[jira] [Comment Edited] (MNG-7375) Potential NPE in o.a.m.artifact.repository.metadata.Metadata.merge(...) with invalid/incomplete plugin metadata
[ https://issues.apache.org/jira/browse/MNG-7375?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17846728#comment-17846728 ] Konrad Windszus edited comment on MNG-7375 at 5/15/24 6:15 PM: --- Although true, this is due to a limitation in modello: https://github.com/codehaus-plexus/modello/blob/8467ab87f95557c8c6409f5ebe613caf240836b3/modello-plugins/modello-plugin-xsd/src/main/java/org/codehaus/modello/plugin/xsd/XsdGenerator.java#L245-L247 Compare with https://github.com/apache/maven/blob/maven-3.9.x/maven-plugin-api/src/main/mdo/plugin.mdo#L75-L80 was (Author: kwin): Although true, this is due to a limitation in modello: https://github.com/codehaus-plexus/modello/blob/8467ab87f95557c8c6409f5ebe613caf240836b3/modello-plugins/modello-plugin-xsd/src/main/java/org/codehaus/modello/plugin/xsd/XsdGenerator.java#L245-L247 > Potential NPE in o.a.m.artifact.repository.metadata.Metadata.merge(...) with > invalid/incomplete plugin metadata > --- > > Key: MNG-7375 > URL: https://issues.apache.org/jira/browse/MNG-7375 > Project: Maven > Issue Type: Improvement > Components: Artifacts and Repositories >Affects Versions: 3.8.4 >Reporter: Konrad Windszus >Priority: Major > Attachments: NEXUS-30749 - Broken groupId metadata and follow-up NPE > during > org.sonatype.nexus.maven.staging.deploy.strategy.AbstractDeployStrategy.deployUp > - Sonatype JIRA.pdf > > > Currently the metadata at > https://repository.apache.org/service/local/repositories/snapshots/content/org/apache/jackrabbit/maven-metadata.xml > contains an invalid entry without a prefix: > {code:xml} > > > > Apache Jackrabbit FileVault - Package Maven Plugin > filevault-package > filevault-package-maven-plugin > > > filevault-package-maven-plugin > filevault-package-maven-plugin > > > > {code} > This leads to an NPE when trying to deploy a new version with > {{org.apache.maven.artifact.deployer.DefaultArtifactDeployer.deploy(...)}}: > {noformat} > Caused by: java.lang.NullPointerException > at org.apache.maven.artifact.repository.metadata.Metadata.merge > (Metadata.java:276) > at > org.apache.maven.artifact.repository.metadata.AbstractRepositoryMetadata.updateRepositoryMetadata > (AbstractRepositoryMetadata.java:121) > at > org.apache.maven.artifact.repository.metadata.AbstractRepositoryMetadata.storeInLocalRepository > (AbstractRepositoryMetadata.java:67) > at org.apache.maven.artifact.repository.metadata.MetadataBridge.merge > (MetadataBridge.java:65) > at org.eclipse.aether.internal.impl.DefaultDeployer.upload > (DefaultDeployer.java:433) > at org.eclipse.aether.internal.impl.DefaultDeployer.deploy > (DefaultDeployer.java:321) > at org.eclipse.aether.internal.impl.DefaultDeployer.deploy > (DefaultDeployer.java:213) > at org.eclipse.aether.internal.impl.DefaultRepositorySystem.deploy > (DefaultRepositorySystem.java:386) > at org.apache.maven.artifact.deployer.DefaultArtifactDeployer.deploy > (DefaultArtifactDeployer.java:142) > {noformat} > Although this happened in the context of using > "[org.sonatype.plugins:nexus-staging-maven-plugin|https://github.com/sonatype/nexus-maven-plugins]:1.6.8; > (issue https://issues.sonatype.org/browse/NEXUS-30749 opened, exported to > [^NEXUS-30749 - Broken groupId metadata and follow-up NPE during > org.sonatype.nexus.maven.staging.deploy.strategy.AbstractDeployStrategy.deployUp > - Sonatype JIRA.pdf] ), the affected code is in Maven. > The metadata is probably invalid but the Metadata class should be more robust > when trying to do the merge in > https://github.com/apache/maven/blob/951b5ee95f40147abbc2bb9d928e408b85d5aef3/maven-repository-metadata/src/main/mdo/metadata.mdo#L100 > and just ignore all plugin entries without all mandatory elements. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Comment Edited] (MNG-7375) Potential NPE in o.a.m.artifact.repository.metadata.Metadata.merge(...) with invalid/incomplete plugin metadata
