maven-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hendy Irawan (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (MNG-5964) Corrupt artifact from stale repository makes build fail, even though correct artifact is available
Date Fri, 22 Jan 2016 09:54:39 GMT

    [ https://issues.apache.org/jira/browse/MNG-5964?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15110159#comment-15110159
] 

Hendy Irawan edited comment on MNG-5964 at 1/22/16 9:53 AM:
------------------------------------------------------------

Workaround is to put this in {{~/.m2.settings.xml}} :

{code}
<profile>
	<id>openjena.disable</id>
	<activation>
		<activeByDefault>true</activeByDefault>
	</activation>
	<repositories>
		<!-- https://issues.apache.org/jira/browse/MNG-5964 -->
		<repository>
			<id>repo-jena</id>
			<name>Jena Maven - Repository</name>
			<url>http://openjena.org/repo</url>
			<releases>
				<enabled>false</enabled>
			</releases>
			<snapshots>
				<enabled>false</enabled>
			</snapshots>
		</repository>
		<repository>
			<id>repo-jena-dev</id>
			<name>Jena Maven - Development Repository</name>
			<layout>default</layout>
			<url>http://openjena.org/repo-dev</url>
			<releases>
				<enabled>false</enabled>
			</releases>
			<snapshots>
				<enabled>false</enabled>
			</snapshots>
		</repository>
	</repositories>
</profile>
{code}

I argue that this should be handled automatically by Maven and there's no need for user to
do this manually, in addition to the trouble/skills needed to diagnose the problem, even when
you know the workaround: there could be a bunch of those hidden in transitive dependencies!

This is exactly why we have checksum validation so let's put it to good use. And besides,
the corrupt website returns {{text/html}} for both POM and JAR URLs, so it should be enough
to discard them immediately.


was (Author: ceefour):
Workaround is to put this in {{~/.m2.settings.xml}} :

{code}
            <profile>
                <id>openjena.disable</id>
                <activation>
                    <activeByDefault>true</activeByDefault>
                </activation>
                <repositories>
                    <!-- https://issues.apache.org/jira/browse/MNG-5964 -->
                    <repository>
                        <id>repo-jena</id>
                        <name>Jena Maven - Repository</name>
                        <url>http://openjena.org/repo</url>
                        <releases>
                            <enabled>false</enabled>
                        </releases>
                        <snapshots>
                            <enabled>false</enabled>
                        </snapshots>
                    </repository>
                    <repository>
                        <id>repo-jena-dev</id>
                        <name>Jena Maven - Development Repository</name>
                        <layout>default</layout>
                        <url>http://openjena.org/repo-dev</url>
                        <releases>
                            <enabled>false</enabled>
                        </releases>
                        <snapshots>
                            <enabled>true</enabled>
                        </snapshots>
                    </repository>
                </repositories>
            </profile>
{code}

I argue that this should be handled automatically by Maven and there's no need for user to
do this manually, in addition to the trouble/skills needed to diagnose the problem, even when
you know the workaround: there could be a bunch of those hidden in transitive dependencies!

This is exactly why we have checksum validation so let's put it to good use. And besides,
the corrupt website returns {{text/html}} for both POM and JAR URLs, so it should be enough
to discard them immediately.

