[MJAR-309] Modular Jar file permissions changed when fixing modification time #196
Description
Laurent Goujon opened MJAR-309 and commented
When a new modular jar file is generated with maven-jar-plugin with Java 11, the final permissions of the file are restricted to the current user instead of using the environment umask which usually allows for group and other users to access the file as well.
This is caused by the use of Files#createTempFile() in plexus-archiver to rewrite the original jar file. The method has a restrictive file permission model for security reason but as the temporary file is generated next to the original jar file, and there's no sensitive reason to restrict its access, the restrictive file permission should not be needed.
The change of permissions causes some issues in some build environment like Github Actions for example (used by Apache Arrow. See apache/arrow#41309 for details)
Issue has been reported to plexus-archiver as codehaus-plexus/plexus-archiver#332 with a fix being merged in the project's master branch
Affects: 3.4.1