[ https://issues.apache.org/jira/browse/MNG-7375?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17471521#comment-17471521 ] Michael Osipov edited comment on MNG-7375 at 1/9/22, 9:14 PM: -- I dislike the commit because it addresses a severe symptom and does not fix the cause. It would be suited at MOST for 3.8.x, not 4.0, eventually 3.9. was (Author: michael-o): I dislike the commit because it addresses a severe symptom and does not fix the cause. It would be at MOST suited for 3.8.x, not 4.0, eventually 3.9. > Potential NPE in o.a.m.artifact.repository.metadata.Metadata.merge(...) with > invalid/incomplete plugin metadata > --- > > Key: MNG-7375 > URL: https://issues.apache.org/jira/browse/MNG-7375 > Project: Maven > Issue Type: Improvement > Components: Artifacts and Repositories >Affects Versions: 3.8.4 >Reporter: Konrad Windszus >Priority: Major > Attachments: NEXUS-30749 - Broken groupId metadata and follow-up NPE > during > org.sonatype.nexus.maven.staging.deploy.strategy.AbstractDeployStrategy.deployUp > - Sonatype JIRA.pdf > > > Currently the metadata at > https://repository.apache.org/service/local/repositories/snapshots/content/org/apache/jackrabbit/maven-metadata.xml > contains an invalid entry without a prefix: > {code:xml} > > > > Apache Jackrabbit FileVault - Package Maven Plugin > filevault-package > filevault-package-maven-plugin > > > filevault-package-maven-plugin > filevault-package-maven-plugin > > > > {code} > This leads to an NPE when trying to deploy a new version with > {{org.apache.maven.artifact.deployer.DefaultArtifactDeployer.deploy(...)}}: > {noformat} > Caused by: java.lang.NullPointerException > at org.apache.maven.artifact.repository.metadata.Metadata.merge > (Metadata.java:276) > at > org.apache.maven.artifact.repository.metadata.AbstractRepositoryMetadata.updateRepositoryMetadata > (AbstractRepositoryMetadata.java:121) > at > org.apache.maven.artifact.repository.metadata.AbstractRepositoryMetadata.storeInLocalRepository > (AbstractRepositoryMetadata.java:67) > at org.apache.maven.artifact.repository.metadata.MetadataBridge.merge > (MetadataBridge.java:65) > at org.eclipse.aether.internal.impl.DefaultDeployer.upload > (DefaultDeployer.java:433) > at org.eclipse.aether.internal.impl.DefaultDeployer.deploy > (DefaultDeployer.java:321) > at org.eclipse.aether.internal.impl.DefaultDeployer.deploy > (DefaultDeployer.java:213) > at org.eclipse.aether.internal.impl.DefaultRepositorySystem.deploy > (DefaultRepositorySystem.java:386) > at org.apache.maven.artifact.deployer.DefaultArtifactDeployer.deploy > (DefaultArtifactDeployer.java:142) > {noformat} > Although this happened in the context of using > "[org.sonatype.plugins:nexus-staging-maven-plugin|https://github.com/sonatype/nexus-maven-plugins]:1.6.8; > (issue https://issues.sonatype.org/browse/NEXUS-30749 opened, exported to > [^NEXUS-30749 - Broken groupId metadata and follow-up NPE during > org.sonatype.nexus.maven.staging.deploy.strategy.AbstractDeployStrategy.deployUp > - Sonatype JIRA.pdf] ), the affected code is in Maven. > The metadata is probably invalid but the Metadata class should be more robust > when trying to do the merge in > https://github.com/apache/maven/blob/951b5ee95f40147abbc2bb9d928e408b85d5aef3/maven-repository-metadata/src/main/mdo/metadata.mdo#L100 > and just ignore all plugin entries without all mandatory elements. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Comment Edited] (MNG-7375) Potential NPE in o.a.m.artifact.repository.metadata.Metadata.merge(...) with invalid/incomplete plugin metadata
[ https://issues.apache.org/jira/browse/MNG-7375?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17471268#comment-17471268 ] Herve Boutemy edited comment on MNG-7375 at 1/9/22, 2:56 AM: - pfew, working on nice code cleanup in MPLUGIN-377 opened a big can of worms FYI [~cstamas] & [~gnodet]: I'm not blaming, just letting you see what I learned 10 years ago when trying to do equivalent cleanup. This does not mean that we should refrain to do any cleanup, but I just want to be sure that experience is shared (and I knew when I reviewed the PR and I saw this {{GroupRepositoryMetadata}} was copied/moved, there were serious chances that impact was not really mastered: I intentionally chose to take the risk... :) ) my analysis: - yes, the more resilient the Maven core merging code is, the better: if we can avoid the NPE (and let the "bad" metadata live without failing), it can be interesting - IMHO, Sonatype nexus-staging-plugin is more a sign of an issue in Maven compat decision to contain the {{org.apache.maven.artifact.repository.metadata.GroupRepositoryMetadata}} class: perhaps this class need to be kept in Maven core (I don't know if it's more in maven-core or maven-artifact or maven-repository-metadata) - on Modello discrepency when generating the XSD from a MDO with required=true, this is also some nice fix to do from the can of worms discovery :) : we should at least open an issue at Modello level [https://github.com/codehaus-plexus/modello] [~kwin] {quote}IMHO the XSD together with [https://maven.apache.org/ref/3.8.4/maven-repository-metadata/repository-metadata.html] is the spec. {quote} the spec is more [the MDO|https://github.com/apache/maven/blob/master/maven-repository-metadata/src/main/mdo/metadata.mdo] from which XSD and HTML doc are generated: I worked on the Modello generators (a long time ago), I know compromises had to be done on what to generate from the MDO and its wanted semantics (and it was a huge work to improve Modello consistency: I'm proud of the improvements done, but I know the end result was not perfect) was (Author: hboutemy): pfew, working on nice code cleanup in MPLUGIN-377 opened a big can of worms FYI [~cstamas] & [~gnodet]: I'm not blaming, just letting you see what I learned 10 years ago when trying to do equivalent cleanup. This does not mean that we should refrain to do any cleanup, but I just want to be sure that experience is shared (and I knew when I reviewed the PR and I saw this {{GroupRepositoryMetadata}} was copied/moved, there were serious chances that impact was not really mastered: I intentionally chose to take the risk... :) ) my analysis: - yes, the more resilient the Maven core merging code is, the better: if we can avoid the NPE (and let the "bad" metadata live without failing), it can be interesting - IMHO, Sonatype nexus-staging-plugin is more a sign of an issue in Maven compat decision to contain the {{org.apache.maven.artifact.repository.metadata.GroupRepositoryMetadata}} class: perhaps this class need to be kept in Maven core (I don't know if it's more in maven-core or maven-artifact or maven-repository-metadata) - on Modello discrepency when generating the XSD from a MDO with required=true, this is also some nice fix to do from the can of worms discovery :) : we should at least open an issue at Modello level https://github.com/codehaus-plexus/modello > Potential NPE in o.a.m.artifact.repository.metadata.Metadata.merge(...) with > invalid/incomplete plugin metadata > --- > > Key: MNG-7375 > URL: https://issues.apache.org/jira/browse/MNG-7375 > Project: Maven > Issue Type: Improvement > Components: Artifacts and Repositories >Affects Versions: 3.8.4 >Reporter: Konrad Windszus >Priority: Major > Attachments: NEXUS-30749 - Broken groupId metadata and follow-up NPE > during > org.sonatype.nexus.maven.staging.deploy.strategy.AbstractDeployStrategy.deployUp > - Sonatype JIRA.pdf > > > Currently the metadata at > https://repository.apache.org/service/local/repositories/snapshots/content/org/apache/jackrabbit/maven-metadata.xml > contains an invalid entry without a prefix: > {code:xml} > > > > Apache Jackrabbit FileVault - Package Maven Plugin > filevault-package > filevault-package-maven-plugin > > > filevault-package-maven-plugin > filevault-package-maven-plugin > > > > {code} > This leads to an NPE when trying to deploy a new version with > {{org.apache.maven.artifact.deployer.DefaultArtifactDeployer.deploy(...)}}: > {noformat} > Caused by: java.lang.NullPointerException > at org.apache.maven.artifact.repository.metadata.Metadata.merge >
[jira] [Comment Edited] (MNG-7375) Potential NPE in o.a.m.artifact.repository.metadata.Metadata.merge(...) with invalid/incomplete plugin metadata
[ https://issues.apache.org/jira/browse/MNG-7375?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17471268#comment-17471268 ] Herve Boutemy edited comment on MNG-7375 at 1/9/22, 2:35 AM: - pfew, working on nice code cleanup in MPLUGIN-377 opened a big can of worms FYI [~cstamas] & [~gnodet]: I'm not blaming, just letting you see what I learned 10 years ago when trying to do equivalent cleanup. This does not mean that we should refrain to do any cleanup, but I just want to be sure that experience is shared (and I knew when I reviewed the PR and I saw this {{GroupRepositoryMetadata}} was copied/moved, there were serious chances that impact was not really mastered: I intentionally chose to take the risk... :) ) my analysis: - yes, the more resilient the Maven core merging code is, the better: if we can avoid the NPE (and let the "bad" metadata live without failing), it can be interesting - IMHO, Sonatype nexus-staging-plugin is more a sign of an issue in Maven compat decision to contain the {{org.apache.maven.artifact.repository.metadata.GroupRepositoryMetadata}} class: perhaps this class need to be kept in Maven core (I don't know if it's more in maven-core or maven-artifact or maven-repository-metadata) - on Modello discrepency when generating the XSD from a MDO with required=true, this is also some nice fix to do from the can of worms discovery :) : we should at least open an issue at Modello level https://github.com/codehaus-plexus/modello was (Author: hboutemy): pfew, working on nice code cleanup in MPLUGIN-377 opened a big can of worms FYI [~cstamas] & [~gnodet]: I'm not blaming, just letting you see what I learned 10 years ago when trying to do equivalent cleanup. This does not mean that we should refrain to do any cleanup, but I just want to be sure that experience is shared (and I knew when I reviewed the PR and I saw this {{GroupRepositoryMetadata}} was copied/moved, there were serious chances that impact was not really mastered: I intentionally chose to take the risk... :) ) my analysis: - yes, the more resilient the Maven core merging code is, the better: if we can avoid the NPE (and let the "bad" metadata live without failing), it can be interesting - IMHO, Sonatype nexus-staging-plugin is more a sign of an issue in Maven compat decision to contain the {{org.apache.maven.artifact.repository.metadata.GroupRepositoryMetadata}} class: perhaps this class need to be kept in Maven core (I don't know if it's more in maven-core or maven-artifact or maven-repository-metadata) - on Modello discrepency when generating the XSD from a MDO with required=true, this is also some nice fix to do from the can of worms discovery :) > Potential NPE in o.a.m.artifact.repository.metadata.Metadata.merge(...) with > invalid/incomplete plugin metadata > --- > > Key: MNG-7375 > URL: https://issues.apache.org/jira/browse/MNG-7375 > Project: Maven > Issue Type: Improvement > Components: Artifacts and Repositories >Affects Versions: 3.8.4 >Reporter: Konrad Windszus >Priority: Major > Attachments: NEXUS-30749 - Broken groupId metadata and follow-up NPE > during > org.sonatype.nexus.maven.staging.deploy.strategy.AbstractDeployStrategy.deployUp > - Sonatype JIRA.pdf > > > Currently the metadata at > https://repository.apache.org/service/local/repositories/snapshots/content/org/apache/jackrabbit/maven-metadata.xml > contains an invalid entry without a prefix: > {code:xml} > > > > Apache Jackrabbit FileVault - Package Maven Plugin > filevault-package > filevault-package-maven-plugin > > > filevault-package-maven-plugin > filevault-package-maven-plugin > > > > {code} > This leads to an NPE when trying to deploy a new version with > {{org.apache.maven.artifact.deployer.DefaultArtifactDeployer.deploy(...)}}: > {noformat} > Caused by: java.lang.NullPointerException > at org.apache.maven.artifact.repository.metadata.Metadata.merge > (Metadata.java:276) > at > org.apache.maven.artifact.repository.metadata.AbstractRepositoryMetadata.updateRepositoryMetadata > (AbstractRepositoryMetadata.java:121) > at > org.apache.maven.artifact.repository.metadata.AbstractRepositoryMetadata.storeInLocalRepository > (AbstractRepositoryMetadata.java:67) > at org.apache.maven.artifact.repository.metadata.MetadataBridge.merge > (MetadataBridge.java:65) > at org.eclipse.aether.internal.impl.DefaultDeployer.upload > (DefaultDeployer.java:433) > at org.eclipse.aether.internal.impl.DefaultDeployer.deploy > (DefaultDeployer.java:321) > at org.eclipse.aether.internal.impl.DefaultDeployer.deploy > (DefaultDeployer.java:213) > at
[jira] [Comment Edited] (MNG-7375) Potential NPE in o.a.m.artifact.repository.metadata.Metadata.merge(...) with invalid/incomplete plugin metadata
[ https://issues.apache.org/jira/browse/MNG-7375?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17471268#comment-17471268 ] Herve Boutemy edited comment on MNG-7375 at 1/9/22, 2:34 AM: - pfew, working on nice code cleanup in MPLUGIN-377 opened a big can of worms FYI [~cstamas] & [~gnodet]: I'm not blaming, just letting you see what I learned 10 years ago when trying to do equivalent cleanup. This does not mean that we should refrain to do any cleanup, but I just want to be sure that experience is shared (and I knew when I reviewed the PR and I saw this {{GroupRepositoryMetadata}} was copied/moved, there were serious chances that impact was not really mastered: I intentionally chose to take the risk... :) ) my analysis: - yes, the more resilient the Maven core merging code is, the better: if we can avoid the NPE (and let the "bad" metadata live without failing), it can be interesting - IMHO, Sonatype nexus-staging-plugin is more a sign of an issue in Maven compat decision to contain the {{org.apache.maven.artifact.repository.metadata.GroupRepositoryMetadata}} class: perhaps this class need to be kept in Maven core (I don't know if it's more in maven-core or maven-artifact or maven-repository-metadata) - on Modello discrepency when generating the XSD from a MDO with required=true, this is also some nice fix to do from the can of worms discovery :) was (Author: hboutemy): pfew, working on nice code cleanup in MPLUGIN-377 opened a big can of worms FYI [~cstamas] & [~gnodet]: I'm not blaming, just letting you see what I learned 10 years ago when trying to do equivalent cleanup. This does not mean that we should refrain to do any cleanup, but I just want to be sure that experience is shared (and I knew when I reviewed the PR and I saw this {{GroupRepositoryMetadata}} was copied/moved, there were serious chances that impact was not really mastered: I intentionally chose to take the risk... :) ) my analysis: - yes, the more resilient the Maven core merging code is, the better: if we can avoid the NPE (and let the "bad" metadata live without failing), it can be interesting - IMHO, Sonatype nexus-staging-plugin is more a sign of an issue in Maven compat decision to contain the {{org.apache.maven.artifact.repository.metadata.GroupRepositoryMetadata}} class: perhaps this class need to be kept in Maven