maven-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jan Uhlir (JIRA)" <j...@codehaus.org>
Subject [jira] Commented: (MNG-4473) log4j 1.2.15 points to nonfuctional maven-repository.dev.java.net packages breaking whole build
Date Mon, 30 Nov 2009 19:34:55 GMT

    [ http://jira.codehaus.org/browse/MNG-4473?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=200052#action_200052
] 

Jan Uhlir commented on MNG-4473:
--------------------------------

Solution (1) - Disable repository (settings.xml).
<profile>
	<id>default</id>
	...
	<repositories>
		<repository>
			<id>java.net</id>
			<!-- you have to use same ID as in affected POM otherwise it does not work -->
			<url>https://maven-repository.dev.java.net/nonav/repository</url>
			<releases>
				<enabled>false</enabled>
			</releases>
			<snapshots>
				<enabled>false</enabled>
			</snapshots>
		</repository>
	</repositories>
</profile>

> log4j 1.2.15 points to nonfuctional maven-repository.dev.java.net packages breaking whole
build
> -----------------------------------------------------------------------------------------------
>
>                 Key: MNG-4473
>                 URL: http://jira.codehaus.org/browse/MNG-4473
>             Project: Maven 2
>          Issue Type: Bug
>            Reporter: Jan Uhlir
>
> Log4j 2.1.15 dependency from central repository has dependencies linked to https://maven-repository.dev.java.net/nonav/repository
-  jmxri, jmxtools and java mail (and others?). These denpendencies are broken or the whole
external repository is unaccesible by now.
> Is it even permitted to have "external" dependency for a package in central repository?

> I found it hard to find how to disable a repository (block a repository) so I am using
this opportunity for a micro how to for unlucky ones like me.
> Troubled dependency definition:
> <dependency>
> 	<groupId>log4j</groupId>
> 	<artifactId>log4j</artifactId>
> 	<version>1.2.15</version>
> </dependency>
> Error log (shortened) ----------------------
> [INFO] Scanning for projects...
> ...
> [INFO] Copying 1 resource
> Downloading: https://maven-repository.dev.java.net/nonav/repository/com.sun.jmx/jars/jmxri-1.2.1.jar
> Downloading: https://maven-repository.dev.java.net/nonav/repository/com.sun.jdmk/jars/jmxtools-1.2.1.jar
> 353/353b
> 353b downloaded  (jmxri-1.2.1.jar)
> 357/357b
> 357b downloaded  (jmxtools-1.2.1.jar)
> [WARNING] *** CHECKSUM FAILED - Checksum failed on download: local = 'a55ce8e95c9bb027e78557acc9e2b973fe3c611e';
remote = '<!DOCTYPE' - RETRYING
> Downloading: https://maven-repository.dev.java.net/nonav/repository/com.sun.jmx/jars/jmxri-1.2.1.jar
> 353/353b
> 353b downloaded  (jmxri-1.2.1.jar)
> [WARNING] [WARNING] *** CHECKSUM FAILED - Checksum failed on download: local = 'a55ce8e95c9bb027e78557acc9e2b973fe3c611e';
remote = '<!DOCTYPE' - IGNORING
> *** CHECKSUM FAILED - Checksum failed on download: local = '9e1dae7682d2b60d5b17b7d47e20d99d70ba65cf';
remote = '<!DOCTYPE' - RETRYING
> Downloading: https://maven-repository.dev.java.net/nonav/repository/com.sun.jdmk/jars/jmxtools-1.2.1.jar
> 357/357b
> 357b downloaded  (jmxtools-1.2.1.jar)
> [WARNING] *** CHECKSUM FAILED - Checksum failed on download: local = '9e1dae7682d2b60d5b17b7d47e20d99d70ba65cf';
remote = '<!DOCTYPE' - IGNORING
> ...
> [INFO] Compilation failure
> ...
> error: error reading /opt/javalibs/com/sun/jdmk/jmxtools/1.2.1/jmxtools-1.2.1.jar; error
in opening zip file
> error: error reading /opt/javalibs/com/sun/jmx/jmxri/1.2.1/jmxri-1.2.1.jar; error in
opening zip file
> Solution (1) - Disable repository (settings.xml).
> Note, it is much more tricky that it seems to be! It gave me hard time before I found
out. Documentation should be improved here.
> 1) Tricky, you have to do it for releases and snapshots. There is no repository wide
disabling option.
> 2) You have to provide not just same (failing) repository URL but more importantly the
same repository ID as it is in ill referencig POM (log4j 2.1.15 in our case)
> 3) Blacklisting repository is something completely different then disabling. Not usable
in this case (?). It is not ad hoc settable by user anyway
> OK, here is the code: 
> <profile>
> 	<id>default</id>
> 	...
> 	<repositories>
> 		<repository>
> 			<id>java.net</id>
> 			<!-- IMPORTANT!!! you have to use same ID as in affected POM otherwise it does
not work -->
> 			<url>https://maven-repository.dev.java.net/nonav/repository</url>
> 			<releases>
> 				<enabled>false</enabled>
> 			</releases>
> 			<snapshots>
> 				<enabled>false</enabled>
> 			</snapshots>
> 		</repository>
> 	</repositories>
> </profile>
> Solution (2) - exclude the "external" sub-dependencies of log4j 2.1.15, like  jmxri,
jmxtools and java mail. And perhaps others. It takes more time to figure out what else "external".
 
> Solution (3) - the best one. Use version log4j 2.1.14 instead. It seems to be OK.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message