Re: [PR] Bump org.assertj:assertj-core from 3.25.2 to 3.25.3 [maven-build-cache-extension]
dependabot[bot] merged PR #131: URL: https://github.com/apache/maven-build-cache-extension/pull/131 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Bump org.testcontainers:testcontainers-bom from 1.19.5 to 1.19.7 [maven-build-cache-extension]
dependabot[bot] merged PR #136: URL: https://github.com/apache/maven-build-cache-extension/pull/136 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (MJAR-62) Build-Jdk in Manifest.mf does not reflect which compiler version actually compiled the classes in the jar
[
https://issues.apache.org/jira/browse/MJAR-62?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17830177#comment-17830177
]
ASF GitHub Bot commented on MJAR-62:
elharo commented on code in PR #73:
URL: https://github.com/apache/maven-jar-plugin/pull/73#discussion_r1536701278
##
src/main/java/org/apache/maven/plugins/jar/ToolchainsJdkSpecification.java:
##
@@ -0,0 +1,99 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.maven.plugins.jar;
+
+import javax.inject.Named;
+import javax.inject.Singleton;
+
+import java.io.IOException;
+import java.io.UncheckedIOException;
+import java.nio.file.Path;
+import java.nio.file.Paths;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Optional;
+
+import org.apache.maven.toolchain.Toolchain;
+import org.codehaus.plexus.util.cli.CommandLineException;
+import org.codehaus.plexus.util.cli.CommandLineUtils;
+import org.codehaus.plexus.util.cli.Commandline;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * Component provided JDK specification based on toolchains.
+ */
+@Named
+@Singleton
+class ToolchainsJdkSpecification {
+
+private final Logger logger =
LoggerFactory.getLogger(ToolchainsJdkSpecification.class);
+
+private final Map cache = new HashMap<>();
+
+public synchronized Optional getJDKSpecification(Toolchain
toolchain) {
+Optional javacPath = getJavacPath(toolchain);
+return javacPath.map(path -> cache.computeIfAbsent(path,
this::getSpecForPath));
+}
+
+private Optional getJavacPath(Toolchain toolchain) {
+return
Optional.ofNullable(toolchain.findTool("javac")).map(Paths::get).map(this::getCanonicalPath);
+}
+
+private Path getCanonicalPath(Path path) {
+try {
+return path.toRealPath();
+} catch (IOException e) {
+if (path.getParent() != null) {
+return
getCanonicalPath(path.getParent()).resolve(path.getFileName());
+} else {
+throw new UncheckedIOException(e);
+}
+}
+}
+
+private String getSpecForPath(Path path) {
+try {
+Commandline cl = new Commandline(path.toString());
+cl.createArg().setValue("-version");
+CommandLineUtils.StringStreamConsumer out = new
CommandLineUtils.StringStreamConsumer();
+CommandLineUtils.StringStreamConsumer err = new
CommandLineUtils.StringStreamConsumer();
+CommandLineUtils.executeCommandLine(cl, out, err);
+String version = out.getOutput().trim();
+if (version.isEmpty()) {
+version = err.getOutput().trim();
+}
+if (version.startsWith("javac ")) {
+version = version.substring(6);
+if (version.startsWith("1.")) {
+version = version.substring(0, 3);
+} else {
+version = version.substring(0, 2);
+}
+return version;
+} else {
+logger.warn("Unrecognized output form " + path + " -version -
" + version);
+return null;
+}
+} catch (CommandLineException e) {
Review Comment:
CommandLineException | IndexOutOfBoundsException
> Build-Jdk in Manifest.mf does not reflect which compiler version actually
> compiled the classes in the jar
> -
>
> Key: MJAR-62
> URL: https://issues.apache.org/jira/browse/MJAR-62
> Project: Maven JAR Plugin
> Issue Type: Bug
>Reporter: Stefan Magnus Landrø
>Assignee: Slawomir Jaranowski
>Priority: Major
> Fix For: 3.4.0
>
> Attachments: example-app.zip
>
>
> Manifest.mf does not reflect the version of the compiler that built the jar,
> but defaults to the version that maven runs under: Build-Jdk:
> ${java.version}.
> I believe this makes users uncertain of which compiler was actually used to
> bu
Re: [PR] [MJAR-62] Set Build-Jdk according to used toolchain [maven-jar-plugin]
elharo commented on code in PR #73:
URL: https://github.com/apache/maven-jar-plugin/pull/73#discussion_r1536701278
##
src/main/java/org/apache/maven/plugins/jar/ToolchainsJdkSpecification.java:
##
@@ -0,0 +1,99 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.maven.plugins.jar;
+
+import javax.inject.Named;
+import javax.inject.Singleton;
+
+import java.io.IOException;
+import java.io.UncheckedIOException;
+import java.nio.file.Path;
+import java.nio.file.Paths;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Optional;
+
+import org.apache.maven.toolchain.Toolchain;
+import org.codehaus.plexus.util.cli.CommandLineException;
+import org.codehaus.plexus.util.cli.CommandLineUtils;
+import org.codehaus.plexus.util.cli.Commandline;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * Component provided JDK specification based on toolchains.
+ */
+@Named
+@Singleton
+class ToolchainsJdkSpecification {
+
+private final Logger logger =
LoggerFactory.getLogger(ToolchainsJdkSpecification.class);
+
+private final Map cache = new HashMap<>();
+
+public synchronized Optional getJDKSpecification(Toolchain
toolchain) {
+Optional javacPath = getJavacPath(toolchain);
+return javacPath.map(path -> cache.computeIfAbsent(path,
this::getSpecForPath));
+}
+
+private Optional getJavacPath(Toolchain toolchain) {
+return
Optional.ofNullable(toolchain.findTool("javac")).map(Paths::get).map(this::getCanonicalPath);
+}
+
+private Path getCanonicalPath(Path path) {
+try {
+return path.toRealPath();
+} catch (IOException e) {
+if (path.getParent() != null) {
+return
getCanonicalPath(path.getParent()).resolve(path.getFileName());
+} else {
+throw new UncheckedIOException(e);
+}
+}
+}
+
+private String getSpecForPath(Path path) {
+try {
+Commandline cl = new Commandline(path.toString());
+cl.createArg().setValue("-version");
+CommandLineUtils.StringStreamConsumer out = new
CommandLineUtils.StringStreamConsumer();
+CommandLineUtils.StringStreamConsumer err = new
CommandLineUtils.StringStreamConsumer();
+CommandLineUtils.executeCommandLine(cl, out, err);
+String version = out.getOutput().trim();
+if (version.isEmpty()) {
+version = err.getOutput().trim();
+}
+if (version.startsWith("javac ")) {
+version = version.substring(6);
+if (version.startsWith("1.")) {
+version = version.substring(0, 3);
+} else {
+version = version.substring(0, 2);
+}
+return version;
+} else {
+logger.warn("Unrecognized output form " + path + " -version -
" + version);
+return null;
+}
+} catch (CommandLineException e) {
Review Comment:
CommandLineException | IndexOutOfBoundsException
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[jira] [Commented] (MJAR-62) Build-Jdk in Manifest.mf does not reflect which compiler version actually compiled the classes in the jar
[
https://issues.apache.org/jira/browse/MJAR-62?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17830162#comment-17830162
]
ASF GitHub Bot commented on MJAR-62:
slawekjaranowski commented on code in PR #73:
URL: https://github.com/apache/maven-jar-plugin/pull/73#discussion_r1536684208
##
src/main/java/org/apache/maven/plugins/jar/ToolchainsJdkSpecification.java:
##
@@ -0,0 +1,99 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.maven.plugins.jar;
+
+import javax.inject.Named;
+import javax.inject.Singleton;
+
+import java.io.IOException;
+import java.io.UncheckedIOException;
+import java.nio.file.Path;
+import java.nio.file.Paths;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Optional;
+
+import org.apache.maven.toolchain.Toolchain;
+import org.codehaus.plexus.util.cli.CommandLineException;
+import org.codehaus.plexus.util.cli.CommandLineUtils;
+import org.codehaus.plexus.util.cli.Commandline;
+
+/**
+ * Component provided JDK specification based on toolchains.