core (I don't know if it's more in maven-core or maven-artifact or maven-repository-metadata) > Potential NPE in o.a.m.artifact.repository.metadata.Metadata.merge(...) with > invalid/incomplete plugin metadata > --- > > Key: MNG-7375 > URL: https://issues.apache.org/jira/browse/MNG-7375 > Project: Maven > Issue Type: Improvement > Components: Artifacts and Repositories >Affects Versions: 3.8.4 >Reporter: Konrad Windszus >Priority: Major > Attachments: NEXUS-30749 - Broken groupId metadata and follow-up NPE > during > org.sonatype.nexus.maven.staging.deploy.strategy.AbstractDeployStrategy.deployUp > - Sonatype JIRA.pdf > > > Currently the metadata at > https://repository.apache.org/service/local/repositories/snapshots/content/org/apache/jackrabbit/maven-metadata.xml > contains an invalid entry without a prefix: > {code:xml} > > > > Apache Jackrabbit FileVault - Package Maven Plugin > filevault-package > filevault-package-maven-plugin > > > filevault-package-maven-plugin > filevault-package-maven-plugin > > > > {code} > This leads to an NPE when trying to deploy a new version with > {{org.apache.maven.artifact.deployer.DefaultArtifactDeployer.deploy(...)}}: > {noformat} > Caused by: java.lang.NullPointerException > at org.apache.maven.artifact.repository.metadata.Metadata.merge > (Metadata.java:276) > at > org.apache.maven.artifact.repository.metadata.AbstractRepositoryMetadata.updateRepositoryMetadata > (AbstractRepositoryMetadata.java:121) > at > org.apache.maven.artifact.repository.metadata.AbstractRepositoryMetadata.storeInLocalRepository > (AbstractRepositoryMetadata.java:67) > at org.apache.maven.artifact.repository.metadata.MetadataBridge.merge > (MetadataBridge.java:65) > at org.eclipse.aether.internal.impl.DefaultDeployer.upload > (DefaultDeployer.java:433) > at org.eclipse.aether.internal.impl.DefaultDeployer.deploy > (DefaultDeployer.java:321) > at org.eclipse.aether.internal.impl.DefaultDeployer.deploy > (DefaultDeployer.java:213) > at org.eclipse.aether.internal.impl.DefaultRepositorySystem.deploy > (DefaultRepositorySystem.java:386) > at org.apache.maven.artifact.deployer.DefaultArtifactDeployer.deploy > (DefaultArtifactDeployer.java:142) > {noformat} > Although this
[jira] [Comment Edited] (MNG-7375) Potential NPE in o.a.m.artifact.repository.metadata.Metadata.merge(...) with invalid/incomplete plugin metadata
[ https://issues.apache.org/jira/browse/MNG-7375?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17471268#comment-17471268 ] Herve Boutemy edited comment on MNG-7375 at 1/9/22, 2:32 AM: - pfew, working on nice code cleanup in MPLUGIN-377 opened a big can of worms FYI [~cstamas] & [~gnodet]: I'm not blaming, just letting you see what I learned 10 years ago when trying to do equivalent cleanup. This does not mean that we should refrain to do any cleanup, but I just want to be sure that experience is shared (and I knew when I reviewed the PR and I saw this {{GroupRepositoryMetadata}} was copied/moved, there were serious chances that impact was not really mastered: I intentionally chose to take the risk... :) ) my analysis: - yes, the more resilient the Maven core merging code is, the better: if we can avoid the NPE (and let the "bad" metadata live without failing), it can be interesting - IMHO, Sonatype nexus-staging-plugin is more a sign of an issue in Maven compat decision to contain the {{org.apache.maven.artifact.repository.metadata.GroupRepositoryMetadata}} class: perhaps this class need to be kept in Maven core (I don't know if it's more in maven-core or maven-artifact or maven-repository-metadata) was (Author: hboutemy): pfew, working on nice code cleanup in MPLUGIN-377 opened a big can of worms FYI [~cstamas] & [~gnodet]: I'm not blaming, just letting you see what I learned 10 years ago when trying to do equivalent cleanup. This does not mean that we should refrain to do any