will use the > local Maven repository as its reference repo. Isn't this a more sensible > default? I gave commands to locally test during SNAPSHOT development, to detect and fix if there are issues: then yes, in that case, comparison is done between 2 local builds, that's why the first command need to be install If it's about a release that has been published (eventually by someone else), "of course" you should do the first "install" run but only the second "package artifact:compare", and you'll see that by default it compares against central Just try to rebuild an artifact that was published by someone else = the ultimate goal, to check that you can rebuild what you are downloading and FYI, the Reproducible Central project is about rebuilding and checking such artifacts from central: https://github.com/jvm-repo-rebuild/reproducible-central Regards, Hervé > > Thanks, > Delany > > On Wed, 9 Feb 2022 at 09:25, Hervé BOUTEMY <[email protected]> wrote: > > Hi Delany, > > > > Good question: let's see if we can improve the message that I added in > > MARTIFACT-28 [1] > > > > First, remember that it's all about Reproducible Builds [2]. > > As described in the MARTIFACT-28 issue, inheriting the parent pom release > > timestamp technically works (it gives a reproducible value to your current > > build), but does not match the current release/build timestamp: you > > probably > > prefer to have a timestamp defined in your reactor > > = that is the message that we need to make as clear as possible > > > > Don't hesitate to propose an updated message that fits inclusion in a > > plugin > > output... > > > > > > Notice that I'm surprised of your choice to set the outputTimestamp to $ > > {maven.build.timestamp}, given this value is not reproducible (if you > > build 2 > > time the same code, you'll get 2 different values), choosing this value > > defeats > > the whole purpose of the configuration. > > Remember, it's all about Reproducible Builds, and your objective is to run > > the > > build 2 times and check you get the same binary output: > > > > mvn clean install > > mvn clean package artifact:compare > > > > Regards, > > > > Hervé > > > > [1] https://issues.apache.org/jira/browse/MARTIFACT-28 > > > > [2] https://maven.apache.org/guides/mini/guide-reproducible-builds.html > > > > Le mardi 8 février 2022, 11:04:33 CET Delany a écrit : > > > Hi. Why does maven-artifact-plugin complain > > > > > > [WARNING] project.build.outputTimestamp property should not be > > > > inherited > > > > > but defined in parent POM from reactor > > > > > > I never had a plugin complain about utilizing inheritance. Why does it > > > > care? > > > > > When I add the line to the project the warning disappears > > > > <project.build.outputTimestamp>${maven.build.timestamp}</project.build.out > > pu> > > > tTimestamp> > > > > > > Thanks, > > > Delany > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [email protected] > > For additional commands, e-mail: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