+ */
+@Named
+@Singleton
+class ToolchainsJdkSpecification {
+
+private static class UncheckedCommandLineException extends
RuntimeException {
+UncheckedCommandLineException(CommandLineException e) {
+super(e);
+}
+}
+
+private final Map cache = new HashMap<>();
+
+public synchronized Optional getJDKSpecification(Toolchain
toolchain) {
+Optional javacPath = getJavacPath(toolchain);
+return javacPath.map(path -> cache.computeIfAbsent(path,
this::getSpecForPath));
+}
+
+private Optional getJavacPath(Toolchain toolchain) {
+return
Optional.ofNullable(toolchain.findTool("javac")).map(Paths::get).map(this::getCanonicalPath);
+}
+
+private Path getCanonicalPath(Path path) {
+try {
+return path.toRealPath();
+} catch (IOException e) {
+if (path.getParent() != null) {
+return
getCanonicalPath(path.getParent()).resolve(path.getFileName());
+} else {
+throw new UncheckedIOException(e);
+}
+}
+}
+
+private String getSpecForPath(Path path) {
+try {
+Commandline cl = new Commandline(path.toString());
+cl.createArg().setValue("-version");
+CommandLineUtils.StringStreamConsumer out = new
CommandLineUtils.StringStreamConsumer();
+CommandLineUtils.StringStreamConsumer err = new
CommandLineUtils.StringStreamConsumer();
+CommandLineUtils.executeCommandLine(cl, out, err);
+String version = out.getOutput().trim();
+if (version.isEmpty()) {
+version = err.getOutput().trim();
+}
+if (version.startsWith("javac ")) {
+version = version.substring(6);
+if (version.startsWith("1.")) {
+version = version.substring(0, 3);
+} else {
+version = version.substring(0, 2);
+}
+return version;
+} else {
+return null;
+}
+} catch (CommandLineException e) {
+throw new UncheckedCommandLineException(e);
Review Comment:
ok, no exception - only warn about something wrong as it is not critical
build should not be broken
> Build-Jdk in Manifest.mf does not reflect which compiler version actually
> compiled the classes in the jar
> -
>
> Key: MJAR-62
> URL: https://issues.apache.org/jira/browse/MJAR-62
> Project: Maven JAR Plugin
> Issue Type: Bug
>Reporter: Stefan Magnus Landrø
>Assignee: Slawomir Jaranowski
>Priority: Major
> Fix For: 3.4.0
>
> Attachments: example-app.zip
>
>
> Manifest.mf does not reflect the version of the compiler that built the jar,
> but defaults to the version that maven runs under: Build-Jdk:
> ${java.version}.
> I believe this makes
Re: [PR] [MJAR-62] Set Build-Jdk according to used toolchain [maven-jar-plugin]
slawekjaranowski commented on code in PR #73:
URL: https://github.com/apache/maven-jar-plugin/pull/73#discussion_r1536684208
##
src/main/java/org/apache/maven/plugins/jar/ToolchainsJdkSpecification.java:
##
@@ -0,0 +1,99 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.maven.plugins.jar;
+
+import javax.inject.Named;
+import javax.inject.Singleton;
+
+import java.io.IOException;
+import java.io.UncheckedIOException;
+import java.nio.file.Path;
+import java.nio.file.Paths;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Optional;
+
+import org.apache.maven.toolchain.Toolchain;
+import org.codehaus.plexus.util.cli.CommandLineException;
+import org.codehaus.plexus.util.cli.CommandLineUtils;
+import org.codehaus.plexus.util.cli.Commandline;
+
+/**
+ * Component provided JDK specification based on toolchains.
+ */
+@Named
+@Singleton
+class ToolchainsJdkSpecification {
+
+private static class UncheckedCommandLineException extends
RuntimeException {
+UncheckedCommandLineException(CommandLineException e) {
+super(e);
+}
+}
+
+private final Map cache = new HashMap<>();
+
+public synchronized Optional getJDKSpecification(Toolchain
toolchain) {
+Optional javacPath = getJavacPath(toolchain);
+return javacPath.map(path -> cache.computeIfAbsent(path,
this::getSpecForPath));
+}
+
+private Optional getJavacPath(Toolchain toolchain) {
+return
Optional.ofNullable(toolchain.findTool("javac")).map(Paths::get).map(this::getCanonicalPath);
+}
+
+private Path getCanonicalPath(Path path) {
+try {
+return path.toRealPath();
+} catch (IOException e) {
+if (path.getParent() != null) {
+return
getCanonicalPath(path.getParent()).resolve(path.getFileName());
+} else {
+throw new UncheckedIOException(e);
+}
+}
+}
+
+private String getSpecForPath(Path path) {
+try {
+Commandline cl = new Commandline(path.toString());
+cl.createArg().setValue("-version");
+CommandLineUtils.StringStreamConsumer out = new
CommandLineUtils.StringStreamConsumer();
+CommandLineUtils.StringStreamConsumer err = new
CommandLineUtils.StringStreamConsumer();
+CommandLineUtils.executeCommandLine(cl, out, err);
+String version = out.getOutput().trim();
+if (version.isEmpty()) {
+version = err.getOutput().trim();
+}
+if (version.startsWith("javac ")) {
+version = version.substring(6);
+if (version.startsWith("1.")) {
+version = version.substring(0, 3);
+} else {
+version = version.substring(0, 2);
+}
+return version;
+} else {
+return null;
+}
+} catch (CommandLineException e) {
+throw new UncheckedCommandLineException(e);
Review Comment:
ok, no exception - only warn about something wrong as it is not critical
build should not be broken
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[jira] [Closed] (MGPG-115) Show more information about key used to sign
[ https://issues.apache.org/jira/browse/MGPG-115?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Tamas Cservenak closed MGPG-115. Resolution: Fixed > Show more information about key used to sign > > > Key: MGPG-115 > URL: https://issues.apache.org/jira/browse/MGPG-115 > Project: Maven GPG Plugin > Issue Type: Improvement >Reporter: Tamas Cservenak >Assignee: Tamas Cservenak >Priority: Major > Fix For: 3.2.2 > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MGPG-115) Show more information about key used to sign
[ https://issues.apache.org/jira/browse/MGPG-115?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17830161#comment-17830161 ] ASF GitHub Bot commented on MGPG-115: - cstamas merged PR #84: URL: https://github.com/apache/maven-gpg-plugin/pull/84 > Show more information about key used to sign > > > Key: MGPG-115 > URL: https://issues.apache.org/jira/browse/MGPG-115 > Project: Maven GPG Plugin > Issue Type: Improvement >Reporter: Tamas Cservenak >Assignee: Tamas Cservenak >Priority: Major > Fix For: 3.2.2 > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: [PR] [MGPG-115] Show more info about key used to sign [maven-gpg-plugin]
cstamas merged PR #84: URL: https://github.com/apache/maven-gpg-plugin/pull/84 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (MGPG-115) Show more information about key used to sign
[ https://issues.apache.org/jira/browse/MGPG-115?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17830159#comment-17830159 ] ASF GitHub Bot commented on MGPG-115: - cstamas opened a new pull request, #84: URL: https://github.com/apache/maven-gpg-plugin/pull/84 Just show some usable feedback _which key_ is used to sign. --- https://issues.apache.org/jira/browse/MGPG-115 > Show more information about key used to sign > > > Key: MGPG-115 > URL: https://issues.apache.org/jira/browse/MGPG-115 > Project: Maven GPG Plugin > Issue Type: Improvement >Reporter: Tamas Cservenak >Assignee: Tamas Cservenak >Priority: Major > Fix For: 3.2.2 > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[PR] [MGPG-115] Show more info about key used to sign [maven-gpg-plugin]
cstamas opened a new pull request, #84: URL: https://github.com/apache/maven-gpg-plugin/pull/84 Just show some usable feedback _which key_ is used to sign. --- https://issues.apache.org/jira/browse/MGPG-115 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Assigned] (MGPG-115) Show more information about key used to sign
[ https://issues.apache.org/jira/browse/MGPG-115?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Tamas Cservenak reassigned MGPG-115: Assignee: Tamas Cservenak > Show more information about key used to sign > > > Key: MGPG-115 > URL: https://issues.apache.org/jira/browse/MGPG-115 > Project: Maven GPG Plugin > Issue Type: Improvement >Reporter: Tamas Cservenak >Assignee: Tamas Cservenak >Priority: Major > Fix For: 3.2.2 > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (MGPG-115) Show more information about key used to sign
Tamas Cservenak created MGPG-115: Summary: Show more information about key used to sign Key: MGPG-115 URL: https://issues.apache.org/jira/browse/MGPG-115 Project: Maven GPG Plugin Issue Type: Improvement Reporter: Tamas Cservenak Fix For: 3.2.2 -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MGPG-114) BC Allow key size greater than 5KB from file
[ https://issues.apache.org/jira/browse/MGPG-114?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17830154#comment-17830154 ] ASF GitHub Bot commented on MGPG-114: - cstamas merged PR #83: URL: https://github.com/apache/maven-gpg-plugin/pull/83 > BC Allow key size greater than 5KB from file > > > Key: MGPG-114 > URL: https://issues.apache.org/jira/browse/MGPG-114 > Project: Maven GPG Plugin > Issue Type: Improvement >Reporter: Slawomir Jaranowski >Assignee: Tamas Cservenak >Priority: Major > Fix For: 3.2.2 > > > We check file size with key ... but we allow big key from environments > variable. > Even if large key are not recommended they are supported by standard gpg. > We have many keys with size 4096 - https://downloads.apache.org/maven/KEYS -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Closed] (MGPG-114) BC Allow key size greater than 5KB from file
[ https://issues.apache.org/jira/browse/MGPG-114?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Tamas Cservenak closed MGPG-114. Resolution: Fixed > BC Allow key size greater than 5KB from file > > > Key: MGPG-114 > URL: https://issues.apache.org/jira/browse/MGPG-114 > Project: Maven GPG Plugin > Issue Type: Improvement >Reporter: Slawomir Jaranowski >Assignee: Tamas Cservenak >Priority: Major > Fix For: 3.2.2 > > > We check file size with key ... but we allow big key from environments > variable. > Even if large key are not recommended they are supported by standard gpg. > We have many keys with size 4096 - https://downloads.apache.org/maven/KEYS -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: [PR] [MGPG-114] Allow max key size of 16KB [maven-gpg-plugin]
cstamas merged PR #83: URL: https://github.com/apache/maven-gpg-plugin/pull/83 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (MGPG-113) Upgrading from 3.1.0 to 3.2.1 with no other changes causes "gpg:sign-and-deploy-file" failed: 401 Unauthorized
[
https://issues.apache.org/jira/browse/MGPG-113?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17830141#comment-17830141
]
ASF GitHub Bot commented on MGPG-113:
-
cstamas merged PR #82:
URL: https://github.com/apache/maven-gpg-plugin/pull/82
> Upgrading from 3.1.0 to 3.2.1 with no other changes causes
> "gpg:sign-and-deploy-file" failed: 401 Unauthorized
> --
>
> Key: MGPG-113
> URL: https://issues.apache.org/jira/browse/MGPG-113
> Project: Maven GPG Plugin
> Issue Type: Bug
>Affects Versions: 3.2.1
> Environment: ubuntu-22.04 (Ubuntu 22.04 LTS) image
>Reporter: Tim Tim
>Assignee: Tamas Cservenak
>Priority: Major
> Fix For: 3.2.2
>
>
> After upgrading to Maven GPG plugin from 3.1.0 to 3.2.0/3.2.1, the deploy
> command "{*}gpg:sign-and-deploy-file{*} " failed with the message "Failed to
> execute goal
> org.apache.maven.plugins:maven-gpg-plugin:{*}3.2.1:{*}sign-and-deploy-file :
> 401 Unauthorized"
>
> NOTE: *3.1.0* and below version of *gpg:sign-and-deploy-file* works well for
> below CLI
>
> Deploy CLI with plugin *gpg:sign-and-deploy-file*
> ```
> mvn -B -Dmaven.wagon.http.retryHandler.count=3 -DretryFailedDeploymentCount=3
> \
> -s utils/settings.xml gpg:sign-and-deploy-file -Dgpg.passphrase=xxx \
> -Durl=[*https://oss.sonatype.org/service/local/staging/deploy/maven2*|https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Foss.sonatype.org%2Fservice%2Flocal%2Fstaging%2Fdeploy%2Fmaven2&data=05%7C02%7Ctiml%40nvidia.com%7C5e0d0557577441c1496308dc45d023b3%7C43083d15727340c1b7db39efd9ccc17a%7C0%7C0%7C638462007478125085%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=Rlst6EEorq8QFEyvFrypYO5KOOw1Qrtr5hJigYlaxKg%3D&reserved=0]
> -DrepositoryId=ossrh \
> -DgrouId=com.nvidia -DartifactId=test -Dversion=0.1.0 -Dfile=test.jar
> ```
>
>
> SONATYPE_USR/PSW defined as env, utils/settings.xml as below
> ```
> http://maven.apache.org/SETTINGS/1.1.0
> http://maven.apache.org/xsd/settings-1.1.0.xsd|https://nam11.safelinks.protection.outlook.com/?url=http%3A%2F%2Fmaven.apache.org%2FSETTINGS%2F1.1.0%2520http%3A%2Fmaven.apache.org%2Fxsd%2Fsettings-1.1.0.xsd&data=05%7C02%7Ctiml%40nvidia.com%7C5e0d0557577441c1496308dc45d023b3%7C43083d15727340c1b7db39efd9ccc17a%7C0%7C0%7C638462007478130933%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=AwpWIvI2UECpcvWcFD16CHlYCEjRPYgyXuHW07LbQ7M%3D&reserved=0]
>
> xmlns=[http://maven.apache.org/SETTINGS/1.1.0|https://nam11.safelinks.protection.outlook.com/?url=http%3A%2F%2Fmaven.apache.org%2FSETTINGS%2F1.1.0&data=05%7C02%7Ctiml%40nvidia.com%7C5e0d0557577441c1496308dc45d023b3%7C43083d15727340c1b7db39efd9ccc17a%7C0%7C0%7C638462007478137093%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=5985h8YTeXELVjevO0BRSih2SMD8NQeAJnbiBmSEjMI%3D&reserved=0]
>
> xmlns:xsi=[http://www.w3.org/2001/XMLSchema-instance|https://nam11.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.w3.org%2F2001%2FXMLSchema-instance&data=05%7C02%7Ctiml%40nvidia.com%7C5e0d0557577441c1496308dc45d023b3%7C43083d15727340c1b7db39efd9ccc17a%7C0%7C0%7C638462007478142757%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=o0V%2Flpv4yqHaYZPv4etTINHsQIzU09ZQAV2vBDjvz%2BE%3D&reserved=0]>
>
>
> ossrh
> ${env.SONATYPE_USR}
> ${env.SONATYPE_PSW}
>
>
> ..
> ```
>
> Error Logs
>
> ```
> *20:03:52* + mvn -B -Dmaven.wagon.http.retryHandler.count=3
> -DretryFailedDeploymentCount=3 -s utils/settings.xml
> -Durl=[https://oss.sonatype.org/service/local/staging/deploy/maven2]
> -DrepositoryId=ossrh
> org.apache.maven.plugins:maven-gpg-plugin:3.2.1:sign-and-deploy-file
> -Dgpg.executable=nvsec_sign -DgroupId=com.nvidia -DartifactId=test
> -Dversion=0.1.0 -Dfile=test.jar *20:03:52* [INFO] Scanning for projects...
> *20:04:15 [INFO] Uploading to ossrh:
> [https://oss.sonatype.org/service/local/staging/deploy/maven2/com/nvidia/test/0.1.0/test-0.1.0.jar*]
>
> *20:04:15 [ERROR] Failed to execute goal
> org.apache.maven.plugins:maven-gpg-plugin:3.2.1:sign-and-deploy-file
> (default-cli) on project standalone-pom: Error deploying attached artifacts
> [com.nvidia:test:jar:0.1.0, com.nvidia:test:pom:0.1.0,
> com.nvidia:test:jar.asc:0.1.0, com.nvidia:test:pom.asc:0.1.0]: Failed to
> deploy artifacts: Could not transfer artifact com.nvidia:test:jar:0.1.0
> from/to ossrh
> ([https://oss.sonatype.org/service/local/staging/deploy/maven2):] Transfer
> failed for
> [https://oss.sonatype.or
[jira] [Closed] (MGPG-113) Upgrading from 3.1.0 to 3.2.1 with no other changes causes "gpg:sign-and-deploy-file" failed: 401 Unauthorized
[
https://issues.apache.org/jira/browse/MGPG-113?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Tamas Cservenak closed MGPG-113.
Resolution: Fixed
> Upgrading from 3.1.0 to 3.2.1 with no other changes causes
> "gpg:sign-and-deploy-file" failed: 401 Unauthorized
> --
>
> Key: MGPG-113
> URL: https://issues.apache.org/jira/browse/MGPG-113
> Project: Maven GPG Plugin
> Issue Type: Bug
>Affects Versions: 3.2.1
> Environment: ubuntu-22.04 (Ubuntu 22.04 LTS) image
>Reporter: Tim Tim
>Assignee: Tamas Cservenak
>Priority: Major
> Fix For: 3.2.2
>
>
> After upgrading to Maven GPG plugin from 3.1.0 to 3.2.0/3.2.1, the deploy
> command "{*}gpg:sign-and-deploy-file{*} " failed with the message "Failed to
> execute goal
> org.apache.maven.plugins:maven-gpg-plugin:{*}3.2.1:{*}sign-and-deploy-file :
> 401 Unauthorized"
>
> NOTE: *3.1.0* and below version of *gpg:sign-and-deploy-file* works well for
> below CLI
>
> Deploy CLI with plugin *gpg:sign-and-deploy-file*
> ```
> mvn -B -Dmaven.wagon.http.retryHandler.count=3 -DretryFailedDeploymentCount=3
> \
> -s utils/settings.xml gpg:sign-and-deploy-file -Dgpg.passphrase=xxx \
> -Durl=[*https://oss.sonatype.org/service/local/staging/deploy/maven2*|https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Foss.sonatype.org%2Fservice%2Flocal%2Fstaging%2Fdeploy%2Fmaven2&data=05%7C02%7Ctiml%40nvidia.com%7C5e0d0557577441c1496308dc45d023b3%7C43083d15727340c1b7db39efd9ccc17a%7C0%7C0%7C638462007478125085%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=Rlst6EEorq8QFEyvFrypYO5KOOw1Qrtr5hJigYlaxKg%3D&reserved=0]
> -DrepositoryId=ossrh \
> -DgrouId=com.nvidia -DartifactId=test -Dversion=0.1.0 -Dfile=test.jar
> ```
>
>
> SONATYPE_USR/PSW defined as env, utils/settings.xml as below
> ```
> http://maven.apache.org/SETTINGS/1.1.0
> http://maven.apache.org/xsd/settings-1.1.0.xsd|https://nam11.safelinks.protection.outlook.com/?url=http%3A%2F%2Fmaven.apache.org%2FSETTINGS%2F1.1.0%2520http%3A%2Fmaven.apache.org%2Fxsd%2Fsettings-1.1.0.xsd&data=05%7C02%7Ctiml%40nvidia.com%7C5e0d0557577441c1496308dc45d023b3%7C43083d15727340c1b7db39efd9ccc17a%7C0%7C0%7C638462007478130933%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=AwpWIvI2UECpcvWcFD16CHlYCEjRPYgyXuHW07LbQ7M%3D&reserved=0]
>
> xmlns=[http://maven.apache.org/SETTINGS/1.1.0|https://nam11.safelinks.protection.outlook.com/?url=http%3A%2F%2Fmaven.apache.org%2FSETTINGS%2F1.1.0&data=05%7C02%7Ctiml%40nvidia.com%7C5e0d0557577441c1496308dc45d023b3%7C43083d15727340c1b7db39efd9ccc17a%7C0%7C0%7C638462007478137093%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=5985h8YTeXELVjevO0BRSih2SMD8NQeAJnbiBmSEjMI%3D&reserved=0]
>
> xmlns:xsi=[http://www.w3.org/2001/XMLSchema-instance|https://nam11.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.w3.org%2F2001%2FXMLSchema-instance&data=05%7C02%7Ctiml%40nvidia.com%7C5e0d0557577441c1496308dc45d023b3%7C43083d15727340c1b7db39efd9ccc17a%7C0%7C0%7C638462007478142757%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=o0V%2Flpv4yqHaYZPv4etTINHsQIzU09ZQAV2vBDjvz%2BE%3D&reserved=0]>
>
>
> ossrh
> ${env.SONATYPE_USR}
> ${env.SONATYPE_PSW}
>
>
> ..
> ```
>
> Error Logs
>
> ```
> *20:03:52* + mvn -B -Dmaven.wagon.http.retryHandler.count=3
> -DretryFailedDeploymentCount=3 -s utils/settings.xml
> -Durl=[https://oss.sonatype.org/service/local/staging/deploy/maven2]
> -DrepositoryId=ossrh
> org.apache.maven.plugins:maven-gpg-plugin:3.2.1:sign-and-deploy-file
> -Dgpg.executable=nvsec_sign -DgroupId=com.nvidia -DartifactId=test
> -Dversion=0.1.0 -Dfile=test.jar *20:03:52* [INFO] Scanning for projects...
> *20:04:15 [INFO] Uploading to ossrh:
> [https://oss.sonatype.org/service/local/staging/deploy/maven2/com/nvidia/test/0.1.0/test-0.1.0.jar*]
>
> *20:04:15 [ERROR] Failed to execute goal
> org.apache.maven.plugins:maven-gpg-plugin:3.2.1:sign-and-deploy-file
> (default-cli) on project standalone-pom: Error deploying attached artifacts
> [com.nvidia:test:jar:0.1.0, com.nvidia:test:pom:0.1.0,
> com.nvidia:test:jar.asc:0.1.0, com.nvidia:test:pom.asc:0.1.0]: Failed to
> deploy artifacts: Could not transfer artifact com.nvidia:test:jar:0.1.0
> from/to ossrh
> ([https://oss.sonatype.org/service/local/staging/deploy/maven2):] Transfer
> failed for
> [https://oss.sonatype.org/service/local/staging/deploy/maven2/com/nvidia/test/0.1.0/test-0.1.0.jar]
> 401 Unauthorized -> [Help 1]*
>
>
>
Re: [PR] [MGPG-113] SignAndDeployFileMojo results in 401 [maven-gpg-plugin]
cstamas merged PR #82: URL: https://github.com/apache/maven-gpg-plugin/pull/82 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (MGPG-114) BC Allow key size greater than 5KB from file
[ https://issues.apache.org/jira/browse/MGPG-114?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17830139#comment-17830139 ] ASF GitHub Bot commented on MGPG-114: - slawekjaranowski commented on PR #83: URL: https://github.com/apache/maven-gpg-plugin/pull/83#issuecomment-2016575799 should we also check key size from environment? ... to be consistent > BC Allow key size greater than 5KB from file > > > Key: MGPG-114 > URL: https://issues.apache.org/jira/browse/MGPG-114 > Project: Maven GPG Plugin > Issue Type: Improvement >Reporter: Slawomir Jaranowski >Assignee: Tamas Cservenak >Priority: Major > Fix For: 3.2.2 > > > We check file size with key ... but we allow big key from environments > variable. > Even if large key are not recommended they are supported by standard gpg. > We have many keys with size 4096 - https://downloads.apache.org/maven/KEYS -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MGPG-114) BC Allow key size greater than 5KB from file
[ https://issues.apache.org/jira/browse/MGPG-114?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17830140#comment-17830140 ] ASF GitHub Bot commented on MGPG-114: - cstamas commented on PR #83: URL: https://github.com/apache/maven-gpg-plugin/pull/83#issuecomment-2016575963 IMHO 16KB is _insanely big_ key, even if you consider Base64 (+linefeeds) overhead... > BC Allow key size greater than 5KB from file > > > Key: MGPG-114 > URL: https://issues.apache.org/jira/browse/MGPG-114 > Project: Maven GPG Plugin > Issue Type: Improvement >Reporter: Slawomir Jaranowski >Assignee: Tamas Cservenak >Priority: Major > Fix For: 3.2.2 > > > We check file size with key ... but we allow big key from environments > variable. > Even if large key are not recommended they are supported by standard gpg. > We have many keys with size 4096 - https://downloads.apache.org/maven/KEYS -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: [PR] [MGPG-114] Allow max key size of 16KB [maven-gpg-plugin]
cstamas commented on PR #83: URL: https://github.com/apache/maven-gpg-plugin/pull/83#issuecomment-2016575963 IMHO 16KB is _insanely big_ key, even if you consider Base64 (+linefeeds) overhead... -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] [MGPG-114] Allow max key size of 16KB [maven-gpg-plugin]
slawekjaranowski commented on PR #83: URL: https://github.com/apache/maven-gpg-plugin/pull/83#issuecomment-2016575799 should we also check key size from environment? ... to be consistent -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Assigned] (MGPG-114) BC Allow key size greater than 5KB from file
[ https://issues.apache.org/jira/browse/MGPG-114?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Tamas Cservenak reassigned MGPG-114: Assignee: Tamas Cservenak > BC Allow key size greater than 5KB from file > > > Key: MGPG-114 > URL: https://issues.apache.org/jira/browse/MGPG-114 > Project: Maven GPG Plugin > Issue Type: Improvement >Reporter: Slawomir Jaranowski >Assignee: Tamas Cservenak >Priority: Major > Fix For: 3.2.2 > > > We check file size with key ... but we allow big key from environments > variable. > Even if large key are not recommended they are supported by standard gpg. > We have many keys with size 4096 - https://downloads.apache.org/maven/KEYS -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MGPG-114) BC Allow key size greater than 5KB from file
[ https://issues.apache.org/jira/browse/MGPG-114?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17830136#comment-17830136 ] ASF GitHub Bot commented on MGPG-114: - cstamas opened a new pull request, #83: URL: https://github.com/apache/maven-gpg-plugin/pull/83 This insanely huge key size is mentioned as some extreme example on page https://wiki.gnupg.org/LargeKeys --- https://issues.apache.org/jira/browse/MGPG-114 > BC Allow key size greater than 5KB from file > > > Key: MGPG-114 > URL: https://issues.apache.org/jira/browse/MGPG-114 > Project: Maven GPG Plugin > Issue Type: Improvement >Reporter: Slawomir Jaranowski >Priority: Major > Fix For: 3.2.2 > > > We check file size with key ... but we allow big key from environments > variable. > Even if large key are not recommended they are supported by standard gpg. > We have many keys with size 4096 - https://downloads.apache.org/maven/KEYS -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MGPG-113) Upgrading from 3.1.0 to 3.2.1 with no other changes causes "gpg:sign-and-deploy-file" failed: 401 Unauthorized
[
https://issues.apache.org/jira/browse/MGPG-113?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17830135#comment-17830135
]
ASF GitHub Bot commented on MGPG-113:
-
cstamas commented on code in PR #82:
URL: https://github.com/apache/maven-gpg-plugin/pull/82#discussion_r1536676449
##
src/main/java/org/apache/maven/plugins/gpg/SignAndDeployFileMojo.java:
##
@@ -149,7 +143,10 @@ public class SignAndDeployFileMojo extends AbstractGpgMojo
{
/**
* The type of remote repository layout to deploy to. Try legacy
for a Maven 1.x-style repository layout.
+ *
+ * @deprecated Maven3 does not support "legacy" (Maven1) layout anymore.
