[MRRESOURCES-150] Ensure reproducible order in bundle goal output META-INF/maven/remote-resources.xml #194
Description
Attila Doroszlai opened MRRESOURCES-150 and commented
see https://github.com/jvm-repo-rebuild/reproducible-central/blob/master/content/org/apache/ratis/ratis-3.1.2.diffoscope for https://github.com/jvm-repo-rebuild/reproducible-central/blob/master/content/org/apache/ratis/README.md
├── META-INF/maven/remote-resources.xml
│ ├── META-INF/maven/remote-resources.xml
│ │┄ Ordering differences only
│ │ @@ -1,8 +1,8 @@
│ │ <?xml version="1.0" encoding="utf-8"?>
│ │ <remoteResourcesBundle xmlns="http://maven.apache.org/remote-resources/1.1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/remote-resources/1.1.0 https://maven.apache.org/xsd/remote-resources-1.1.0.xsd">
│ │ <remoteResources>
│ │ - <remoteResource>META-INF/LICENSE.vm</remoteResource>
│ │ <remoteResource>META-INF/NOTICE.vm</remoteResource>
│ │ + <remoteResource>META-INF/LICENSE.vm</remoteResource>
│ │ </remoteResources>
│ │ <sourceEncoding>UTF-8</sourceEncoding>
│ │ </remoteResourcesBundle>
remote-resources:bundle creates output that may not be reproducible.
DirectoryScanner scanner = new DirectoryScanner();
scanner.setBasedir(resourcesDirectory);
if (includes != null && includes.length != 0) {
scanner.setIncludes(includes);
} else {
scanner.setIncludes(DEFAULT_INCLUDES);
}
if (excludes != null && excludes.length != 0) {
scanner.setExcludes(excludes);
}
scanner.addDefaultExcludes();
scanner.scan();
DirectoryScanner uses java.io.File.list(), which does not guarantee order.
Issue Links:
- MARTIFACT-82 add maven-remote-resources-plugin to the list of plugins with issues
("is required by") - MRRESOURCES-114 make projectTimespan reproducible: use outputTimestamp instead of current date
("supercedes")
Remote Links: