[jira] [Comment Edited] (MNG-7375) Potential NPE in o.a.m.artifact.repository.metadata.Metadata.merge(...) with invalid/incomplete plugin metadata
[
https://issues.apache.org/jira/browse/MNG-7375?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17846728#comment-17846728
]
Konrad Windszus edited comment on MNG-7375 at 5/15/24 6:15 PM:
---
Although true, this is due to a limitation in modello:
https://github.com/codehaus-plexus/modello/blob/8467ab87f95557c8c6409f5ebe613caf240836b3/modello-plugins/modello-plugin-xsd/src/main/java/org/codehaus/modello/plugin/xsd/XsdGenerator.java#L245-L247
Compare with
https://github.com/apache/maven/blob/maven-3.9.x/maven-plugin-api/src/main/mdo/plugin.mdo#L75-L80
was (Author: kwin):
Although true, this is due to a limitation in modello:
https://github.com/codehaus-plexus/modello/blob/8467ab87f95557c8c6409f5ebe613caf240836b3/modello-plugins/modello-plugin-xsd/src/main/java/org/codehaus/modello/plugin/xsd/XsdGenerator.java#L245-L247
> Potential NPE in o.a.m.artifact.repository.metadata.Metadata.merge(...) with
> invalid/incomplete plugin metadata
> ---
>
> Key: MNG-7375
> URL: https://issues.apache.org/jira/browse/MNG-7375
> Project: Maven
> Issue Type: Improvement
> Components: Artifacts and Repositories
>Affects Versions: 3.8.4
>Reporter: Konrad Windszus
>Priority: Major
> Attachments: NEXUS-30749 - Broken groupId metadata and follow-up NPE
> during
> org.sonatype.nexus.maven.staging.deploy.strategy.AbstractDeployStrategy.deployUp
> - Sonatype JIRA.pdf
>
>
> Currently the metadata at
> https://repository.apache.org/service/local/repositories/snapshots/content/org/apache/jackrabbit/maven-metadata.xml
> contains an invalid entry without a prefix:
> {code:xml}
>
>
>
> Apache Jackrabbit FileVault - Package Maven Plugin
> filevault-package
> filevault-package-maven-plugin
>
>
> filevault-package-maven-plugin
> filevault-package-maven-plugin
>
>
>
> {code}
> This leads to an NPE when trying to deploy a new version with
> {{org.apache.maven.artifact.deployer.DefaultArtifactDeployer.deploy(...)}}:
> {noformat}
> Caused by: java.lang.NullPointerException
> at org.apache.maven.artifact.repository.metadata.Metadata.merge
> (Metadata.java:276)
> at
> org.apache.maven.artifact.repository.metadata.AbstractRepositoryMetadata.updateRepositoryMetadata
> (AbstractRepositoryMetadata.java:121)
> at
> org.apache.maven.artifact.repository.metadata.AbstractRepositoryMetadata.storeInLocalRepository
> (AbstractRepositoryMetadata.java:67)
> at org.apache.maven.artifact.repository.metadata.MetadataBridge.merge
> (MetadataBridge.java:65)
> at org.eclipse.aether.internal.impl.DefaultDeployer.upload
> (DefaultDeployer.java:433)
> at org.eclipse.aether.internal.impl.DefaultDeployer.deploy
> (DefaultDeployer.java:321)
> at org.eclipse.aether.internal.impl.DefaultDeployer.deploy
> (DefaultDeployer.java:213)
> at org.eclipse.aether.internal.impl.DefaultRepositorySystem.deploy
> (DefaultRepositorySystem.java:386)
> at org.apache.maven.artifact.deployer.DefaultArtifactDeployer.deploy
> (DefaultArtifactDeployer.java:142)
> {noformat}
> Although this happened in the context of using
> "[org.sonatype.plugins:nexus-staging-maven-plugin|https://github.com/sonatype/nexus-maven-plugins]:1.6.8;
> (issue https://issues.sonatype.org/browse/NEXUS-30749 opened, exported to
> [^NEXUS-30749 - Broken groupId metadata and follow-up NPE during
> org.sonatype.nexus.maven.staging.deploy.strategy.AbstractDeployStrategy.deployUp
> - Sonatype JIRA.pdf] ), the affected code is in Maven.
> The metadata is probably invalid but the Metadata class should be more robust
> when trying to do the merge in
> https://github.com/apache/maven/blob/951b5ee95f40147abbc2bb9d928e408b85d5aef3/maven-repository-metadata/src/main/mdo/metadata.mdo#L100
> and just ignore all plugin entries without all mandatory elements.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Comment Edited] (MNG-7375) Potential NPE in o.a.m.artifact.repository.metadata.Metadata.merge(...) with invalid/incomplete plugin metadata
[
https://issues.apache.org/jira/browse/MNG-7375?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17471521#comment-17471521
]
Michael Osipov edited comment on MNG-7375 at 1/9/22, 9:14 PM:
--
I dislike the commit because it addresses a severe symptom and does not fix the
cause. It would be suited at MOST for 3.8.x, not 4.0, eventually 3.9.
was (Author: michael-o):
I dislike the commit because it addresses a severe symptom and does not fix the
cause. It would be at MOST suited for 3.8.x, not 4.0, eventually 3.9.
> Potential NPE in o.a.m.artifact.repository.metadata.Metadata.merge(...) with
> invalid/incomplete plugin metadata
> ---
>
> Key: MNG-7375
> URL: https://issues.apache.org/jira/browse/MNG-7375
> Project: Maven
> Issue Type: Improvement
> Components: Artifacts and Repositories
>Affects Versions: 3.8.4
>Reporter: Konrad Windszus
>Priority: Major
> Attachments: NEXUS-30749 - Broken groupId metadata and follow-up NPE
> during
> org.sonatype.nexus.maven.staging.deploy.strategy.AbstractDeployStrategy.deployUp
> - Sonatype JIRA.pdf
>
>
> Currently the metadata at
> https://repository.apache.org/service/local/repositories/snapshots/content/org/apache/jackrabbit/maven-metadata.xml
> contains an invalid entry without a prefix:
> {code:xml}
>
>
>
> Apache Jackrabbit FileVault - Package Maven Plugin
> filevault-package
> filevault-package-maven-plugin
>
>
> filevault-package-maven-plugin
> filevault-package-maven-plugin
>
>
>
> {code}
> This leads to an NPE when trying to deploy a new version with
> {{org.apache.maven.artifact.deployer.DefaultArtifactDeployer.deploy(...)}}:
> {noformat}
> Caused by: java.lang.NullPointerException
> at org.apache.maven.artifact.repository.metadata.Metadata.merge
> (Metadata.java:276)
> at
> org.apache.maven.artifact.repository.metadata.AbstractRepositoryMetadata.updateRepositoryMetadata
> (AbstractRepositoryMetadata.java:121)
> at
> org.apache.maven.artifact.repository.metadata.AbstractRepositoryMetadata.storeInLocalRepository
> (AbstractRepositoryMetadata.java:67)
> at org.apache.maven.artifact.repository.metadata.MetadataBridge.merge
> (MetadataBridge.java:65)
> at org.eclipse.aether.internal.impl.DefaultDeployer.upload
> (DefaultDeployer.java:433)
> at org.eclipse.aether.internal.impl.DefaultDeployer.deploy
> (DefaultDeployer.java:321)
> at org.eclipse.aether.internal.impl.DefaultDeployer.deploy
> (DefaultDeployer.java:213)
> at org.eclipse.aether.internal.impl.DefaultRepositorySystem.deploy
> (DefaultRepositorySystem.java:386)
> at org.apache.maven.artifact.deployer.DefaultArtifactDeployer.deploy
> (DefaultArtifactDeployer.java:142)
> {noformat}
> Although this happened in the context of using
> "[org.sonatype.plugins:nexus-staging-maven-plugin|https://github.com/sonatype/nexus-maven-plugins]:1.6.8;
> (issue https://issues.sonatype.org/browse/NEXUS-30749 opened, exported to
> [^NEXUS-30749 - Broken groupId metadata and follow-up NPE during
> org.sonatype.nexus.maven.staging.deploy.strategy.AbstractDeployStrategy.deployUp
> - Sonatype JIRA.pdf] ), the affected code is in Maven.
> The metadata is probably invalid but the Metadata class should be more robust
> when trying to do the merge in
> https://github.com/apache/maven/blob/951b5ee95f40147abbc2bb9d928e408b85d5aef3/maven-repository-metadata/src/main/mdo/metadata.mdo#L100
> and just ignore all plugin entries without all mandatory elements.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
[jira] [Comment Edited] (MNG-7375) Potential NPE in o.a.m.artifact.repository.metadata.Metadata.merge(...) with invalid/incomplete plugin metadata
[
https://issues.apache.org/jira/browse/MNG-7375?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17471268#comment-17471268
]
Herve Boutemy edited comment on MNG-7375 at 1/9/22, 2:56 AM:
-
pfew, working on nice code cleanup in MPLUGIN-377 opened a big can of worms
FYI [~cstamas] & [~gnodet]: I'm not blaming, just letting you see what I
learned 10 years ago when trying to do equivalent cleanup. This does not mean
that we should refrain to do any cleanup, but I just want to be sure that
experience is shared (and I knew when I reviewed the PR and I saw this
{{GroupRepositoryMetadata}} was copied/moved, there were serious chances that
impact was not really mastered: I intentionally chose to take the risk... :) )
my analysis:
- yes, the more resilient the Maven core merging code is, the better: if we
can avoid the NPE (and let the "bad" metadata live without failing), it can be
interesting
- IMHO, Sonatype nexus-staging-plugin is more a sign of an issue in Maven
compat decision to contain the
{{org.apache.maven.artifact.repository.metadata.GroupRepositoryMetadata}}
class: perhaps this class need to be kept in Maven core (I don't know if it's
more in maven-core or maven-artifact or maven-repository-metadata)
- on Modello discrepency when generating the XSD from a MDO with
required=true, this is also some nice fix to do from the can of worms discovery
:) : we should at least open an issue at Modello level
[https://github.com/codehaus-plexus/modello]
[~kwin]
{quote}IMHO the XSD together with
[https://maven.apache.org/ref/3.8.4/maven-repository-metadata/repository-metadata.html]
is the spec.
{quote}
the spec is more [the
MDO|https://github.com/apache/maven/blob/master/maven-repository-metadata/src/main/mdo/metadata.mdo]
from which XSD and HTML doc are generated: I worked on the Modello generators
(a long time ago), I know compromises had to be done on what to generate from
the MDO and its wanted semantics (and it was a huge work to improve Modello
consistency: I'm proud of the improvements done, but I know the end result was
not perfect)
was (Author: hboutemy):
pfew, working on nice code cleanup in MPLUGIN-377 opened a big can of worms
FYI [~cstamas] & [~gnodet]: I'm not blaming, just letting you see what I
learned 10 years ago when trying to do equivalent cleanup. This does not mean
that we should refrain to do any cleanup, but I just want to be sure that
experience is shared (and I knew when I reviewed the PR and I saw this
{{GroupRepositoryMetadata}} was copied/moved, there were serious chances that
impact was not really mastered: I intentionally chose to take the risk... :) )
my analysis:
- yes, the more resilient the Maven core merging code is, the better: if we can
avoid the NPE (and let the "bad" metadata live without failing), it can be
interesting
- IMHO, Sonatype nexus-staging-plugin is more a sign of an issue in Maven
compat decision to contain the
{{org.apache.maven.artifact.repository.metadata.GroupRepositoryMetadata}}
class: perhaps this class need to be kept in Maven core (I don't know if it's
more in maven-core or maven-artifact or maven-repository-metadata)
- on Modello discrepency when generating the XSD from a MDO with required=true,
this is also some nice fix to do from the can of worms discovery :) : we should
at least open an issue at Modello level
https://github.com/codehaus-plexus/modello
> Potential NPE in o.a.m.artifact.repository.metadata.Metadata.merge(...) with
> invalid/incomplete plugin metadata
> ---
>
> Key: MNG-7375
> URL: https://issues.apache.org/jira/browse/MNG-7375
> Project: Maven
> Issue Type: Improvement
> Components: Artifacts and Repositories
>Affects Versions: 3.8.4
>Reporter: Konrad Windszus
>Priority: Major
> Attachments: NEXUS-30749 - Broken groupId metadata and follow-up NPE
> during
> org.sonatype.nexus.maven.staging.deploy.strategy.AbstractDeployStrategy.deployUp
> - Sonatype JIRA.pdf
>
>
> Currently the metadata at
> https://repository.apache.org/service/local/repositories/snapshots/content/org/apache/jackrabbit/maven-metadata.xml
> contains an invalid entry without a prefix:
> {code:xml}
>
>
>
> Apache Jackrabbit FileVault - Package Maven Plugin
> filevault-package
> filevault-package-maven-plugin
>
>
> filevault-package-maven-plugin
> filevault-package-maven-plugin
>
>
>
> {code}
> This leads to an NPE when trying to deploy a new version with
> {{org.apache.maven.artifact.deployer.DefaultArtifactDeployer.deploy(...)}}:
> {noformat}
> Caused by: java.lang.NullPointerException
> at org.apache.maven.artifact.repository.metadata.Metadata.merge
>
[jira] [Comment Edited] (MNG-7375) Potential NPE in o.a.m.artifact.repository.metadata.Metadata.merge(...) with invalid/incomplete plugin metadata
[
https://issues.apache.org/jira/browse/MNG-7375?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17471268#comment-17471268
]
Herve Boutemy edited comment on MNG-7375 at 1/9/22, 2:35 AM:
-
pfew, working on nice code cleanup in MPLUGIN-377 opened a big can of worms
FYI [~cstamas] & [~gnodet]: I'm not blaming, just letting you see what I
learned 10 years ago when trying to do equivalent cleanup. This does not mean
that we should refrain to do any cleanup, but I just want to be sure that
experience is shared (and I knew when I reviewed the PR and I saw this
{{GroupRepositoryMetadata}} was copied/moved, there were serious chances that
impact was not really mastered: I intentionally chose to take the risk... :) )
my analysis:
- yes, the more resilient the Maven core merging code is, the better: if we can
avoid the NPE (and let the "bad" metadata live without failing), it can be
interesting
- IMHO, Sonatype nexus-staging-plugin is more a sign of an issue in Maven
compat decision to contain the
{{org.apache.maven.artifact.repository.metadata.GroupRepositoryMetadata}}
class: perhaps this class need to be kept in Maven core (I don't know if it's
more in maven-core or maven-artifact or maven-repository-metadata)
- on Modello discrepency when generating the XSD from a MDO with required=true,
this is also some nice fix to do from the can of worms discovery :) : we should
at least open an issue at Modello level
https://github.com/codehaus-plexus/modello
was (Author: hboutemy):
pfew, working on nice code cleanup in MPLUGIN-377 opened a big can of worms
FYI [~cstamas] & [~gnodet]: I'm not blaming, just letting you see what I
learned 10 years ago when trying to do equivalent cleanup. This does not mean
that we should refrain to do any cleanup, but I just want to be sure that
experience is shared (and I knew when I reviewed the PR and I saw this
{{GroupRepositoryMetadata}} was copied/moved, there were serious chances that
impact was not really mastered: I intentionally chose to take the risk... :) )
my analysis:
- yes, the more resilient the Maven core merging code is, the better: if we can
avoid the NPE (and let the "bad" metadata live without failing), it can be
interesting
- IMHO, Sonatype nexus-staging-plugin is more a sign of an issue in Maven
compat decision to contain the
{{org.apache.maven.artifact.repository.metadata.GroupRepositoryMetadata}}
class: perhaps this class need to be kept in Maven core (I don't know if it's
more in maven-core or maven-artifact or maven-repository-metadata)
- on Modello discrepency when generating the XSD from a MDO with required=true,
this is also some nice fix to do from the can of worms discovery :)
> Potential NPE in o.a.m.artifact.repository.metadata.Metadata.merge(...) with
> invalid/incomplete plugin metadata
> ---
>
> Key: MNG-7375
> URL: https://issues.apache.org/jira/browse/MNG-7375
> Project: Maven
> Issue Type: Improvement
> Components: Artifacts and Repositories
>Affects Versions: 3.8.4
>Reporter: Konrad Windszus
>Priority: Major
> Attachments: NEXUS-30749 - Broken groupId metadata and follow-up NPE
> during
> org.sonatype.nexus.maven.staging.deploy.strategy.AbstractDeployStrategy.deployUp
> - Sonatype JIRA.pdf
>
>
> Currently the metadata at
> https://repository.apache.org/service/local/repositories/snapshots/content/org/apache/jackrabbit/maven-metadata.xml
> contains an invalid entry without a prefix:
> {code:xml}
>
>
>
> Apache Jackrabbit FileVault - Package Maven Plugin
> filevault-package
> filevault-package-maven-plugin
>
>
> filevault-package-maven-plugin
> filevault-package-maven-plugin
>
>
>
> {code}
> This leads to an NPE when trying to deploy a new version with
> {{org.apache.maven.artifact.deployer.DefaultArtifactDeployer.deploy(...)}}:
> {noformat}
> Caused by: java.lang.NullPointerException
> at org.apache.maven.artifact.repository.metadata.Metadata.merge
> (Metadata.java:276)
> at
> org.apache.maven.artifact.repository.metadata.AbstractRepositoryMetadata.updateRepositoryMetadata
> (AbstractRepositoryMetadata.java:121)
> at
> org.apache.maven.artifact.repository.metadata.AbstractRepositoryMetadata.storeInLocalRepository
> (AbstractRepositoryMetadata.java:67)
> at org.apache.maven.artifact.repository.metadata.MetadataBridge.merge
> (MetadataBridge.java:65)
> at org.eclipse.aether.internal.impl.DefaultDeployer.upload
> (DefaultDeployer.java:433)
> at org.eclipse.aether.internal.impl.DefaultDeployer.deploy
> (DefaultDeployer.java:321)
> at org.eclipse.aether.internal.impl.DefaultDeployer.deploy
> (DefaultDeployer.java:213)
> at
[jira] [Comment Edited] (MNG-7375) Potential NPE in o.a.m.artifact.repository.metadata.Metadata.merge(...) with invalid/incomplete plugin metadata
[
https://issues.apache.org/jira/browse/MNG-7375?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17471268#comment-17471268
]
Herve Boutemy edited comment on MNG-7375 at 1/9/22, 2:34 AM:
-
pfew, working on nice code cleanup in MPLUGIN-377 opened a big can of worms
FYI [~cstamas] & [~gnodet]: I'm not blaming, just letting you see what I
learned 10 years ago when trying to do equivalent cleanup. This does not mean
that we should refrain to do any cleanup, but I just want to be sure that
experience is shared (and I knew when I reviewed the PR and I saw this
{{GroupRepositoryMetadata}} was copied/moved, there were serious chances that
impact was not really mastered: I intentionally chose to take the risk... :) )
my analysis:
- yes, the more resilient the Maven core merging code is, the better: if we can
avoid the NPE (and let the "bad" metadata live without failing), it can be
interesting
- IMHO, Sonatype nexus-staging-plugin is more a sign of an issue in Maven
compat decision to contain the
{{org.apache.maven.artifact.repository.metadata.GroupRepositoryMetadata}}
class: perhaps this class need to be kept in Maven core (I don't know if it's
more in maven-core or maven-artifact or maven-repository-metadata)
- on Modello discrepency when generating the XSD from a MDO with required=true,
this is also some nice fix to do from the can of worms discovery :)
was (Author: hboutemy):
pfew, working on nice code cleanup in MPLUGIN-377 opened a big can of worms
FYI [~cstamas] & [~gnodet]: I'm not blaming, just letting you see what I
learned 10 years ago when trying to do equivalent cleanup. This does not mean
that we should refrain to do any cleanup, but I just want to be sure that
experience is shared (and I knew when I reviewed the PR and I saw this
{{GroupRepositoryMetadata}} was copied/moved, there were serious chances that
impact was not really mastered: I intentionally chose to take the risk... :) )
my analysis:
- yes, the more resilient the Maven core merging code is, the better: if we can
avoid the NPE (and let the "bad" metadata live without failing), it can be
interesting
- IMHO, Sonatype nexus-staging-plugin is more a sign of an issue in Maven
compat decision to contain the
{{org.apache.maven.artifact.repository.metadata.GroupRepositoryMetadata}}
class: perhaps this class need to be kept in Maven core (I don't know if it's
more in maven-core or maven-artifact or maven-repository-metadata)
> Potential NPE in o.a.m.artifact.repository.metadata.Metadata.merge(...) with
> invalid/incomplete plugin metadata
> ---
>
> Key: MNG-7375
> URL: https://issues.apache.org/jira/browse/MNG-7375
> Project: Maven
> Issue Type: Improvement
> Components: Artifacts and Repositories
>Affects Versions: 3.8.4
>Reporter: Konrad Windszus
>Priority: Major
> Attachments: NEXUS-30749 - Broken groupId metadata and follow-up NPE
> during
> org.sonatype.nexus.maven.staging.deploy.strategy.AbstractDeployStrategy.deployUp
> - Sonatype JIRA.pdf
>
>
> Currently the metadata at
> https://repository.apache.org/service/local/repositories/snapshots/content/org/apache/jackrabbit/maven-metadata.xml
> contains an invalid entry without a prefix:
> {code:xml}
>
>
>
> Apache Jackrabbit FileVault - Package Maven Plugin
> filevault-package
> filevault-package-maven-plugin
>
>
> filevault-package-maven-plugin
> filevault-package-maven-plugin
>
>
>
> {code}
> This leads to an NPE when trying to deploy a new version with
> {{org.apache.maven.artifact.deployer.DefaultArtifactDeployer.deploy(...)}}:
> {noformat}
> Caused by: java.lang.NullPointerException
> at org.apache.maven.artifact.repository.metadata.Metadata.merge
> (Metadata.java:276)
> at
> org.apache.maven.artifact.repository.metadata.AbstractRepositoryMetadata.updateRepositoryMetadata
> (AbstractRepositoryMetadata.java:121)
> at
> org.apache.maven.artifact.repository.metadata.AbstractRepositoryMetadata.storeInLocalRepository
> (AbstractRepositoryMetadata.java:67)
> at org.apache.maven.artifact.repository.metadata.MetadataBridge.merge
> (MetadataBridge.java:65)
> at org.eclipse.aether.internal.impl.DefaultDeployer.upload
> (DefaultDeployer.java:433)
> at org.eclipse.aether.internal.impl.DefaultDeployer.deploy
> (DefaultDeployer.java:321)
> at org.eclipse.aether.internal.impl.DefaultDeployer.deploy
> (DefaultDeployer.java:213)
> at org.eclipse.aether.internal.impl.DefaultRepositorySystem.deploy
> (DefaultRepositorySystem.java:386)
> at org.apache.maven.artifact.deployer.DefaultArtifactDeployer.deploy
> (DefaultArtifactDeployer.java:142)
> {noformat}
> Although this
[jira] [Comment Edited] (MNG-7375) Potential NPE in o.a.m.artifact.repository.metadata.Metadata.merge(...) with invalid/incomplete plugin metadata
[
https://issues.apache.org/jira/browse/MNG-7375?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17471268#comment-17471268
]
Herve Boutemy edited comment on MNG-7375 at 1/9/22, 2:32 AM:
-
pfew, working on nice code cleanup in MPLUGIN-377 opened a big can of worms
FYI [~cstamas] & [~gnodet]: I'm not blaming, just letting you see what I
learned 10 years ago when trying to do equivalent cleanup. This does not mean
that we should refrain to do any cleanup, but I just want to be sure that
experience is shared (and I knew when I reviewed the PR and I saw this
{{GroupRepositoryMetadata}} was copied/moved, there were serious chances that
impact was not really mastered: I intentionally chose to take the risk... :) )
my analysis:
- yes, the more resilient the Maven core merging code is, the better: if we can
avoid the NPE (and let the "bad" metadata live without failing), it can be
interesting
- IMHO, Sonatype nexus-staging-plugin is more a sign of an issue in Maven
compat decision to contain the
{{org.apache.maven.artifact.repository.metadata.GroupRepositoryMetadata}}
class: perhaps this class need to be kept in Maven core (I don't know if it's
more in maven-core or maven-artifact or maven-repository-metadata)
was (Author: hboutemy):
pfew, working on nice code cleanup in MPLUGIN-377 opened a big can of worms
