Details
-
Improvement
-
Status: Closed
-
Minor
-
Resolution: Fixed
-
3.3.0
-
None
Description
It appears that inside the archive created by maven-source-plugin, the permissions of META-INF/maven/*/*/pom.properties depend on the current umask.
Steps to reproduce:
$ umask 022 $ mvn clean install $ umask 002 $ mvn clean verify artifact:compare
This can be used on any project attaching a source jar (e.g. https://github.com/apache/ws-axiom/).
Example diffoscope output:
--- target/reference/axiom-weaver-annotations-2.0.0-SNAPSHOT-sources.jar
+++ target/axiom-weaver-annotations-2.0.0-SNAPSHOT-sources.jar
│┄ Archive contents identical but files differ, possibly due to different compression levels. Falling back to binary comparison.
├── zipinfo {}
│ @@ -14,9 +14,9 @@
│ -rw-r--r-- 2.0 unx 170 b- defN 22-Mar-13 11:17 META-INF/NOTICE
│ -rw-r--r-- 2.0 unx 1365 b- defN 22-Mar-13 11:17 org/apache/axiom/weaver/annotation/FactoryMethod.java
│ -rw-r--r-- 2.0 unx 1101 b- defN 22-Mar-13 11:17 org/apache/axiom/weaver/annotation/Inject.java
│ -rw-r--r-- 2.0 unx 1095 b- defN 22-Mar-13 11:17 org/apache/axiom/weaver/annotation/Mixin.java
│ -rw-r--r-- 2.0 unx 1100 b- defN 22-Mar-13 11:17 org/apache/axiom/weaver/annotation/Singleton.java
│ -rw-r--r-- 2.0 unx 1136 b- defN 22-Mar-13 11:17 org/apache/axiom/weaver/annotation/WeavablePackage.java
│ -rw-r--r-- 2.0 unx 1411 b- defN 22-Mar-13 11:17 META-INF/maven/org.apache.ws.commons.axiom/axiom-weaver-annotations/pom.xml
│ --rw-r--r-- 2.0 unx 95 b- defN 22-Mar-13 11:17 META-INF/maven/org.apache.ws.commons.axiom/axiom-weaver-annotations/pom.properties
│ +-rw-rw-r-- 2.0 unx 95 b- defN 22-Mar-13 11:17 META-INF/maven/org.apache.ws.commons.axiom/axiom-weaver-annotations/pom.properties
│ 20 files, 19157 bytes uncompressed, 8089 bytes compressed: 57.8%
│ --- target/reference/axiom-weaver-annotations-2.0.0-SNAPSHOT-sources.jar
├── +++ target/axiom-weaver-annotations-2.0.0-SNAPSHOT-sources.jar
│ @@ -676,15 +676,15 @@
│ 00002a30: 0000 0000 0000 a481 b020 0000 4d45 5441 ......... ..META
│ 00002a40: 2d49 4e46 2f6d 6176 656e 2f6f 7267 2e61 -INF/maven/org.a
│ 00002a50: 7061 6368 652e 7773 2e63 6f6d 6d6f 6e73 pache.ws.commons
│ 00002a60: 2e61 7869 6f6d 2f61 7869 6f6d 2d77 6561 .axiom/axiom-wea
│ 00002a70: 7665 722d 616e 6e6f 7461 7469 6f6e 732f ver-annotations/
│ 00002a80: 706f 6d2e 786d 6c50 4b01 0214 0314 0000 pom.xmlPK.......
│ 00002a90: 0808 0022 5a6d 54b9 68bb 2558 0000 005f ..."ZmT.h.%X..._
│ -00002aa0: 0000 0052 0000 0000 0000 0000 0000 00a4 ...R............
│ +00002aa0: 0000 0052 0000 0000 0000 0000 0000 00b4 ...R............
│ 00002ab0: 81e8 2300 004d 4554 412d 494e 462f 6d61 ..#..META-INF/ma
│ 00002ac0: 7665 6e2f 6f72 672e 6170 6163 6865 2e77 ven/org.apache.w
│ 00002ad0: 732e 636f 6d6d 6f6e 732e 6178 696f 6d2f s.commons.axiom/
│ 00002ae0: 6178 696f 6d2d 7765 6176 6572 2d61 6e6e axiom-weaver-ann
│ 00002af0: 6f74 6174 696f 6e73 2f70 6f6d 2e70 726f otations/pom.pro
│ 00002b00: 7065 7274 6965 7350 4b05 0600 0000 0014 pertiesPK.......
│ 00002b10: 0014 0057 0600 00b0 2400 0000 00 ...W....$....
Note that although maven-jar-plugin adds the same pom.properties file to the archive, it isn't affected by this problem.
I discovered this while trying to check the reproducibility of Apache Axiom builds in a Github Codespace, where file permissions are set in a peculiar way; see https://github.com/orgs/community/discussions/26026.
Attachments
Issue Links
- is duplicated by
-
-
- Closed
-
- is fixed by
-
-
- Closed
-
- relates to
-
-
- Closed
-
- links to