[MRESOLVER-137] Make OSGi bundles reproducible - ASF JIRA

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 1.4.2, 1.6.0
Fix Version/s: 1.6.1
Component/s: None
Labels:
None

Description

work done in ~~MRESOLVER-102~~ has made source jars reproducible, but not OSGI bundles created with Felix maven-bundle-plugin: the plugin-generated META-INF/MANIFEST.MF contains username and detailed JDK version, and order of Private Package is not reproducible

we need probably to update the plugin and add:

<_reproducible>true</_reproducible>

as a side note, here is the reproducibility test of the 1.6.0 release:

$ mvn -Papache-release clean verify  -Dgpg.skip artifact:buildinfo -Dreference.repo=https://repository.apache.org/content/repositories/maven-1605 -Dreference.compare.save -Dline.separator=$'\r\n'
...
[INFO] --- maven-artifact-plugin:1.0-SNAPSHOT:buildinfo (default-cli) @ maven-resolver-synccontext-redisson ---
[INFO] Saved aggregate info on build to /tmp/maven-resolver-1.6.0/maven-resolver-synccontext-redisson/target/maven-resolver-synccontext-redisson-1.6.0.buildinfo
[INFO] Checking against reference build from https://repository.apache.org/content/repositories/maven-1605...
[WARNING] Reference buildinfo file not found: it will be generated from downloaded reference artifacts
[INFO] Reference build java.version: 1.8 (from MANIFEST.MF Build-Jdk-Spec)
[INFO] Reference build os.name: Windows (from pom.properties newline)
[INFO] Minimal buildinfo generated from downloaded artifacts: /tmp/maven-resolver-1.6.0/target/reference/maven-resolver-synccontext-redisson-1.6.0.buildinfo
[WARNING] size mismatch maven-resolver-api-1.6.0.jar: investigate with diffoscope target/reference/maven-resolver-api-1.6.0.jar maven-resolver-api/target/maven-resolver-api-1.6.0.jar
[WARNING] size mismatch maven-resolver-spi-1.6.0.jar: investigate with diffoscope target/reference/maven-resolver-spi-1.6.0.jar maven-resolver-spi/target/maven-resolver-spi-1.6.0.jar
[WARNING] size mismatch maven-resolver-test-util-1.6.0.jar: investigate with diffoscope target/reference/maven-resolver-test-util-1.6.0.jar maven-resolver-test-util/target/maven-resolver-test-util-1.6.0.jar
[WARNING] size mismatch maven-resolver-util-1.6.0.jar: investigate with diffoscope target/reference/maven-resolver-util-1.6.0.jar maven-resolver-util/target/maven-resolver-util-1.6.0.jar
[WARNING] size mismatch maven-resolver-impl-1.6.0.jar: investigate with diffoscope target/reference/maven-resolver-impl-1.6.0.jar maven-resolver-impl/target/maven-resolver-impl-1.6.0.jar
[WARNING] size mismatch maven-resolver-connector-basic-1.6.0.jar: investigate with diffoscope target/reference/maven-resolver-connector-basic-1.6.0.jar maven-resolver-connector-basic/target/maven-resolver-connector-basic-1.6.0.jar
[WARNING] size mismatch maven-resolver-transport-classpath-1.6.0.jar: investigate with diffoscope target/reference/maven-resolver-transport-classpath-1.6.0.jar maven-resolver-transport-classpath/target/maven-resolver-transport-classpath-1.6.0.jar
[WARNING] size mismatch maven-resolver-transport-file-1.6.0.jar: investigate with diffoscope target/reference/maven-resolver-transport-file-1.6.0.jar maven-resolver-transport-file/target/maven-resolver-transport-file-1.6.0.jar
[WARNING] size mismatch maven-resolver-transport-http-1.6.0.jar: investigate with diffoscope target/reference/maven-resolver-transport-http-1.6.0.jar maven-resolver-transport-http/target/maven-resolver-transport-http-1.6.0.jar
[WARNING] size mismatch maven-resolver-transport-wagon-1.6.0.jar: investigate with diffoscope target/reference/maven-resolver-transport-wagon-1.6.0.jar maven-resolver-transport-wagon/target/maven-resolver-transport-wagon-1.6.0.jar
[WARNING] size mismatch maven-resolver-synccontext-global-1.6.0.jar: investigate with diffoscope target/reference/maven-resolver-synccontext-global-1.6.0.jar maven-resolver-synccontext-global/target/maven-resolver-synccontext-global-1.6.0.jar
[WARNING] sha512 mismatch maven-resolver-synccontext-redisson-1.6.0.jar: investigate with diffoscope target/reference/maven-resolver-synccontext-redisson-1.6.0.jar maven-resolver-synccontext-redisson/target/maven-resolver-synccontext-redisson-1.6.0.jar
[WARNING] Reproducible Build output summary: 14 files ok, 12 different
[WARNING] see diff target/reference/maven-resolver-synccontext-redisson-1.6.0.buildinfo maven-resolver-synccontext-redisson/target/maven-resolver-synccontext-redisson-1.6.0.buildinfo
[INFO] Reproducible Build comparison saved to /tmp/maven-resolver-1.6.0/maven-resolver-synccontext-redisson/target/maven-resolver-synccontext-redisson-1.6.0.buildinfo.compare
...

