Bug#1066045: maven-bundle-plugin: produces nondeterministic ordering in MANIFEST.MF headers

James Addison jay at jp-hosting.net
Mon Mar 11 16:46:43 GMT 2024 

Package: libmaven-bundle-plugin-java
Severity: wishlist
Tags: patch
User: reproducible-builds at lists.alioth.debian.org
Usertags: toolchain

Dear Maintainer,

The maven-bundle-plugin utility creates Java .jar archives that contain
non-deterministic contents in the Export-Package, Private-Package and
Include-Resource header fields of the MANIFEST.MF file when listing those files
from the underlying filesystem returns them in differing order.

There is an exisiting report[1] of this problem upstream in the Apache Felix
project, and it has been resolved by a subsequent change[2] to sort the
contents of the relevant field values before they're written to the manifest.

Please find attached a backport of the upstream changeset, which applies
cleanly to the maven-bundle-plugin-3.5.1 sources.

Thank you,
James

[1] - https://issues.apache.org/jira/browse/FELIX-6602

[2] - https://github.com/apache/felix-dev/pull/208
-------------- next part --------------
>From d885d99a6a16660f655a4fd18e8a1a39beef0a15 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Herv=C3=A9=20Boutemy?= <hboutemy at apache.org>
Date: Sat, 25 Mar 2023 00:18:11 +0100
Subject: [PATCH] FELIX-6602 sort resources and exported packages

---
 .../java/org/apache/felix/bundleplugin/BundlePlugin.java     | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

--- a/src/main/java/org/apache/felix/bundleplugin/BundlePlugin.java
+++ b/src/main/java/org/apache/felix/bundleplugin/BundlePlugin.java
@@ -1938,6 +1938,7 @@ public class BundlePlugin extends AbstractMojo
             scanner.scan();
 
             String[] paths = scanner.getIncludedFiles();
+            Arrays.sort( paths );
             for ( int i = 0; i < paths.length; i++ )
             {
                 packages.put( analyzer.getPackageRef( getPackageName( paths[i] ) ) );
@@ -2076,7 +2077,9 @@ public class BundlePlugin extends AbstractMojo
                 scanner.addDefaultExcludes();
                 scanner.scan();
 
-                List<String> includedFiles = Arrays.asList( scanner.getIncludedFiles() );
+                String[] f = scanner.getIncludedFiles();
+                Arrays.sort( f );
+                List<String> includedFiles = Arrays.asList( f );
 
                 for ( Iterator<String> j = includedFiles.iterator(); j.hasNext(); )
                 {
-- 
2.43.0

More information about the pkg-java-maintainers mailing list