[
https://issues.apache.org/jira/browse/MNG-5964?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15110159#comment-15110159
]
Hendy Irawan edited comment on MNG-5964 at 1/22/16 9:53 AM:
------------------------------------------------------------
Workaround is to put this in {{~/.m2.settings.xml}} :
{code}
<profile>
<id>openjena.disable</id>
<activation>
<activeByDefault>true</activeByDefault>
</activation>
<repositories>
<!-- https://issues.apache.org/jira/browse/MNG-5964 -->
<repository>
<id>repo-jena</id>
<name>Jena Maven - Repository</name>
<url>http://openjena.org/repo</url>
<releases>
<enabled>false</enabled>
</releases>
<snapshots>
<enabled>false</enabled>
</snapshots>
</repository>
<repository>
<id>repo-jena-dev</id>
<name>Jena Maven - Development Repository</name>
<layout>default</layout>
<url>http://openjena.org/repo-dev</url>
<releases>
<enabled>false</enabled>
</releases>
<snapshots>
<enabled>false</enabled>
</snapshots>
</repository>
</repositories>
</profile>
{code}
I argue that this should be handled automatically by Maven and there's no need
for user to do this manually, in addition to the trouble/skills needed to
diagnose the problem, even when you know the workaround: there could be a bunch
of those hidden in transitive dependencies!
This is exactly why we have checksum validation so let's put it to good use.
And besides, the corrupt website returns {{text/html}} for both POM and JAR
URLs, so it should be enough to discard them immediately.
was (Author: ceefour):
Workaround is to put this in {{~/.m2.settings.xml}} :
{code}
<profile>
<id>openjena.disable</id>
<activation>
<activeByDefault>true</activeByDefault>
</activation>
<repositories>
<!-- https://issues.apache.org/jira/browse/MNG-5964 -->
<repository>
<id>repo-jena</id>
<name>Jena Maven - Repository</name>
<url>http://openjena.org/repo</url>
<releases>
<enabled>false</enabled>
</releases>
<snapshots>
<enabled>false</enabled>
</snapshots>
</repository>
<repository>
<id>repo-jena-dev</id>
<name>Jena Maven - Development Repository</name>
<layout>default</layout>
<url>http://openjena.org/repo-dev</url>
<releases>
<enabled>false</enabled>
</releases>
<snapshots>
<enabled>true</enabled>
</snapshots>
</repository>
</repositories>
</profile>
{code}
I argue that this should be handled automatically by Maven and there's no need
for user to do this manually, in addition to the trouble/skills needed to
diagnose the problem, even when you know the workaround: there could be a bunch
of those hidden in transitive dependencies!
This is exactly why we have checksum validation so let's put it to good use.
And besides, the corrupt website returns {{text/html}} for both POM and JAR
URLs, so it should be enough to discard them immediately.
> Corrupt artifact from stale repository makes build fail, even though correct
> artifact is available
> --------------------------------------------------------------------------------------------------
>
> Key: MNG-5964
> URL: https://issues.apache.org/jira/browse/MNG-5964
> Project: Maven
> Issue Type: Bug
> Components: Artifacts and Repositories
> Affects Versions: 3.2.1
> Reporter: Hendy Irawan
> Priority: Critical
>
> This POM
> (https://repo1.maven.org/maven2/com/hp/hpl/jena/jena/2.6.4/jena-2.6.4.pom)
> includes an external repository which is: http://openjena.org/repo
> Unfortunately, that repo is now a parking page. Which makes builds
> problematic.
> {code}
> [INFO] Downloading:
> https://repository-soluvas.forge.cloudbees.com/release/com/hp/hpl/jena/iri/0.8/iri-0.8.pom
> [INFO] Downloading:
> http://repo.cloudbees.com/content/groups/public/com/hp/hpl/jena/iri/0.8/iri-0.8.pom
> [INFO] Downloaded:
> http://repo.cloudbees.com/content/groups/public/com/hp/hpl/jena/iri/0.8/iri-0.8.pom
> (6 KB at 568.1 KB/sec)
> [INFO] Downloading:
> http://nexus.bippo.co.id/nexus/content/groups/public/com/hp/hpl/jena/iri/0.8/iri-0.8.pom
> [INFO] Downloading:
> http://jasperreports.sourceforge.net/maven2/com/hp/hpl/jena/iri/0.8/iri-0.8.pom
> [INFO] Downloading:
> http://jaspersoft.artifactoryonline.com/jaspersoft/third-party-ce-artifacts/com/hp/hpl/jena/iri/0.8/iri-0.8.pom
> [INFO] Downloading:
> http://morphia.googlecode.com/svn/mavenrepo/com/hp/hpl/jena/iri/0.8/iri-0.8.pom
> [INFO] Downloading:
> http://repo.typesafe.com/typesafe/releases/com/hp/hpl/jena/iri/0.8/iri-0.8.pom
> [INFO] Downloading:
> http://m2.neo4j.org/content/repositories/releases/com/hp/hpl/jena/iri/0.8/iri-0.8.pom
> [INFO] Downloading:
> http://repo.spring.io/milestone/com/hp/hpl/jena/iri/0.8/iri-0.8.pom
> [INFO] Downloading:
> http://openjena.org/repo/com/hp/hpl/jena/iri/0.8/iri-0.8.pom
> [WARNING] Checksum validation failed, expected <!DOCTYPE but is
> e88206ec93de9f9b6b3259b07aa32e8e00cb90d3 for
> http://openjena.org/repo/com/hp/hpl/jena/iri/0.8/iri-0.8.pom
> [WARNING] Checksum validation failed, expected <!DOCTYPE but is
> f173aa41f57e9b1d170e42cf6b6f3be5a8882168 for
> http://openjena.org/repo/com/hp/hpl/jena/iri/0.8/iri-0.8.pom
> [INFO] Downloaded:
> http://openjena.org/repo/com/hp/hpl/jena/iri/0.8/iri-0.8.pom (21 KB at 22.3
> KB/sec)
> [INFO] Downloading:
> http://openjena.org/repo-dev/com/hp/hpl/jena/iri/0.8/iri-0.8.pom
> [WARNING] Checksum validation failed, expected <!DOCTYPE but is
> 893c64b2141598ad999c3540c5f0ff24c38ce7ce for
> http://openjena.org/repo-dev/com/hp/hpl/jena/iri/0.8/iri-0.8.pom
> [WARNING] Checksum validation failed, expected <!DOCTYPE but is
> a2a942560bf2e1838cf48f9adc7042443e5adb3b for
> http://openjena.org/repo-dev/com/hp/hpl/jena/iri/0.8/iri-0.8.pom
> [INFO] Downloaded:
> http://openjena.org/repo-dev/com/hp/hpl/jena/iri/0.8/iri-0.8.pom (21 KB at
> 26.7 KB/sec)
> [WARNING] The POM for com.hp.hpl.jena:iri:jar:0.8 is invalid, transitive
> dependencies (if any) will not be available, enable debug logging for more
> details
> {code}
> Exact same thing also happens for the JARs.
> Please notice that the correct POMs and JARs are available from the other
> repository (repo.cloudbees.com proxy), but Maven ignores that and continues
> to use the corrupt artifacts, which causes:
> {code}
> [INFO] --- maven-compiler-plugin:3.3:compile (default-compile) @
> id.co.bippo.cart ---
> [INFO] Changes detected - recompiling the module!
> [INFO] Compiling 82 source files to
> /scratch/jenkins/workspace/bippo-commerce/cart/target/classes
> [ERROR] error reading
> /scratch/jenkins/workspace/bippo-commerce/.repository/com/hp/hpl/jena/iri/0.8/iri-0.8.jar;
> error in opening zip file
> [ERROR] error reading
> /scratch/jenkins/workspace/bippo-commerce/.repository/com/ibm/icu/icu4j/3.4.4/icu4j-3.4.4.jar;
> error in opening zip file
> [ERROR] error reading
> /scratch/jenkins/workspace/bippo-commerce/.repository/org/slf4j/slf4j-log4j12/1.7.12/slf4j-log4j12-1.7.12.jar;
> error in opening zip file
> [ERROR] error reading
> /scratch/jenkins/workspace/bippo-commerce/.repository/log4j/log4j/1.2.13/log4j-1.2.13.jar;
> error in opening zip file
> [ERROR] error reading
> /scratch/jenkins/workspace/bippo-commerce/.repository/com/hp/hpl/jena/iri/0.8/iri-0.8.jar;
> error in opening zip file
> [ERROR] error reading
> /scratch/jenkins/workspace/bippo-commerce/.repository/com/ibm/icu/icu4j/3.4.4/icu4j-3.4.4.jar;
> error in opening zip file
> [ERROR] error reading
> /scratch/jenkins/workspace/bippo-commerce/.repository/org/slf4j/slf4j-log4j12/1.7.12/slf4j-log4j12-1.7.12.jar;
> error in opening zip file
> [ERROR] error reading
> /scratch/jenkins/workspace/bippo-commerce/.repository/log4j/log4j/1.2.13/log4j-1.2.13.jar;
> error in opening zip file
> {code}
> which makes the build fail.
> Please:
> 1. Ignore artifacts from invalid repos when there are correct artifacts from
> other repo
> 2. Have a way to blacklist repos globally, preferably using ~/.m2/settings.xml
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