This parameter is unused.
*/
+@Deprecated
Review Comment:
Removed
> Upgrading from 3.1.0 to 3.2.1 with no other changes causes
> "gpg:sign-and-deploy-file" failed: 401 Unauthorized
> --
>
> Key: MGPG-113
> URL: https://issues.apache.org/jira/browse/MGPG-113
> Project: Maven GPG Plugin
> Issue Type: Bug
>Affects Versions: 3.2.1
> Environment: ubuntu-22.04 (Ubuntu 22.04 LTS) image
>Reporter: Tim Tim
>Assignee: Tamas Cservenak
>Priority: Major
> Fix For: 3.2.2
>
>
> After upgrading to Maven GPG plugin from 3.1.0 to 3.2.0/3.2.1, the deploy
> command "{*}gpg:sign-and-deploy-file{*} " failed with the message "Failed to
> execute goal
> org.apache.maven.plugins:maven-gpg-plugin:{*}3.2.1:{*}sign-and-deploy-file :
> 401 Unauthorized"
>
> NOTE: *3.1.0* and below version of *gpg:sign-and-deploy-file* works well for
> below CLI
>
> Deploy CLI with plugin *gpg:sign-and-deploy-file*
> ```
> mvn -B -Dmaven.wagon.http.retryHandler.count=3 -DretryFailedDeploymentCount=3
> \
> -s utils/settings.xml gpg:sign-and-deploy-file -Dgpg.passphrase=xxx \
> -Durl=[*https://oss.sonatype.org/service/local/staging/deploy/maven2*|https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Foss.sonatype.org%2Fservice%2Flocal%2Fstaging%2Fdeploy%2Fmaven2&data=05%7C02%7Ctiml%40nvidia.com%7C5e0d0557577441c1496308dc45d023b3%7C43083d15727340c1b7db39efd9ccc17a%7C0%7C0%7C638462007478125085%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=Rlst6EEorq8QFEyvFrypYO5KOOw1Qrtr5hJigYlaxKg%3D&reserved=0]
> -DrepositoryId=ossrh \
> -DgrouId=com.nvidia -DartifactId=test -Dversion=0.1.0 -Dfile=test.jar
> ```
>
>
> SONATYPE_USR/PSW defined as env, utils/settings.xml as below
> ```
> http://maven.apache.org/SETTINGS/1.1.0
> http://maven.apache.org/xsd/settings-1.1.0.xsd|https://nam11.safelinks.protection.outlook.com/?url=http%3A%2F%2Fmaven.apache.org%2FSETTINGS%2F1.1.0%2520http%3A%2Fmaven.apache.org%2Fxsd%2Fsettings-1.1.0.xsd&data=05%7C02%7Ctiml%40nvidia.com%7C5e0d0557577441c1496308dc45d023b3%7C43083d15727340c1b7db39efd9ccc17a%7C0%7C0%7C638462007478130933%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=AwpWIvI2UECpcvWcFD16CHlYCEjRPYgyXuHW07LbQ7M%3D&reserved=0]
>
> xmlns=[http://maven.apache.org/SETTINGS/1.1.0|https://nam11.safelinks.protection.outlook.com/?url=http%3A%2F%2Fmaven.apache.org%2FSETTINGS%2F1.1.0&data=05%7C02%7Ctiml%40nvidia.com%7C5e0d0557577441c1496308dc45d023b3%7C43083d15727340c1b7db39efd9ccc17a%7C0%7C0%7C638462007478137093%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=5985h8YTeXELVjevO0BRSih2SMD8NQeAJnbiBmSEjMI%3D&reserved=0]
>
> xmlns:xsi=[http://www.w3.org/2001/XMLSchema-instance|https://nam11.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.w3.org%2F2001%2FXMLSchema-instance&data=05%7C02%7Ctiml%40nvidia.com%7C5e0d0557577441c1496308dc45d023b3%7C43083d15727340c1b7db39efd9ccc17a%7C0%7C0%7C638462007478142757%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=o0V%2Flpv4yqHaYZPv4etTINHsQIzU09ZQAV2vBDjvz%2BE%3D&reserved=0]>
>
>
> ossrh
> ${env.SONATYPE_USR}
> ${env.SONATYPE_PSW}
>
>
> ..
> ```
>
> Error Logs
>
> ```
> *20:03:52* + mvn -B -Dmaven.wagon.http.retryHandler.count=3
> -DretryFailedDeploymentCount=3 -s utils/settings.xml
> -Durl=[https://oss.sonatype.org/service/local/staging/deploy/maven2]
> -DrepositoryId=ossrh
> org.apache.maven.plugins:maven-gpg-plugin:3.2.1:sign-and-deploy-file
> -Dgpg.executable=nvsec_sign -DgroupId=com.nvidia -DartifactId=test
> -Dversion=0.1.0 -Dfile=test.jar *20:03:52* [INFO] Scanning for projects...
> *20:04:15 [INFO] Uploading to ossrh:
> [https://oss.sonatype.org/service/local/staging/deploy/maven2/com/nvidia/test/0.1.0/test-0.1.0.jar*]
>
> *20:04:15 [ERROR] Failed to exe
Re: [PR] [MGPG-113] SignAndDeployFileMojo results in 401 [maven-gpg-plugin]
cstamas commented on code in PR #82:
URL: https://github.com/apache/maven-gpg-plugin/pull/82#discussion_r1536676449
##
src/main/java/org/apache/maven/plugins/gpg/SignAndDeployFileMojo.java:
##
@@ -149,7 +143,10 @@ public class SignAndDeployFileMojo extends AbstractGpgMojo
{
/**
* The type of remote repository layout to deploy to. Try legacy
for a Maven 1.x-style repository layout.
+ *
+ * @deprecated Maven3 does not support "legacy" (Maven1) layout anymore.
This parameter is unused.
*/
+@Deprecated
Review Comment:
Removed
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[jira] [Updated] (MGPG-114) BC Allow key size greater than 5KB from file
[ https://issues.apache.org/jira/browse/MGPG-114?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Tamas Cservenak updated MGPG-114: - Fix Version/s: 3.2.2 > BC Allow key size greater than 5KB from file > > > Key: MGPG-114 > URL: https://issues.apache.org/jira/browse/MGPG-114 > Project: Maven GPG Plugin > Issue Type: Improvement >Reporter: Slawomir Jaranowski >Priority: Major > Fix For: 3.2.2 > > > We check file size with key ... but we allow big key from environments > variable. > Even if large key are not recommended they are supported by standard gpg. > We have many keys with size 4096 - https://downloads.apache.org/maven/KEYS -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MGPG-113) Upgrading from 3.1.0 to 3.2.1 with no other changes causes "gpg:sign-and-deploy-file" failed: 401 Unauthorized
[
https://issues.apache.org/jira/browse/MGPG-113?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17830133#comment-17830133
]
ASF GitHub Bot commented on MGPG-113:
-
slawekjaranowski commented on code in PR #82:
URL: https://github.com/apache/maven-gpg-plugin/pull/82#discussion_r1536676045
##
src/main/java/org/apache/maven/plugins/gpg/SignAndDeployFileMojo.java:
##
@@ -149,7 +143,10 @@ public class SignAndDeployFileMojo extends AbstractGpgMojo
{
/**
* The type of remote repository layout to deploy to. Try legacy
for a Maven 1.x-style repository layout.
+ *
+ * @deprecated Maven3 does not support "legacy" (Maven1) layout anymore.
This parameter is unused.
*/
+@Deprecated
Review Comment:
I would like to remove such parameters.