FYI [~cstamas] & [~gnodet]: I'm not blaming, just letting you see what I
learned 10 years ago when trying to do equivalent cleanup. This does not mean
that we should refrain to do any cleanup, but I just want to be sure that
experience is shared (and I knew when I reviewed the PR and I saw this
{{GroupRepositoryMetadata}} was copied, there were serious chances that impact
was not really mastered: I intentionally chose to take the risk... :) )
my analysis:
- yes, the more resilient the Maven core merging code is, the better: if we can
avoid the NPE (and let the "bad" metadata live without failing), it can be
interesting
- IMHO, Sonatype nexus-staging-plugin is more a sign of an issue in Maven
compat decision to contain the
{{org.apache.maven.artifact.repository.metadata.GroupRepositoryMetadata}}
class: perhaps this class need to be kept in Maven core (I don't know if it's
more in maven-core or maven-artifact or maven-repository-metadata)
> Potential NPE in o.a.m.artifact.repository.metadata.Metadata.merge(...) with
> invalid/incomplete plugin metadata
> ---
>
> Key: MNG-7375
> URL: https://issues.apache.org/jira/browse/MNG-7375
> Project: Maven
> Issue Type: Improvement
> Components: Artifacts and Repositories
>Affects Versions: 3.8.4
>Reporter: Konrad Windszus
>Priority: Major
> Attachments: NEXUS-30749 - Broken groupId metadata and follow-up NPE
> during
> org.sonatype.nexus.maven.staging.deploy.strategy.AbstractDeployStrategy.deployUp
> - Sonatype JIRA.pdf
>
>
> Currently the metadata at
> https://repository.apache.org/service/local/repositories/snapshots/content/org/apache/jackrabbit/maven-metadata.xml
> contains an invalid entry without a prefix:
> {code:xml}
>
>
>
> Apache Jackrabbit FileVault - Package Maven Plugin
> filevault-package
> filevault-package-maven-plugin
>
>
> filevault-package-maven-plugin
> filevault-package-maven-plugin
>
>
>
> {code}
> This leads to an NPE when trying to deploy a new version with
> {{org.apache.maven.artifact.deployer.DefaultArtifactDeployer.deploy(...)}}:
> {noformat}
> Caused by: java.lang.NullPointerException
> at org.apache.maven.artifact.repository.metadata.Metadata.merge
> (Metadata.java:276)
> at
> org.apache.maven.artifact.repository.metadata.AbstractRepositoryMetadata.updateRepositoryMetadata
> (AbstractRepositoryMetadata.java:121)
> at
> org.apache.maven.artifact.repository.metadata.AbstractRepositoryMetadata.storeInLocalRepository
> (AbstractRepositoryMetadata.java:67)
> at org.apache.maven.artifact.repository.metadata.MetadataBridge.merge
> (MetadataBridge.java:65)
> at org.eclipse.aether.internal.impl.DefaultDeployer.upload
> (DefaultDeployer.java:433)
> at org.eclipse.aether.internal.impl.DefaultDeployer.deploy
> (DefaultDeployer.java:321)
> at org.eclipse.aether.internal.impl.DefaultDeployer.deploy
> (DefaultDeployer.java:213)
> at org.eclipse.aether.internal.impl.DefaultRepositorySystem.deploy
> (DefaultRepositorySystem.java:386)
> at org.apache.maven.artifact.deployer.DefaultArtifactDeployer.deploy
> (DefaultArtifactDeployer.java:142)
> {noformat}
> Although this happened in the context of using
> "org.sonatype.plugins:nexus-staging-maven-plugin:1.6.8"
> (https://issues.sonatype.org/browse/NEXUS-30749, exported to
[jira] [Comment Edited] (MNG-7375) Potential NPE in o.a.m.artifact.repository.metadata.Metadata.merge(...) with invalid/incomplete plugin metadata
[
https://issues.apache.org/jira/browse/MNG-7375?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17471268#comment-17471268
]
Herve Boutemy edited comment on MNG-7375 at 1/9/22, 2:32 AM:
-
pfew, working on nice code cleanup in MPLUGIN-377 opened a big can of worms
FYI [~cstamas] & [~gnodet]: I'm not blaming, just letting you see what I
learned 10 years ago when trying to do equivalent cleanup. This does not mean
that we should refrain to do any cleanup, but I just want to be sure that
experience is shared (and I knew when I reviewed the PR and I saw this