$ cat /tmp/maven-resolver-1.6.0/maven-resolver-synccontext-redisson/target/maven-resolver-synccontext-redisson-1.6.0.buildinfo.compare
version=1.6.0
ok=14
ko=12
okFiles="maven-resolver-1.6.0-site.xml maven-resolver-1.6.0-source-release.zip maven-resolver-api-1.6.0-sources.jar maven-resolver-spi-1.6.0-sources.jar maven-resolver-test-util-1.6.0-sources.jar maven-resolver-util-1.6.0-sources.jar maven-resolver-impl-1.6.0-sources.jar maven-resolver-connector-basic-1.6.0-sources.jar maven-resolver-transport-classpath-1.6.0-sources.jar maven-resolver-transport-file-1.6.0-sources.jar maven-resolver-transport-http-1.6.0-sources.jar maven-resolver-transport-wagon-1.6.0-sources.jar maven-resolver-synccontext-global-1.6.0-sources.jar maven-resolver-synccontext-redisson-1.6.0-sources.jar"
koFiles="maven-resolver-api-1.6.0.jar maven-resolver-spi-1.6.0.jar maven-resolver-test-util-1.6.0.jar maven-resolver-util-1.6.0.jar maven-resolver-impl-1.6.0.jar maven-resolver-connector-basic-1.6.0.jar maven-resolver-transport-classpath-1.6.0.jar maven-resolver-transport-file-1.6.0.jar maven-resolver-transport-http-1.6.0.jar maven-resolver-transport-wagon-1.6.0.jar maven-resolver-synccontext-global-1.6.0.jar maven-resolver-synccontext-redisson-1.6.0.jar"