With deprecated - we will have warning about it - the similar will be than
we remove it and someone will use it - warning will be emitted
> Upgrading from 3.1.0 to 3.2.1 with no other changes causes
> "gpg:sign-and-deploy-file" failed: 401 Unauthorized
> --
>
> Key: MGPG-113
> URL: https://issues.apache.org/jira/browse/MGPG-113
> Project: Maven GPG Plugin
> Issue Type: Bug
>Affects Versions: 3.2.1
> Environment: ubuntu-22.04 (Ubuntu 22.04 LTS) image
>Reporter: Tim Tim
>Assignee: Tamas Cservenak
>Priority: Major
> Fix For: 3.2.2
>
>
> After upgrading to Maven GPG plugin from 3.1.0 to 3.2.0/3.2.1, the deploy
> command "{*}gpg:sign-and-deploy-file{*} " failed with the message "Failed to
> execute goal
> org.apache.maven.plugins:maven-gpg-plugin:{*}3.2.1:{*}sign-and-deploy-file :
> 401 Unauthorized"
>
> NOTE: *3.1.0* and below version of *gpg:sign-and-deploy-file* works well for
> below CLI
>
> Deploy CLI with plugin *gpg:sign-and-deploy-file*
> ```
> mvn -B -Dmaven.wagon.http.retryHandler.count=3 -DretryFailedDeploymentCount=3
> \
> -s utils/settings.xml gpg:sign-and-deploy-file -Dgpg.passphrase=xxx \
> -Durl=[*https://oss.sonatype.org/service/local/staging/deploy/maven2*|https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Foss.sonatype.org%2Fservice%2Flocal%2Fstaging%2Fdeploy%2Fmaven2&data=05%7C02%7Ctiml%40nvidia.com%7C5e0d0557577441c1496308dc45d023b3%7C43083d15727340c1b7db39efd9ccc17a%7C0%7C0%7C638462007478125085%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=Rlst6EEorq8QFEyvFrypYO5KOOw1Qrtr5hJigYlaxKg%3D&reserved=0]
> -DrepositoryId=ossrh \
> -DgrouId=com.nvidia -DartifactId=test -Dversion=0.1.0 -Dfile=test.jar
> ```
>
>
> SONATYPE_USR/PSW defined as env, utils/settings.xml as below
> ```
> http://maven.apache.org/SETTINGS/1.1.0
> http://maven.apache.org/xsd/settings-1.1.0.xsd|https://nam11.safelinks.protection.outlook.com/?url=http%3A%2F%2Fmaven.apache.org%2FSETTINGS%2F1.1.0%2520http%3A%2Fmaven.apache.org%2Fxsd%2Fsettings-1.1.0.xsd&data=05%7C02%7Ctiml%40nvidia.com%7C5e0d0557577441c1496308dc45d023b3%7C43083d15727340c1b7db39efd9ccc17a%7C0%7C0%7C638462007478130933%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=AwpWIvI2UECpcvWcFD16CHlYCEjRPYgyXuHW07LbQ7M%3D&reserved=0]
>
> xmlns=[http://maven.apache.org/SETTINGS/1.1.0|https://nam11.safelinks.protection.outlook.com/?url=http%3A%2F%2Fmaven.apache.org%2FSETTINGS%2F1.1.0&data=05%7C02%7Ctiml%40nvidia.com%7C5e0d0557577441c1496308dc45d023b3%7C43083d15727340c1b7db39efd9ccc17a%7C0%7C0%7C638462007478137093%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=5985h8YTeXELVjevO0BRSih2SMD8NQeAJnbiBmSEjMI%3D&reserved=0]
>
> xmlns:xsi=[http://www.w3.org/2001/XMLSchema-instance|https://nam11.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.w3.org%2F2001%2FXMLSchema-instance&data=05%7C02%7Ctiml%40nvidia.com%7C5e0d0557577441c1496308dc45d023b3%7C43083d15727340c1b7db39efd9ccc17a%7C0%7C0%7C638462007478142757%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=o0V%2Flpv4yqHaYZPv4etTINHsQIzU09ZQAV2vBDjvz%2BE%3D&reserved=0]>
>
>
> ossrh
> ${env.SONATYPE_USR}
> ${env.SONATYPE_PSW}
>
>
> ..
> ```
>
> Error Logs
>
> ```
> *20:03:52* + mvn -B -Dmaven.wagon.http.retryHandler.count=3
> -DretryFailedDeploymentCount=3 -s utils/settings.xml
> -Durl=[https://oss.sonatype.org/service/local/staging/deploy/maven2]
> -DrepositoryId=ossrh
> org.apache.maven.plugins:maven-gpg-plugin:3.2.1:sign-and-deploy-file
> -Dgpg.executable=nvsec_sign -DgroupId=com.nvidia -DartifactId=test
> -Dversion=0.1.0 -Dfile=test.jar *20:03:52* [INFO] Scanning for projects
Re: [PR] [MGPG-113] SignAndDeployFileMojo results in 401 [maven-gpg-plugin]
slawekjaranowski commented on code in PR #82:
URL: https://github.com/apache/maven-gpg-plugin/pull/82#discussion_r1536676045
##
src/main/java/org/apache/maven/plugins/gpg/SignAndDeployFileMojo.java:
##
@@ -149,7 +143,10 @@ public class SignAndDeployFileMojo extends AbstractGpgMojo
{
/**
* The type of remote repository layout to deploy to. Try legacy
for a Maven 1.x-style repository layout.
+ *
+ * @deprecated Maven3 does not support "legacy" (Maven1) layout anymore.
This parameter is unused.
*/
+@Deprecated
Review Comment:
I would like to remove such parameters.
With deprecated - we will have warning about it - the similar will be than
we remove it and someone will use it - warning will be emitted
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[jira] [Created] (MGPG-114) BC Allow key size greater than 5KB from file
Slawomir Jaranowski created MGPG-114: Summary: BC Allow key size greater than 5KB from file Key: MGPG-114 URL: https://issues.apache.org/jira/browse/MGPG-114 Project: Maven GPG Plugin Issue Type: Improvement Reporter: Slawomir Jaranowski We check file size with key ... but we allow big key from environments variable. Even if large key are not recommended they are supported by standard gpg. We have many keys with size 4096 - https://downloads.apache.org/maven/KEYS -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MRESOLVER-512) Scope Manager
[ https://issues.apache.org/jira/browse/MRESOLVER-512?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17830123#comment-17830123 ] ASF GitHub Bot commented on MRESOLVER-512: -- cstamas commented on PR #1442: URL: https://github.com/apache/maven/pull/1442#issuecomment-2016563498 Added both scope manager config to maven4. IMO, when mvn4 builds mvn3 project (model Ver 4.0.0), it should use mvn3 scope manager, but when uses newer model, it should use mvn4 scope manager. > Scope Manager > - > > Key: MRESOLVER-512 > URL: https://issues.apache.org/jira/browse/MRESOLVER-512 > Project: Maven Resolver > Issue Type: New Feature > Components: Resolver >Reporter: Tamas Cservenak >Assignee: Tamas Cservenak >Priority: Major > Fix For: 2.0.0, 2.0.0-alpha-9 > > > In Resolver 1.x times, resolver was unaware of "resolution scope", to get the > wanted resolution scope caller had to tweak and set up various nits and bits, > like selectors, filters, and so on. It was easy to miss. Similarly, resolver > had no "first class" type for "dependency scope" either, they were just > string labels (that everyone knew HOW should behave, but was never codified) > and its meaning and notion was sprinkled across several classes. Introducing > new scope in these conditions (or alter selector to something that would have > new scopes, like Maven4 plans) was nearly impossible. > The ScopeManager aims to solve these issues: it defines "resolution scope" > and "dependency scope", interprets them, and allows caller to simply make a > call to "resolve me main-runtime" resolution scope. No hoops and loops. > Moreover, it is FASTER than Resolver 1.x was, that used always same selector > (to build dirty graph), so potentially huge graph even if you needed just a > bit of it, that was later chopped down to clean up the graph. ScopeManager > automates selector selection/setup, and goes directly for result, in most > cases the resulting tree is done in first pass. > Finally, and most importantly, ScopeManager allows to be "configured": by > supplying the recipe for dependency and resolution scopes, hence, makes > Resolver 2.x versatile, in a sense, it is not "this or that" anymore, it can > obey Maven3 and Maven4 dependency scopes at the same time. -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: [PR] [EXPERIMENT] Using Resolver with MRESOLVER-512 [maven]
cstamas commented on PR #1442: URL: https://github.com/apache/maven/pull/1442#issuecomment-2016563498 Added both scope manager config to maven4. IMO, when mvn4 builds mvn3 project (model Ver 4.0.0), it should use mvn3 scope manager, but when uses newer model, it should use mvn4 scope manager. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (MRESOLVER-512) Scope Manager
[ https://issues.apache.org/jira/browse/MRESOLVER-512?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17830117#comment-17830117 ] ASF GitHub Bot commented on MRESOLVER-512: -- cstamas commented on PR #445: URL: https://github.com/apache/maven-resolver/pull/445#issuecomment-2016560058 @gnodet applied changes, IMHO it looks even better now :smile: > Scope Manager > - > > Key: MRESOLVER-512 > URL: https://issues.apache.org/jira/browse/MRESOLVER-512 > Project: Maven Resolver > Issue Type: New Feature > Components: Resolver >Reporter: Tamas Cservenak >Assignee: Tamas Cservenak >Priority: Major > Fix For: 2.0.0, 2.0.0-alpha-9 > > > In Resolver 1.x times, resolver was unaware of "resolution scope", to get the > wanted resolution scope caller had to tweak and set up various nits and bits, > like selectors, filters, and so on. It was easy to miss. Similarly, resolver > had no "first class" type for "dependency scope" either, they were just > string labels (that everyone knew HOW should behave, but was never codified) > and its meaning and notion was sprinkled across several classes. Introducing > new scope in these conditions (or alter selector to something that would have > new scopes, like Maven4 plans) was nearly impossible. > The ScopeManager aims to solve these issues: it defines "resolution scope" > and "dependency scope", interprets them, and allows caller to simply make a > call to "resolve me main-runtime" resolution scope. No hoops and loops. > Moreover, it is FASTER than Resolver 1.x was, that used always same selector > (to build dirty graph), so potentially huge graph even if you needed just a > bit of it, that was later chopped down to clean up the graph. ScopeManager > automates selector selection/setup, and goes directly for result, in most > cases the resulting tree is done in first pass. > Finally, and most importantly, ScopeManager allows to be "configured": by > supplying the recipe for dependency and resolution scopes, hence, makes > Resolver 2.x versatile, in a sense, it is not "this or that" anymore, it can > obey Maven3 and Maven4 dependency scopes at the same time. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MPLUGIN-510) update plugin system requirements history structure
[ https://issues.apache.org/jira/browse/MPLUGIN-510?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17830118#comment-17830118 ] ASF GitHub Bot commented on MPLUGIN-510: hboutemy opened a new pull request, #274: URL: https://github.com/apache/maven-plugin-tools/pull/274 instead of listing a long list of plugin releases, each on their own row, even if they share same system requirements, they are now grouped in a single row marked "from x to y" > update plugin system requirements history structure > --- > > Key: MPLUGIN-510 > URL: https://issues.apache.org/jira/browse/MPLUGIN-510 > Project: Maven Plugin Tools > Issue Type: Improvement > Components: Plugin Reporting Plugin >Affects Versions: 3.11.0 >Reporter: Herve Boutemy >Priority: Major > Fix For: 3.12.0 > > > in MPLUGIN-400, we added the feature with a list of versions of the plugin, > associated to Maven and JDK prerequisite > https://maven.apache.org/plugin-tools-archives/plugin-tools-3.7.0/maven-plugin-report-plugin/report-mojo.html#requirementshistories > => started to use for example: > [https://maven.apache.org/plugins-archives/maven-assembly-plugin-3.6.0/plugin-info.html] > this lead to questions: should we fill each and every past version? Or should > we group by common prerequisites, showing only ranges? > Tested the range approach: > [https://maven.apache.org/plugins-archives/maven-assembly-plugin-LATEST/plugin-info.html] > the range approach looks good: minimum lines (vs listing every version), > clear choice for users (choose the latest in the range, or pick any > intermediate one) > now, we need to rework the m-p-p configuration to replace "version" with > "from" + "to", instead of hijacking the "version" field to store a String > "from x to y" -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MRESOLVER-512) Scope Manager
[ https://issues.apache.org/jira/browse/MRESOLVER-512?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17830119#comment-17830119 ] ASF GitHub Bot commented on MRESOLVER-512: -- cstamas commented on PR #1442: URL: https://github.com/apache/maven/pull/1442#issuecomment-2016560169 @gnodet ported over changes happened in https://github.com/apache/maven-resolver/pull/445 : removal of system scope handler. > Scope Manager > - > > Key: MRESOLVER-512 > URL: https://issues.apache.org/jira/browse/MRESOLVER-512 > Project: Maven Resolver > Issue Type: New Feature > Components: Resolver >Reporter: Tamas Cservenak >Assignee: Tamas Cservenak >Priority: Major > Fix For: 2.0.0, 2.0.0-alpha-9 > > > In Resolver 1.x times, resolver was unaware of "resolution scope", to get the > wanted resolution scope caller had to tweak and set up various nits and bits, > like selectors, filters, and so on. It was easy to miss. Similarly, resolver > had no "first class" type for "dependency scope" either, they were just > string labels (that everyone knew HOW should behave, but was never codified) > and its meaning and notion was sprinkled across several classes. Introducing > new scope in these conditions (or alter selector to something that would have > new scopes, like Maven4 plans) was nearly impossible. > The ScopeManager aims to solve these issues: it defines "resolution scope" > and "dependency scope", interprets them, and allows caller to simply make a > call to "resolve me main-runtime" resolution scope. No hoops and loops. > Moreover, it is FASTER than Resolver 1.x was, that used always same selector > (to build dirty graph), so potentially huge graph even if you needed just a > bit of it, that was later chopped down to clean up the graph. ScopeManager > automates selector selection/setup, and goes directly for result, in most > cases the resulting tree is done in first pass. > Finally, and most importantly, ScopeManager allows to be "configured": by > supplying the recipe for dependency and resolution scopes, hence, makes > Resolver 2.x versatile, in a sense, it is not "this or that" anymore, it can > obey Maven3 and Maven4 dependency scopes at the same time. -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: [PR] [EXPERIMENT] Using Resolver with MRESOLVER-512 [maven]
cstamas commented on PR #1442: URL: https://github.com/apache/maven/pull/1442#issuecomment-2016560169 @gnodet ported over changes happened in https://github.com/apache/maven-resolver/pull/445 : removal of system scope handler. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[PR] [MPLUGIN-510] group history per common requirements [maven-plugin-tools]
hboutemy opened a new pull request, #274: URL: https://github.com/apache/maven-plugin-tools/pull/274 instead of listing a long list of plugin releases, each on their own row, even if they share same system requirements, they are now grouped in a single row marked "from x to y" -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] [MRESOLVER-512] ScopeManager [maven-resolver]
cstamas commented on PR #445: URL: https://github.com/apache/maven-resolver/pull/445#issuecomment-2016560058 @gnodet applied changes, IMHO it looks even better now :smile: -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (MGPG-113) Upgrading from 3.1.0 to 3.2.1 with no other changes causes "gpg:sign-and-deploy-file" failed: 401 Unauthorized
[
https://issues.apache.org/jira/browse/MGPG-113?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17830089#comment-17830089
]
ASF GitHub Bot commented on MGPG-113:
-
cstamas opened a new pull request, #82:
URL: https://github.com/apache/maven-gpg-plugin/pull/82
The RemoteRepository was "bare", it has to be equipped with
AuthenticationSelector to be able to perform authenticated deploys.
Also, a bit of tidy up, layout is deprecated in Maven3 and is unused.
---
https://issues.apache.org/jira/browse/MGPG-113
> Upgrading from 3.1.0 to 3.2.1 with no other changes causes
> "gpg:sign-and-deploy-file" failed: 401 Unauthorized
> --
>
> Key: MGPG-113
> URL: https://issues.apache.org/jira/browse/MGPG-113
> Project: Maven GPG Plugin
> Issue Type: Bug
>Affects Versions: 3.2.1
> Environment: ubuntu-22.04 (Ubuntu 22.04 LTS) image
>Reporter: Tim Tim
>Assignee: Tamas Cservenak
>Priority: Major
> Fix For: 3.2.2
>
>
> After upgrading to Maven GPG plugin from 3.1.0 to 3.2.0/3.2.1, the deploy
> command "{*}gpg:sign-and-deploy-file{*} " failed with the message "Failed to
> execute goal
> org.apache.maven.plugins:maven-gpg-plugin:{*}3.2.1:{*}sign-and-deploy-file :
> 401 Unauthorized"
>
> NOTE: *3.1.0* and below version of *gpg:sign-and-deploy-file* works well for
> below CLI
>
> Deploy CLI with plugin *gpg:sign-and-deploy-file*
> ```
> mvn -B -Dmaven.wagon.http.retryHandler.count=3 -DretryFailedDeploymentCount=3
> \
> -s utils/settings.xml gpg:sign-and-deploy-file -Dgpg.passphrase=xxx \
> -Durl=[*https://oss.sonatype.org/service/local/staging/deploy/maven2*|https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Foss.sonatype.org%2Fservice%2Flocal%2Fstaging%2Fdeploy%2Fmaven2&data=05%7C02%7Ctiml%40nvidia.com%7C5e0d0557577441c1496308dc45d023b3%7C43083d15727340c1b7db39efd9ccc17a%7C0%7C0%7C638462007478125085%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=Rlst6EEorq8QFEyvFrypYO5KOOw1Qrtr5hJigYlaxKg%3D&reserved=0]
> -DrepositoryId=ossrh \
> -DgrouId=com.nvidia -DartifactId=test -Dversion=0.1.0 -Dfile=test.jar
> ```
>
>
> SONATYPE_USR/PSW defined as env, utils/settings.xml as below
> ```
> http://maven.apache.org/SETTINGS/1.1.0
> http://maven.apache.org/xsd/settings-1.1.0.xsd|https://nam11.safelinks.protection.outlook.com/?url=http%3A%2F%2Fmaven.apache.org%2FSETTINGS%2F1.1.0%2520http%3A%2Fmaven.apache.org%2Fxsd%2Fsettings-1.1.0.xsd&data=05%7C02%7Ctiml%40nvidia.com%7C5e0d0557577441c1496308dc45d023b3%7C43083d15727340c1b7db39efd9ccc17a%7C0%7C0%7C638462007478130933%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=AwpWIvI2UECpcvWcFD16CHlYCEjRPYgyXuHW07LbQ7M%3D&reserved=0]
>
> xmlns=[http://maven.apache.org/SETTINGS/1.1.0|https://nam11.safelinks.protection.outlook.com/?url=http%3A%2F%2Fmaven.apache.org%2FSETTINGS%2F1.1.0&data=05%7C02%7Ctiml%40nvidia.com%7C5e0d0557577441c1496308dc45d023b3%7C43083d15727340c1b7db39efd9ccc17a%7C0%7C0%7C638462007478137093%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=5985h8YTeXELVjevO0BRSih2SMD8NQeAJnbiBmSEjMI%3D&reserved=0]
>
> xmlns:xsi=[http://www.w3.org/2001/XMLSchema-instance|https://nam11.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.w3.org%2F2001%2FXMLSchema-instance&data=05%7C02%7Ctiml%40nvidia.com%7C5e0d0557577441c1496308dc45d023b3%7C43083d15727340c1b7db39efd9ccc17a%7C0%7C0%7C638462007478142757%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=o0V%2Flpv4yqHaYZPv4etTINHsQIzU09ZQAV2vBDjvz%2BE%3D&reserved=0]>
>
>
> ossrh
> ${env.SONATYPE_USR}
> ${env.SONATYPE_PSW}
>
>
> ..