{{GroupRepositoryMetadata}} was copied, there were serious chances that impact
was not really mastered: I intentionally chose to take the risk... :) )
my analysis:
- yes, the more resilient the Maven core merging code is, the better: if we can
avoid the NPE (and let the "bad" metadata live without failing), it can be
interesting
- IMHO, Sonatype nexus-staging-plugin is more a sign of an issue in Maven
compat decision to contain the
{{org.apache.maven.artifact.repository.metadata.GroupRepositoryMetadata}}
class: perhaps this class need to be kept in Maven core (I don't know if it's
more in maven-core or maven-artifact or maven-repository-metadata)
was (Author: hboutemy):
pfew, working on nice code cleanup in MPLUGIN-377 opened a big can of worms
FYI [~cstamas] & [~gnodet]: I'm not blaming, just letting you see what I
learned 10 years ago when trying to do equivalent cleanup. This does not mean
that we should refrain to do any cleanup, but I just want to be sure that
experience is shared
my analysis:
- yes, the more resilient the Maven core merging code is, the better: if we can
avoid the NPE (and let the "bad" metadata live without failing), it can be
interesting
- IMHO, Sonatype nexus-staging-plugin is more a sign of an issue in Maven
compat decision to contain the
{{org.apache.maven.artifact.repository.metadata.GroupRepositoryMetadata}}
class: perhaps this class need to be kept in Maven core (I don't know if it's
more in maven-core or maven-artifact or maven-repository-metadata)
> Potential NPE in o.a.m.artifact.repository.metadata.Metadata.merge(...) with
> invalid/incomplete plugin metadata
> ---
>
> Key: MNG-7375
> URL: https://issues.apache.org/jira/browse/MNG-7375
> Project: Maven
> Issue Type: Improvement
> Components: Artifacts and Repositories
>Affects Versions: 3.8.4
>Reporter: Konrad Windszus
>Priority: Major
> Attachments: NEXUS-30749 - Broken groupId metadata and follow-up NPE
> during
> org.sonatype.nexus.maven.staging.deploy.strategy.AbstractDeployStrategy.deployUp
> - Sonatype JIRA.pdf
>
>
> Currently the metadata at
> https://repository.apache.org/service/local/repositories/snapshots/content/org/apache/jackrabbit/maven-metadata.xml
> contains an invalid entry without a prefix:
> {code:xml}
>
>
>
> Apache Jackrabbit FileVault - Package Maven Plugin
> filevault-package
> filevault-package-maven-plugin
>
>
> filevault-package-maven-plugin
> filevault-package-maven-plugin
>
>
>
> {code}
> This leads to an NPE when trying to deploy a new version with
> {{org.apache.maven.artifact.deployer.DefaultArtifactDeployer.deploy(...)}}:
> {noformat}
> Caused by: java.lang.NullPointerException
> at org.apache.maven.artifact.repository.metadata.Metadata.merge
> (Metadata.java:276)
> at
> org.apache.maven.artifact.repository.metadata.AbstractRepositoryMetadata.updateRepositoryMetadata
> (AbstractRepositoryMetadata.java:121)
> at
> org.apache.maven.artifact.repository.metadata.AbstractRepositoryMetadata.storeInLocalRepository
> (AbstractRepositoryMetadata.java:67)
> at org.apache.maven.artifact.repository.metadata.MetadataBridge.merge
> (MetadataBridge.java:65)
> at org.eclipse.aether.internal.impl.DefaultDeployer.upload
> (DefaultDeployer.java:433)
> at org.eclipse.aether.internal.impl.DefaultDeployer.deploy
> (DefaultDeployer.java:321)
> at org.eclipse.aether.internal.impl.DefaultDeployer.deploy
> (DefaultDeployer.java:213)
> at org.eclipse.aether.internal.impl.DefaultRepositorySystem.deploy
> (DefaultRepositorySystem.java:386)
> at org.apache.maven.artifact.deployer.DefaultArtifactDeployer.deploy
> (DefaultArtifactDeployer.java:142)
> {noformat}
> Although this happened in the context of using
> "org.sonatype.plugins:nexus-staging-maven-plugin:1.6.8"
> (https://issues.sonatype.org/browse/NEXUS-30749, exported to [^NEXUS-30749 -
> Broken groupId metadata and follow-up NPE during
> org.sonatype.nexus.maven.staging.deploy.strategy.AbstractDeployStrategy.deployUp
> - Sonatype JIRA.pdf] ) the affected code is in Maven.
> The
