[ https://issues.apache.org/jira/browse/MNG-5964?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15110159#comment-15110159 ]
Hendy Irawan edited comment on MNG-5964 at 1/21/16 6:38 AM: ------------------------------------------------------------ Workaround is to put this in {{~/.m2.settings.xml}} : {code} <profile> <id>openjena.disable</id> <activation> <activeByDefault>true</activeByDefault> <repositories> <!-- https://issues.apache.org/jira/browse/MNG-5964 --> <repository> <id>repo-jena</id> <name>Jena Maven - Repository</name> <url>http://openjena.org/repo</url> <releases> <enabled>false</enabled> </releases> <snapshots> <enabled>false</enabled> </snapshots> </repository> <repository> <id>repo-jena-dev</id> <name>Jena Maven - Development Repository</name> <layout>default</layout> <url>http://openjena.org/repo-dev</url> <releases> <enabled>false</enabled> </releases> <snapshots> <enabled>true</enabled> </snapshots> </repository> </repositories> </activation> </profile> {code} I argue that this should be handled automatically by Maven and there's no need for user to do this manually, in addition to the trouble/skills needed to diagnose the problem, even when you know the workaround: there could be a bunch of those hidden in transitive dependencies! This is exactly why we have checksum validation so let's put it to good use. And besides, the corrupt website returns {{text/html}} for both POM and JAR URLs, so it should be enough to discard them immediately. was (Author: ceefour): Workaround is to put this in {{~/.m2.settings.xml}} : {code} <profile> <id>openjena.disable</id> <activation> <activeByDefault>true</activeByDefault> <repositories> <!-- https://issues.apache.org/jira/browse/MNG-5964 --> <repository> <id>repo-jena</id> <name>Jena Maven - Repository</name> <url>http://openjena.org/repo</url> <releases> <enabled>false</enabled> </releases> <snapshots> <enabled>false</enabled> </snapshots> </repository> <repository> <id>repo-jena-dev</id> <name>Jena Maven - Development Repository</name> <layout>default</layout> <url>http://openjena.org/repo-dev</url> <releases> <enabled>false</enabled> </releases> <snapshots> <enabled>true</enabled> </snapshots> </repository> </repositories> </activation> </profile> {code} I argue that this should be handled automatically by Maven and there's no need for user to do this manually, in addition to the trouble/skills needed to diagnose the problem, even when you know the workaround: there could be a bunch of those hidden in transitive dependencies! This is exactly why we have checksum validation so let's put it to good use. > Corrupt artifact from stale repository makes build fail, even though correct > artifact is available > -------------------------------------------------------------------------------------------------- > > Key: MNG-5964 > URL: https://issues.apache.org/jira/browse/MNG-5964 > Project: Maven > Issue Type: Bug > Components: Artifacts and Repositories > Affects Versions: 3.2.1 > Reporter: Hendy Irawan > Priority: Critical > > This POM > (https://repo1.maven.org/maven2/com/hp/hpl/jena/jena/2.6.4/jena-2.6.4.pom) > includes an external repository which is: http://openjena.org/repo > Unfortunately, that repo is now a parking page. Which makes builds > problematic. > {code} > [INFO] Downloading: > https://repository-soluvas.forge.cloudbees.com/release/com/hp/hpl/jena/iri/0.8/iri-0.8.pom > [INFO] Downloading: > http://repo.cloudbees.com/content/groups/public/com/hp/hpl/jena/iri/0.8/iri-0.8.pom > [INFO] Downloaded: > http://repo.cloudbees.com/content/groups/public/com/hp/hpl/jena/iri/0.8/iri-0.8.pom > (6 KB at 568.1 KB/sec) > [INFO] Downloading: > http://nexus.bippo.co.id/nexus/content/groups/public/com/hp/hpl/jena/iri/0.8/iri-0.8.pom > [INFO] Downloading: > http://jasperreports.sourceforge.net/maven2/com/hp/hpl/jena/iri/0.8/iri-0.8.pom > [INFO] Downloading: > http://jaspersoft.artifactoryonline.com/jaspersoft/third-party-ce-artifacts/com/hp/hpl/jena/iri/0.8/iri-0.8.pom > [INFO] Downloading: > http://morphia.googlecode.com/svn/mavenrepo/com/hp/hpl/jena/iri/0.8/iri-0.8.pom > [INFO] Downloading: > http://repo.typesafe.com/typesafe/releases/com/hp/hpl/jena/iri/0.8/iri-0.8.pom > [INFO] Downloading: > http://m2.neo4j.org/content/repositories/releases/com/hp/hpl/jena/iri/0.8/iri-0.8.pom > [INFO] Downloading: > http://repo.spring.io/milestone/com/hp/hpl/jena/iri/0.8/iri-0.8.pom > [INFO] Downloading: > http://openjena.org/repo/com/hp/hpl/jena/iri/0.8/iri-0.8.pom > [WARNING] Checksum validation failed, expected <!DOCTYPE but is > e88206ec93de9f9b6b3259b07aa32e8e00cb90d3 for > http://openjena.org/repo/com/hp/hpl/jena/iri/0.8/iri-0.8.pom > [WARNING] Checksum validation failed, expected <!DOCTYPE but is > f173aa41f57e9b1d170e42cf6b6f3be5a8882168 for > http://openjena.org/repo/com/hp/hpl/jena/iri/0.8/iri-0.8.pom > [INFO] Downloaded: > http://openjena.org/repo/com/hp/hpl/jena/iri/0.8/iri-0.8.pom (21 KB at 22.3 > KB/sec) > [INFO] Downloading: > http://openjena.org/repo-dev/com/hp/hpl/jena/iri/0.8/iri-0.8.pom > [WARNING] Checksum validation failed, expected <!DOCTYPE but is > 893c64b2141598ad999c3540c5f0ff24c38ce7ce for > http://openjena.org/repo-dev/com/hp/hpl/jena/iri/0.8/iri-0.8.pom > [WARNING] Checksum validation failed, expected <!DOCTYPE but is > a2a942560bf2e1838cf48f9adc7042443e5adb3b for > http://openjena.org/repo-dev/com/hp/hpl/jena/iri/0.8/iri-0.8.pom > [INFO] Downloaded: > http://openjena.org/repo-dev/com/hp/hpl/jena/iri/0.8/iri-0.8.pom (21 KB at > 26.7 KB/sec) > [WARNING] The POM for com.hp.hpl.jena:iri:jar:0.8 is invalid, transitive > dependencies (if any) will not be available, enable debug logging for more > details > {code} > Exact same thing also happens for the JARs. > Please notice that the correct POMs and JARs are available from the other > repository (repo.cloudbees.com proxy), but Maven ignores that and continues > to use the corrupt artifacts, which causes: > {code} > [INFO] --- maven-compiler-plugin:3.3:compile (default-compile) @ > id.co.bippo.cart --- > [INFO] Changes detected - recompiling the module! > [INFO] Compiling 82 source files to > /scratch/jenkins/workspace/bippo-commerce/cart/target/classes > [ERROR] error reading > /scratch/jenkins/workspace/bippo-commerce/.repository/com/hp/hpl/jena/iri/0.8/iri-0.8.jar; > error in opening zip file > [ERROR] error reading > /scratch/jenkins/workspace/bippo-commerce/.repository/com/ibm/icu/icu4j/3.4.4/icu4j-3.4.4.jar; > error in opening zip file > [ERROR] error reading > /scratch/jenkins/workspace/bippo-commerce/.repository/org/slf4j/slf4j-log4j12/1.7.12/slf4j-log4j12-1.7.12.jar; > error in opening zip file > [ERROR] error reading > /scratch/jenkins/workspace/bippo-commerce/.repository/log4j/log4j/1.2.13/log4j-1.2.13.jar; > error in opening zip file > [ERROR] error reading > /scratch/jenkins/workspace/bippo-commerce/.repository/com/hp/hpl/jena/iri/0.8/iri-0.8.jar; > error in opening zip file > [ERROR] error reading > /scratch/jenkins/workspace/bippo-commerce/.repository/com/ibm/icu/icu4j/3.4.4/icu4j-3.4.4.jar; > error in opening zip file > [ERROR] error reading > /scratch/jenkins/workspace/bippo-commerce/.repository/org/slf4j/slf4j-log4j12/1.7.12/slf4j-log4j12-1.7.12.jar; > error in opening zip file > [ERROR] error reading > /scratch/jenkins/workspace/bippo-commerce/.repository/log4j/log4j/1.2.13/log4j-1.2.13.jar; > error in opening zip file > {code} > which makes the build fail. > Please: > 1. Ignore artifacts from invalid repos when there are correct artifacts from > other repo > 2. Have a way to blacklist repos globally, preferably using ~/.m2/settings.xml -- This message was sent by Atlassian JIRA (v6.3.4#6332)