cleanup, but I just want to be sure that experience is shared (and I knew when I reviewed the PR and I saw this {{GroupRepositoryMetadata}} was copied, there were serious chances that impact was not really mastered: I intentionally chose to take the risk... :) ) my analysis: - yes, the more resilient the Maven core merging code is, the better: if we can avoid the NPE (and let the "bad" metadata live without failing), it can be interesting - IMHO, Sonatype nexus-staging-plugin is more a sign of an issue in Maven compat decision to contain the {{org.apache.maven.artifact.repository.metadata.GroupRepositoryMetadata}} class: perhaps this class need to be kept in Maven core (I don't know if it's more in maven-core or maven-artifact or maven-repository-metadata) > Potential NPE in o.a.m.artifact.repository.metadata.Metadata.merge(...) with > invalid/incomplete plugin metadata > --- > > Key: MNG-7375 > URL: https://issues.apache.org/jira/browse/MNG-7375 > Project: Maven > Issue Type: Improvement > Components: Artifacts and Repositories >Affects Versions: 3.8.4 >Reporter: Konrad Windszus >Priority: Major > Attachments: NEXUS-30749 - Broken groupId metadata and follow-up NPE > during > org.sonatype.nexus.maven.staging.deploy.strategy.AbstractDeployStrategy.deployUp > - Sonatype JIRA.pdf > > > Currently the metadata at > https://repository.apache.org/service/local/repositories/snapshots/content/org/apache/jackrabbit/maven-metadata.xml > contains an invalid entry without a prefix: > {code:xml} > > > > Apache Jackrabbit FileVault - Package Maven Plugin > filevault-package > filevault-package-maven-plugin > > > filevault-package-maven-plugin > filevault-package-maven-plugin > > > > {code} > This leads to an NPE when trying to deploy a new version with > {{org.apache.maven.artifact.deployer.DefaultArtifactDeployer.deploy(...)}}: > {noformat} > Caused by: java.lang.NullPointerException > at org.apache.maven.artifact.repository.metadata.Metadata.merge > (Metadata.java:276) > at > org.apache.maven.artifact.repository.metadata.AbstractRepositoryMetadata.updateRepositoryMetadata > (AbstractRepositoryMetadata.java:121) > at > org.apache.maven.artifact.repository.metadata.AbstractRepositoryMetadata.storeInLocalRepository > (AbstractRepositoryMetadata.java:67) > at org.apache.maven.artifact.repository.metadata.MetadataBridge.merge > (MetadataBridge.java:65) > at org.eclipse.aether.internal.impl.DefaultDeployer.upload > (DefaultDeployer.java:433) > at org.eclipse.aether.internal.impl.DefaultDeployer.deploy > (DefaultDeployer.java:321) > at org.eclipse.aether.internal.impl.DefaultDeployer.deploy > (DefaultDeployer.java:213) > at org.eclipse.aether.internal.impl.DefaultRepositorySystem.deploy > (DefaultRepositorySystem.java:386) > at org.apache.maven.artifact.deployer.DefaultArtifactDeployer.deploy > (DefaultArtifactDeployer.java:142) > {noformat} > Although this happened in the context of using > "org.sonatype.plugins:nexus-staging-maven-plugin:1.6.8" > (https://issues.sonatype.org/browse/NEXUS-30749, exported to
[jira] [Comment Edited] (MNG-7375) Potential NPE in o.a.m.artifact.repository.metadata.Metadata.merge(...) with invalid/incomplete plugin metadata
[ https://issues.apache.org/jira/browse/MNG-7375?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17471268#comment-17471268 ] Herve Boutemy edited comment on MNG-7375 at 1/9/22, 2:32 AM: - pfew, working on nice code cleanup in MPLUGIN-377 opened a big can of worms FYI [~cstamas] & [~gnodet]: I'm not blaming, just letting you see what I learned 10 years ago when trying to do equivalent cleanup. This does not mean that we should refrain to do any cleanup, but I just want to be sure that experience is shared (and I knew when I reviewed the PR and I saw this {{GroupRepositoryMetadata}} was copied, there were serious chances that impact was not really mastered: I intentionally