maven-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jan Uhlir (JIRA)" <j...@codehaus.org>
Subject [jira] Created: (MNG-4473) log4j 1.2.15 points to nonfuctional maven-repository.dev.java.net packages breaking whole build
Date Mon, 30 Nov 2009 19:30:55 GMT
log4j 1.2.15 points to nonfuctional maven-repository.dev.java.net packages breaking whole build
-----------------------------------------------------------------------------------------------

                 Key: MNG-4473
                 URL: http://jira.codehaus.org/browse/MNG-4473
             Project: Maven 2
          Issue Type: Bug
    Affects Versions: 2.2.1
            Reporter: Jan Uhlir


Log4j 2.1.15 dependency from central repository has dependencies linked to https://maven-repository.dev.java.net/nonav/repository
-  jmxri, jmxtools and java mail (and others?). These denpendencies are broken or the whole
external repository is unaccesible by now.

Is it even permitted to have "external" dependency for a package in central repository? 

I found it hard to find how to disable a repository (block a repository) so I am using this
opportunity for a micro how to for unlucky ones like me.

Troubled dependency definition:
<dependency>
	<groupId>log4j</groupId>
	<artifactId>log4j</artifactId>
	<version>1.2.15</version>
</dependency>

Error log (shortened) ----------------------

[INFO] Scanning for projects...
...
[INFO] Copying 1 resource
Downloading: https://maven-repository.dev.java.net/nonav/repository/com.sun.jmx/jars/jmxri-1.2.1.jar
Downloading: https://maven-repository.dev.java.net/nonav/repository/com.sun.jdmk/jars/jmxtools-1.2.1.jar
353/353b
353b downloaded  (jmxri-1.2.1.jar)
357/357b
357b downloaded  (jmxtools-1.2.1.jar)
[WARNING] *** CHECKSUM FAILED - Checksum failed on download: local = 'a55ce8e95c9bb027e78557acc9e2b973fe3c611e';
remote = '<!DOCTYPE' - RETRYING
Downloading: https://maven-repository.dev.java.net/nonav/repository/com.sun.jmx/jars/jmxri-1.2.1.jar
353/353b
353b downloaded  (jmxri-1.2.1.jar)
[WARNING] [WARNING] *** CHECKSUM FAILED - Checksum failed on download: local = 'a55ce8e95c9bb027e78557acc9e2b973fe3c611e';
remote = '<!DOCTYPE' - IGNORING
*** CHECKSUM FAILED - Checksum failed on download: local = '9e1dae7682d2b60d5b17b7d47e20d99d70ba65cf';
remote = '<!DOCTYPE' - RETRYING
Downloading: https://maven-repository.dev.java.net/nonav/repository/com.sun.jdmk/jars/jmxtools-1.2.1.jar
357/357b
357b downloaded  (jmxtools-1.2.1.jar)
[WARNING] *** CHECKSUM FAILED - Checksum failed on download: local = '9e1dae7682d2b60d5b17b7d47e20d99d70ba65cf';
remote = '<!DOCTYPE' - IGNORING
...
[INFO] Compilation failure
...
error: error reading /opt/javalibs/com/sun/jdmk/jmxtools/1.2.1/jmxtools-1.2.1.jar; error in
opening zip file
error: error reading /opt/javalibs/com/sun/jmx/jmxri/1.2.1/jmxri-1.2.1.jar; error in opening
zip file

Solution (1) - Disable repository (settings.xml).
Note, it is much more tricky that it seems to be! It gave me hard time before I found out.
Documentation should be improved here.
1) Tricky, you have to do it for releases and snapshots. There is no repository wide disabling
option.
2) You have to provide not just same (failing) repository URL but more importantly the same
repository ID as it is in ill referencig POM (log4j 2.1.15 in our case)
3) Blacklisting repository is something completely different then disabling. Not usable in
this case (?). It is not ad hoc settable by user anyway
OK, here is the code: 
<profile>
	<id>default</id>
	...
	<repositories>
		<repository>
			<id>java.net</id>
			<!-- IMPORTANT!!! you have to use same ID as in affected POM otherwise it does not work
-->
			<url>https://maven-repository.dev.java.net/nonav/repository</url>
			<releases>
				<enabled>false</enabled>
			</releases>
			<snapshots>
				<enabled>false</enabled>
			</snapshots>
		</repository>
	</repositories>
</profile>

Solution (2) - exclude the "external" sub-dependencies of log4j 2.1.15, like  jmxri, jmxtools
and java mail. And perhaps others. It takes more time to figure out what else "external".
 

Solution (3) - the best one. Use version log4j 2.1.14 instead. It seems to be OK.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message