$ diffoscope target/reference/maven-resolver-api-1.6.0.jar maven-resolver-api/target/maven-resolver-api-1.6.0.jar
--- target/reference/maven-resolver-api-1.6.0.jar
+++ maven-resolver-api/target/maven-resolver-api-1.6.0.jar
├── zipinfo /dev/stdin
│ @@ -1,9 +1,9 @@
│ -Zip file size: 146761 bytes, number of entries: 156
│ --rw-r--r--  2.0 unx     3630 b- defN 20-Sep-11 17:37 META-INF/MANIFEST.MF
│ +Zip file size: 146778 bytes, number of entries: 156
│ +-rw-r--r--  2.0 unx     3628 b- defN 20-Sep-11 17:37 META-INF/MANIFEST.MF
│  drwxr-xr-x  2.0 unx        0 b- stor 20-Sep-11 17:37 META-INF/
│  drwxr-xr-x  2.0 unx        0 b- stor 20-Sep-11 17:37 org/
│  drwxr-xr-x  2.0 unx        0 b- stor 20-Sep-11 17:37 org/eclipse/
│  drwxr-xr-x  2.0 unx        0 b- stor 20-Sep-11 17:37 org/eclipse/aether/
│  drwxr-xr-x  2.0 unx        0 b- stor 20-Sep-11 17:37 org/eclipse/aether/artifact/
│  drwxr-xr-x  2.0 unx        0 b- stor 20-Sep-11 17:37 org/eclipse/aether/collection/
│  drwxr-xr-x  2.0 unx        0 b- stor 20-Sep-11 17:37 org/eclipse/aether/deployment/
│ @@ -151,8 +151,8 @@
│  -rw-r--r--  2.0 unx      293 b- defN 20-Sep-11 17:37 org/eclipse/aether/version/Version.class
│  -rw-r--r--  2.0 unx      337 b- defN 20-Sep-11 17:37 org/eclipse/aether/version/VersionConstraint.class
│  -rw-r--r--  2.0 unx     1661 b- defN 20-Sep-11 17:37 org/eclipse/aether/version/VersionRange$Bound.class
│  -rw-r--r--  2.0 unx      390 b- defN 20-Sep-11 17:37 org/eclipse/aether/version/VersionRange.class
│  -rw-r--r--  2.0 unx      522 b- defN 20-Sep-11 17:37 org/eclipse/aether/version/VersionScheme.class
│  -rw-r--r--  2.0 unx     2626 b- defN 20-Sep-11 17:37 META-INF/maven/org.apache.maven.resolver/maven-resolver-api/pom.xml
│  -rw-r--r--  2.0 unx       81 b- defN 20-Sep-11 17:37 META-INF/maven/org.apache.maven.resolver/maven-resolver-api/pom.properties
│ -156 files, 307586 bytes uncompressed, 119203 bytes compressed:  61.2%
│ +156 files, 307584 bytes uncompressed, 119220 bytes compressed:  61.2%
├── META-INF/MANIFEST.MF
│ @@ -1,11 +1,11 @@
│  Manifest-Version: 1.0
│  Bundle-License: https://www.apache.org/licenses/LICENSE-2.0.txt
│  Bundle-SymbolicName: org.apache.maven.resolver.api
│ -Built-By: mosipov
│ +Built-By: herve
│  Specification-Title: Maven Artifact Resolver API
│  Implementation-Vendor-Id: org.apache.maven.resolver
│  Bundle-DocURL: https://maven.apache.org/resolver/maven-resolver-api/
│  Import-Package: org.eclipse.aether,org.eclipse.aether.artifact,org.ecl
│   ipse.aether.collection,org.eclipse.aether.deployment,org.eclipse.aeth
│   er.graph,org.eclipse.aether.installation,org.eclipse.aether.metadata,
│   org.eclipse.aether.repository,org.eclipse.aether.resolution,org.eclip
│ @@ -46,19 +46,19 @@
│  Implementation-Version: 1.6.0
│  Specification-Vendor: The Apache Software Foundation
│  Bundle-ManifestVersion: 2
│  Bundle-Vendor: The Apache Software Foundation
│  Tool: Bnd-3.5.0.201709291849
│  Implementation-Vendor: The Apache Software Foundation
│  Bundle-Version: 1.6.0
│ -Private-Package: org.eclipse.aether,org.eclipse.aether.artifact,org.ec
│ - lipse.aether.collection,org.eclipse.aether.deployment,org.eclipse.aet
│ - her.graph,org.eclipse.aether.installation,org.eclipse.aether.metadata
│ - ,org.eclipse.aether.repository,org.eclipse.aether.resolution,org.ecli
│ - pse.aether.transfer,org.eclipse.aether.transform,org.eclipse.aether.v
│ - ersion
│ +Private-Package: org.eclipse.aether,org.eclipse.aether.metadata,org.ec
│ + lipse.aether.repository,org.eclipse.aether.artifact,org.eclipse.aethe
│ + r.version,org.eclipse.aether.installation,org.eclipse.aether.resoluti
│ + on,org.eclipse.aether.graph,org.eclipse.aether.transform,org.eclipse.
│ + aether.collection,org.eclipse.aether.transfer,org.eclipse.aether.depl
│ + oyment
│  Created-By: Apache Maven Bundle Plugin
│  Specification-Version: 1.6.0
│ -Build-Jdk: 1.8.0_265
│ +Build-Jdk: 1.8.0_202
│  Implementation-URL: https://maven.apache.org/resolver/maven-resolver-a
│   pi/

Attachments

Issue Links

is fixed by

MRESOLVER-136 Migrate from maven-bundle-plugin to bnd-maven-plugin

Closed

relates to

MRESOLVER-102 Make build reproducible

Closed

Make OSGi bundles reproducible

Details

Description

Attachments

Issue Links

Activity

People

Dates