chose to take the risk... :) ) my analysis: - yes, the more resilient the Maven core merging code is, the better: if we can avoid the NPE (and let the "bad" metadata live without failing), it can be interesting - IMHO, Sonatype nexus-staging-plugin is more a sign of an issue in Maven compat decision to contain the {{org.apache.maven.artifact.repository.metadata.GroupRepositoryMetadata}} class: perhaps this class need to be kept in Maven core (I don't know if it's more in maven-core or maven-artifact or maven-repository-metadata) was (Author: hboutemy): pfew, working on nice code cleanup in MPLUGIN-377 opened a big can of worms FYI [~cstamas] & [~gnodet]: I'm not blaming, just letting you see what I learned 10 years ago when trying to do equivalent cleanup. This does not mean that we should refrain to do any cleanup, but I just want to be sure that experience is shared my analysis: - yes, the more resilient the Maven core merging code is, the better: if we can avoid the NPE (and let the "bad" metadata live without failing), it can be interesting - IMHO, Sonatype nexus-staging-plugin is more a sign of an issue in Maven compat decision to contain the {{org.apache.maven.artifact.repository.metadata.GroupRepositoryMetadata}} class: perhaps this class need to be kept in Maven core (I don't know if it's more in maven-core or maven-artifact or maven-repository-metadata) > Potential NPE in o.a.m.artifact.repository.metadata.Metadata.merge(...) with > invalid/incomplete plugin metadata > --- > > Key: MNG-7375 > URL: https://issues.apache.org/jira/browse/MNG-7375 > Project: Maven > Issue Type: Improvement > Components: Artifacts and Repositories >Affects Versions: 3.8.4 >Reporter: Konrad Windszus >Priority: Major > Attachments: NEXUS-30749 - Broken groupId metadata and follow-up NPE > during > org.sonatype.nexus.maven.staging.deploy.strategy.AbstractDeployStrategy.deployUp > - Sonatype JIRA.pdf > > > Currently the metadata at > https://repository.apache.org/service/local/repositories/snapshots/content/org/apache/jackrabbit/maven-metadata.xml > contains an invalid entry without a prefix: > {code:xml} > > > > Apache Jackrabbit FileVault - Package Maven Plugin > filevault-package > filevault-package-maven-plugin > > > filevault-package-maven-plugin > filevault-package-maven-plugin > > > > {code} > This leads to an NPE when trying to deploy a new version with > {{org.apache.maven.artifact.deployer.DefaultArtifactDeployer.deploy(...)}}: > {noformat} > Caused by: java.lang.NullPointerException > at org.apache.maven.artifact.repository.metadata.Metadata.merge > (Metadata.java:276) > at > org.apache.maven.artifact.repository.metadata.AbstractRepositoryMetadata.updateRepositoryMetadata > (AbstractRepositoryMetadata.java:121) > at > org.apache.maven.artifact.repository.metadata.AbstractRepositoryMetadata.storeInLocalRepository > (AbstractRepositoryMetadata.java:67) > at org.apache.maven.artifact.repository.metadata.MetadataBridge.merge > (MetadataBridge.java:65) > at org.eclipse.aether.internal.impl.DefaultDeployer.upload > (DefaultDeployer.java:433) > at org.eclipse.aether.internal.impl.DefaultDeployer.deploy > (DefaultDeployer.java:321) > at org.eclipse.aether.internal.impl.DefaultDeployer.deploy > (DefaultDeployer.java:213) > at org.eclipse.aether.internal.impl.DefaultRepositorySystem.deploy > (DefaultRepositorySystem.java:386) > at org.apache.maven.artifact.deployer.DefaultArtifactDeployer.deploy > (DefaultArtifactDeployer.java:142) > {noformat} > Although this happened in the context of using > "org.sonatype.plugins:nexus-staging-maven-plugin:1.6.8" > (https://issues.sonatype.org/browse/NEXUS-30749, exported to [^NEXUS-30749 - > Broken groupId metadata and follow-up NPE during > org.sonatype.nexus.maven.staging.deploy.strategy.AbstractDeployStrategy.deployUp > - Sonatype JIRA.pdf] ) the affected code is in Maven. > The