Bugzilla – Bug 1120493
hamcrest does not build reproducibly ; affects junit
Last modified: 2021-01-18 17:16:52 UTC
While working on reproducible builds for openSUSE, I found that the hamcrest binary package varied for every build even when trying to make the build as similar as possible. /usr/share/java/hamcrest/org/hamcrest/CoreMatchers.class differs /usr/share/java/hamcrest/org/hamcrest/Matchers.class differs along with their related .html docs. Both seem to come from ordering issues in a generated CoreMatchers.java file. That seems to be different from the CoreMatchers.java contained in hamcrest-all-1.3-sources.jar and hamcrest-core-1.3-sources.jar Additionally, this variation causes junit noarch packages to vary between architectures, because it includes the hamcrest/CoreMatchers.class file. +++ new//usr/share/javadoc/hamcrest/org/hamcrest/CoreMatchers.html 2019-01-02 12:40:03.011812250 +0000 @@ -570,20 +570,25 @@ <!-- --> </a> <h3>Method Detail</h3> -<a id="allOf(org.hamcrest.Matcher...)"> +<a id="allOf(org.hamcrest.Matcher,org.hamcrest.Matcher,org.hamcrest.Matcher,org.hamcrest.Matcher,org.hamcrest.Matcher,org.hamcrest.Matcher)"> -<a id="allOf(org.hamcrest.Matcher,org.hamcrest.Matcher,org.hamcrest.Matcher,org.hamcrest.Matcher,org.hamcrest.Matcher,org.hamcrest.Matcher)"> +<a id="allOf(org.hamcrest.Matcher,org.hamcrest.Matcher,org.hamcrest.Matcher)"> -<a id="either(org.hamcrest.Matcher)"> +<a id="both(org.hamcrest.Matcher)"> -<a id="hasItems(org.hamcrest.Matcher...)"> +<a id="hasItems(java.lang.Object[])"> +<!-- --> +</a><a id="hasItems(T...)"> For example: - <pre>assertThat(Arrays.asList("foo", "bar", "baz"), hasItems(endsWith("z"), endsWith("o")))</pre></div> + <pre>assertThat(Arrays.asList("foo", "bar", "baz"), hasItems("baz", "foo"))</pre></div> <dl> <dt><span class="paramLabel">Parameters:</span></dt> -<dd><code>itemMatchers</code> - the matchers to apply to items provided by the examined <code>Iterable</code></dd> +<dd><code>items</code> - the items to compare against the items provided by the examined <code>Iterable</code></dd> Looking at the doc diff, it could even be a bug in the generator. The other likely cause would be some hash or set-of-items with unordered elements used in the java generator code. Then adding a sort in its output-iterator would suffice.
This patch should fix it: https://salsa.debian.org/java-team/libhamcrest-java/-/blob/master/debian/patches/003-reproducible-build.patch I'll add it in a moment to TW. Is it needed somewhere else?
Tests in home:pmonrealgonzalez:branches:Java:packages/hamcrest look good.
I was looking into upstreaming and found that this is very old: https://github.com/hamcrest/JavaHamcrest/commit/25d913b19bdeedae1e28da5346737c13eb1e5676
(In reply to Bernhard Wiedemann from comment #3) > I was looking into upstreaming and found that this is very old: > https://github.com/hamcrest/JavaHamcrest/commit/ > 25d913b19bdeedae1e28da5346737c13eb1e5676 Yes, that change is for version 2 and we still have 1.3 in TW. Submitted here: https://build.opensuse.org/request/show/860470
Submissions accepted. Closing.
SUSE-RU-2021:0065-1: An update that has two recommended fixes can now be installed. Category: recommended (low) Bug References: 1120493,1179994 CVE References: JIRA References: Sources used: SUSE Linux Enterprise Module for Development Tools 15-SP2 (src): hamcrest-1.3-12.6.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-RU-2021:0062-1: An update that has two recommended fixes can now be installed. Category: recommended (low) Bug References: 1120493,1179994 CVE References: JIRA References: Sources used: openSUSE Leap 15.2 (src): hamcrest-1.3-lp152.7.6.1
SUSE-RU-2021:0137-1: An update that has two recommended fixes can now be installed. Category: recommended (low) Bug References: 1120493,1179994 CVE References: JIRA References: Sources used: SUSE Linux Enterprise Software Development Kit 12-SP5 (src): hamcrest-1.3-5.3.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-RU-2021:0138-1: An update that has two recommended fixes can now be installed. Category: recommended (low) Bug References: 1120493,1179994 CVE References: JIRA References: Sources used: SUSE Linux Enterprise Module for Development Tools 15-SP1 (src): hamcrest-1.3-5.3.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-RU-2021:0110-1: An update that has two recommended fixes can now be installed. Category: recommended (low) Bug References: 1120493,1179994 CVE References: JIRA References: Sources used: openSUSE Leap 15.1 (src): hamcrest-1.3-lp151.5.3.1