maven-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Carlos Sanchez (JIRA)" <j...@codehaus.org>
Subject [jira] Closed: (MEV-649) log4j 1.2.15 points to nonfuctional maven-repository.dev.java.net packages breaking whole build
Date Wed, 03 Feb 2010 23:58:55 GMT

     [ http://jira.codehaus.org/browse/MEV-649?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Carlos Sanchez closed MEV-649.
------------------------------

    Resolution: Won't Fix
      Assignee: Carlos Sanchez

Log4j team need to fix the pom for their next release, you need to talk to them.

They probably want to make these dependencies optional and they must remove the repositories
section

1) com.sun.jmx:jmxri:jar:1.2.1
2) com.sun.jdmk:jmxtools:jar:1.2.1
3) javax.jms:jms:jar:1.1

In the meantime you can exclude them

> log4j 1.2.15 points to nonfuctional maven-repository.dev.java.net packages breaking whole
build
> -----------------------------------------------------------------------------------------------
>
>                 Key: MEV-649
>                 URL: http://jira.codehaus.org/browse/MEV-649
>             Project: Maven Evangelism
>          Issue Type: Bug
>            Reporter: Jan Uhlir
>            Assignee: Carlos Sanchez
>
> Log4j 2.1.15 dependency from central repository has dependencies linked to https://maven-repository.dev.java.net/nonav/repository
-  jmxri, jmxtools and java mail (and others?). These denpendencies are broken or the whole
external repository is unaccesible by now.
> Is it even permitted to have "external" dependency for a package in central repository?

> I found it hard to find how to disable a repository (block a repository) so I am using
this opportunity for a micro how to for unlucky ones like me.
> Troubled dependency definition:
> <dependency>
> 	<groupId>log4j</groupId>
> 	<artifactId>log4j</artifactId>
> 	<version>1.2.15</version>
> </dependency>
> Error log (shortened) ----------------------
> [INFO] Scanning for projects...
> ...
> [INFO] Copying 1 resource
> Downloading: https://maven-repository.dev.java.net/nonav/repository/com.sun.jmx/jars/jmxri-1.2.1.jar
> Downloading: https://maven-repository.dev.java.net/nonav/repository/com.sun.jdmk/jars/jmxtools-1.2.1.jar
> 353/353b
> 353b downloaded  (jmxri-1.2.1.jar)
> 357/357b
> 357b downloaded  (jmxtools-1.2.1.jar)
> [WARNING] *** CHECKSUM FAILED - Checksum failed on download: local = 'a55ce8e95c9bb027e78557acc9e2b973fe3c611e';
remote = '<!DOCTYPE' - RETRYING
> Downloading: https://maven-repository.dev.java.net/nonav/repository/com.sun.jmx/jars/jmxri-1.2.1.jar
> 353/353b
> 353b downloaded  (jmxri-1.2.1.jar)
> [WARNING] [WARNING] *** CHECKSUM FAILED - Checksum failed on download: local = 'a55ce8e95c9bb027e78557acc9e2b973fe3c611e';
remote = '<!DOCTYPE' - IGNORING
> *** CHECKSUM FAILED - Checksum failed on download: local = '9e1dae7682d2b60d5b17b7d47e20d99d70ba65cf';
remote = '<!DOCTYPE' - RETRYING
> Downloading: https://maven-repository.dev.java.net/nonav/repository/com.sun.jdmk/jars/jmxtools-1.2.1.jar
> 357/357b
> 357b downloaded  (jmxtools-1.2.1.jar)
> [WARNING] *** CHECKSUM FAILED - Checksum failed on download: local = '9e1dae7682d2b60d5b17b7d47e20d99d70ba65cf';
remote = '<!DOCTYPE' - IGNORING
> ...
> [INFO] Compilation failure
> ...
> error: error reading /opt/javalibs/com/sun/jdmk/jmxtools/1.2.1/jmxtools-1.2.1.jar; error
in opening zip file
> error: error reading /opt/javalibs/com/sun/jmx/jmxri/1.2.1/jmxri-1.2.1.jar; error in
opening zip file
> Solution (1) - Disable repository (settings.xml).
> Note, it is much more tricky that it seems to be! It gave me hard time before I found
out. Documentation should be improved here.
> 1) Tricky, you have to do it for releases and snapshots. There is no repository wide
disabling option.
> 2) You have to provide not just same (failing) repository URL but more importantly the
same repository ID as it is in ill referencig POM (log4j 2.1.15 in our case)
> 3) Blacklisting repository is something completely different then disabling. Not usable
in this case (?). It is not ad hoc settable by user anyway
> OK, here is the code: 
> <profile>
> 	<id>default</id>
> 	...
> 	<repositories>
> 		<repository>
> 			<id>java.net</id>
> 			<!-- IMPORTANT!!! you have to use same ID as in affected POM otherwise it does
not work -->
> 			<url>https://maven-repository.dev.java.net/nonav/repository</url>
> 			<releases>
> 				<enabled>false</enabled>
> 			</releases>
> 			<snapshots>
> 				<enabled>false</enabled>
> 			</snapshots>
> 		</repository>
> 	</repositories>
> </profile>
> Solution (2) - exclude the "external" sub-dependencies of log4j 2.1.15, like  jmxri,
jmxtools and java mail. And perhaps others. It takes more time to figure out what else "external".
 
> Solution (3) - the best one. Use version log4j 2.1.14 instead. It seems to be OK.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message