> Corrupt artifact from stale repository makes build fail, even though correct artifact
is available
> --------------------------------------------------------------------------------------------------
>
>                 Key: MNG-5964
>                 URL: https://issues.apache.org/jira/browse/MNG-5964
>             Project: Maven
>          Issue Type: Bug
>          Components: Artifacts and Repositories
>    Affects Versions: 3.2.1
>            Reporter: Hendy Irawan
>            Priority: Critical
>
> This POM (https://repo1.maven.org/maven2/com/hp/hpl/jena/jena/2.6.4/jena-2.6.4.pom) includes
an external repository which is: http://openjena.org/repo
> Unfortunately, that repo is now a parking page. Which makes builds problematic.
> {code}
> [INFO] Downloading: https://repository-soluvas.forge.cloudbees.com/release/com/hp/hpl/jena/iri/0.8/iri-0.8.pom
> [INFO] Downloading: http://repo.cloudbees.com/content/groups/public/com/hp/hpl/jena/iri/0.8/iri-0.8.pom
> [INFO] Downloaded: http://repo.cloudbees.com/content/groups/public/com/hp/hpl/jena/iri/0.8/iri-0.8.pom
(6 KB at 568.1 KB/sec)
> [INFO] Downloading: http://nexus.bippo.co.id/nexus/content/groups/public/com/hp/hpl/jena/iri/0.8/iri-0.8.pom
> [INFO] Downloading: http://jasperreports.sourceforge.net/maven2/com/hp/hpl/jena/iri/0.8/iri-0.8.pom
> [INFO] Downloading: http://jaspersoft.artifactoryonline.com/jaspersoft/third-party-ce-artifacts/com/hp/hpl/jena/iri/0.8/iri-0.8.pom
> [INFO] Downloading: http://morphia.googlecode.com/svn/mavenrepo/com/hp/hpl/jena/iri/0.8/iri-0.8.pom
> [INFO] Downloading: http://repo.typesafe.com/typesafe/releases/com/hp/hpl/jena/iri/0.8/iri-0.8.pom
> [INFO] Downloading: http://m2.neo4j.org/content/repositories/releases/com/hp/hpl/jena/iri/0.8/iri-0.8.pom
> [INFO] Downloading: http://repo.spring.io/milestone/com/hp/hpl/jena/iri/0.8/iri-0.8.pom
> [INFO] Downloading: http://openjena.org/repo/com/hp/hpl/jena/iri/0.8/iri-0.8.pom
> [WARNING] Checksum validation failed, expected <!DOCTYPE but is e88206ec93de9f9b6b3259b07aa32e8e00cb90d3
for http://openjena.org/repo/com/hp/hpl/jena/iri/0.8/iri-0.8.pom
> [WARNING] Checksum validation failed, expected <!DOCTYPE but is f173aa41f57e9b1d170e42cf6b6f3be5a8882168
for http://openjena.org/repo/com/hp/hpl/jena/iri/0.8/iri-0.8.pom
> [INFO] Downloaded: http://openjena.org/repo/com/hp/hpl/jena/iri/0.8/iri-0.8.pom (21 KB
at 22.3 KB/sec)
> [INFO] Downloading: http://openjena.org/repo-dev/com/hp/hpl/jena/iri/0.8/iri-0.8.pom
> [WARNING] Checksum validation failed, expected <!DOCTYPE but is 893c64b2141598ad999c3540c5f0ff24c38ce7ce
for http://openjena.org/repo-dev/com/hp/hpl/jena/iri/0.8/iri-0.8.pom
> [WARNING] Checksum validation failed, expected <!DOCTYPE but is a2a942560bf2e1838cf48f9adc7042443e5adb3b
for http://openjena.org/repo-dev/com/hp/hpl/jena/iri/0.8/iri-0.8.pom
> [INFO] Downloaded: http://openjena.org/repo-dev/com/hp/hpl/jena/iri/0.8/iri-0.8.pom (21
KB at 26.7 KB/sec)
> [WARNING] The POM for com.hp.hpl.jena:iri:jar:0.8 is invalid, transitive dependencies
(if any) will not be available, enable debug logging for more details
> {code}
> Exact same thing also happens for the JARs.
> Please notice that the correct POMs and JARs are available from the other repository
(repo.cloudbees.com proxy), but Maven ignores that and continues to use the corrupt artifacts,
which causes:
> {code}
> [INFO] --- maven-compiler-plugin:3.3:compile (default-compile) @ id.co.bippo.cart ---
> [INFO] Changes detected - recompiling the module!
> [INFO] Compiling 82 source files to /scratch/jenkins/workspace/bippo-commerce/cart/target/classes
> [ERROR] error reading /scratch/jenkins/workspace/bippo-commerce/.repository/com/hp/hpl/jena/iri/0.8/iri-0.8.jar;
error in opening zip file
> [ERROR] error reading /scratch/jenkins/workspace/bippo-commerce/.repository/com/ibm/icu/icu4j/3.4.4/icu4j-3.4.4.jar;
error in opening zip file
> [ERROR] error reading /scratch/jenkins/workspace/bippo-commerce/.repository/org/slf4j/slf4j-log4j12/1.7.12/slf4j-log4j12-1.7.12.jar;
error in opening zip file
> [ERROR] error reading /scratch/jenkins/workspace/bippo-commerce/.repository/log4j/log4j/1.2.13/log4j-1.2.13.jar;
error in opening zip file
> [ERROR] error reading /scratch/jenkins/workspace/bippo-commerce/.repository/com/hp/hpl/jena/iri/0.8/iri-0.8.jar;
error in opening zip file
> [ERROR] error reading /scratch/jenkins/workspace/bippo-commerce/.repository/com/ibm/icu/icu4j/3.4.4/icu4j-3.4.4.jar;
error in opening zip file
> [ERROR] error reading /scratch/jenkins/workspace/bippo-commerce/.repository/org/slf4j/slf4j-log4j12/1.7.12/slf4j-log4j12-1.7.12.jar;
error in opening zip file
> [ERROR] error reading /scratch/jenkins/workspace/bippo-commerce/.repository/log4j/log4j/1.2.13/log4j-1.2.13.jar;
error in opening zip file
> {code}
> which makes the build fail.
> Please:
> 1. Ignore artifacts from invalid repos when there are correct artifacts from other repo
> 2. Have a way to blacklist repos globally, preferably using ~/.m2/settings.xml



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message