> ```
>
> Error Logs
>
> ```
> *20:03:52* + mvn -B -Dmaven.wagon.http.retryHandler.count=3
> -DretryFailedDeploymentCount=3 -s utils/settings.xml
> -Durl=[https://oss.sonatype.org/service/local/staging/deploy/maven2]
> -DrepositoryId=ossrh
> org.apache.maven.plugins:maven-gpg-plugin:3.2.1:sign-and-deploy-file
> -Dgpg.executable=nvsec_sign -DgroupId=com.nvidia -DartifactId=test
> -Dversion=0.1.0 -Dfile=test.jar *20:03:52* [INFO] Scanning for projects...
> *20:04:15 [INFO] Uploading to ossrh:
> [https://oss.sonatype.org/service/local/staging/deploy/maven2/com/nvidia/test/0.1.0/test-0.1.0.jar*]
>
> *20:04:15 [ERROR] Failed to execute goal
> org.apache.maven.plugins:maven-gpg-plugin:3.2.1:sign-and-deploy-file
> (default-cli) on project standalone-pom: Error deploying attached artifacts
> [com.nvidia:test:jar:0.1.0, com.nvidia:test:pom:0.
[PR] [MGPG-113] SignAndDeployFileMojo results in 401 [maven-gpg-plugin]
cstamas opened a new pull request, #82: URL: https://github.com/apache/maven-gpg-plugin/pull/82 The RemoteRepository was "bare", it has to be equipped with AuthenticationSelector to be able to perform authenticated deploys. Also, a bit of tidy up, layout is deprecated in Maven3 and is unused. --- https://issues.apache.org/jira/browse/MGPG-113 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Assigned] (MGPG-113) Upgrading from 3.1.0 to 3.2.1 with no other changes causes "gpg:sign-and-deploy-file" failed: 401 Unauthorized
[
https://issues.apache.org/jira/browse/MGPG-113?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Tamas Cservenak reassigned MGPG-113:
Assignee: Tamas Cservenak
> Upgrading from 3.1.0 to 3.2.1 with no other changes causes
> "gpg:sign-and-deploy-file" failed: 401 Unauthorized
> --
>
> Key: MGPG-113
> URL: https://issues.apache.org/jira/browse/MGPG-113
> Project: Maven GPG Plugin
> Issue Type: Bug
>Affects Versions: 3.2.1
> Environment: ubuntu-22.04 (Ubuntu 22.04 LTS) image
>Reporter: Tim Tim
>Assignee: Tamas Cservenak
>Priority: Major
> Fix For: 3.2.2
>
>
> After upgrading to Maven GPG plugin from 3.1.0 to 3.2.0/3.2.1, the deploy
> command "{*}gpg:sign-and-deploy-file{*} " failed with the message "Failed to
> execute goal
> org.apache.maven.plugins:maven-gpg-plugin:{*}3.2.1:{*}sign-and-deploy-file :
> 401 Unauthorized"
>
> NOTE: *3.1.0* and below version of *gpg:sign-and-deploy-file* works well for
> below CLI
>
> Deploy CLI with plugin *gpg:sign-and-deploy-file*
> ```
> mvn -B -Dmaven.wagon.http.retryHandler.count=3 -DretryFailedDeploymentCount=3
> \
> -s utils/settings.xml gpg:sign-and-deploy-file -Dgpg.passphrase=xxx \
> -Durl=[*https://oss.sonatype.org/service/local/staging/deploy/maven2*|https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Foss.sonatype.org%2Fservice%2Flocal%2Fstaging%2Fdeploy%2Fmaven2&data=05%7C02%7Ctiml%40nvidia.com%7C5e0d0557577441c1496308dc45d023b3%7C43083d15727340c1b7db39efd9ccc17a%7C0%7C0%7C638462007478125085%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=Rlst6EEorq8QFEyvFrypYO5KOOw1Qrtr5hJigYlaxKg%3D&reserved=0]
> -DrepositoryId=ossrh \
> -DgrouId=com.nvidia -DartifactId=test -Dversion=0.1.0 -Dfile=test.jar
> ```
>
>
> SONATYPE_USR/PSW defined as env, utils/settings.xml as below
> ```
> http://maven.apache.org/SETTINGS/1.1.0
> http://maven.apache.org/xsd/settings-1.1.0.xsd|https://nam11.safelinks.protection.outlook.com/?url=http%3A%2F%2Fmaven.apache.org%2FSETTINGS%2F1.1.0%2520http%3A%2Fmaven.apache.org%2Fxsd%2Fsettings-1.1.0.xsd&data=05%7C02%7Ctiml%40nvidia.com%7C5e0d0557577441c1496308dc45d023b3%7C43083d15727340c1b7db39efd9ccc17a%7C0%7C0%7C638462007478130933%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=AwpWIvI2UECpcvWcFD16CHlYCEjRPYgyXuHW07LbQ7M%3D&reserved=0]
>
> xmlns=[http://maven.apache.org/SETTINGS/1.1.0|https://nam11.safelinks.protection.outlook.com/?url=http%3A%2F%2Fmaven.apache.org%2FSETTINGS%2F1.1.0&data=05%7C02%7Ctiml%40nvidia.com%7C5e0d0557577441c1496308dc45d023b3%7C43083d15727340c1b7db39efd9ccc17a%7C0%7C0%7C638462007478137093%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=5985h8YTeXELVjevO0BRSih2SMD8NQeAJnbiBmSEjMI%3D&reserved=0]
>
> xmlns:xsi=[http://www.w3.org/2001/XMLSchema-instance|https://nam11.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.w3.org%2F2001%2FXMLSchema-instance&data=05%7C02%7Ctiml%40nvidia.com%7C5e0d0557577441c1496308dc45d023b3%7C43083d15727340c1b7db39efd9ccc17a%7C0%7C0%7C638462007478142757%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=o0V%2Flpv4yqHaYZPv4etTINHsQIzU09ZQAV2vBDjvz%2BE%3D&reserved=0]>
>
>
> ossrh
> ${env.SONATYPE_USR}
> ${env.SONATYPE_PSW}
>
>
> ..
> ```
>
> Error Logs
>
> ```
> *20:03:52* + mvn -B -Dmaven.wagon.http.retryHandler.count=3
> -DretryFailedDeploymentCount=3 -s utils/settings.xml
> -Durl=[https://oss.sonatype.org/service/local/staging/deploy/maven2]
> -DrepositoryId=ossrh
> org.apache.maven.plugins:maven-gpg-plugin:3.2.1:sign-and-deploy-file
> -Dgpg.executable=nvsec_sign -DgroupId=com.nvidia -DartifactId=test
> -Dversion=0.1.0 -Dfile=test.jar *20:03:52* [INFO] Scanning for projects...
> *20:04:15 [INFO] Uploading to ossrh:
> [https://oss.sonatype.org/service/local/staging/deploy/maven2/com/nvidia/test/0.1.0/test-0.1.0.jar*]
>
> *20:04:15 [ERROR] Failed to execute goal
> org.apache.maven.plugins:maven-gpg-plugin:3.2.1:sign-and-deploy-file
> (default-cli) on project standalone-pom: Error deploying attached artifacts
> [com.nvidia:test:jar:0.1.0, com.nvidia:test:pom:0.1.0,
> com.nvidia:test:jar.asc:0.1.0, com.nvidia:test:pom.asc:0.1.0]: Failed to
> deploy artifacts: Could not transfer artifact com.nvidia:test:jar:0.1.0
> from/to ossrh
> ([https://oss.sonatype.org/service/local/staging/deploy/maven2):] Transfer
> failed for
> [https://oss.sonatype.org/service/local/staging/deploy/maven2/com/nvidia/test/0.1.0/test-0.1.0.jar]
> 401 Unauthorized -> [H
[jira] [Commented] (MJAR-62) Build-Jdk in Manifest.mf does not reflect which compiler version actually compiled the classes in the jar
[
https://issues.apache.org/jira/browse/MJAR-62?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17830085#comment-17830085
]
ASF GitHub Bot commented on MJAR-62:
slawekjaranowski commented on code in PR #73:
URL: https://github.com/apache/maven-jar-plugin/pull/73#discussion_r1536641995
##
src/main/java/org/apache/maven/plugins/jar/ToolchainsJdkSpecification.java:
##
@@ -0,0 +1,99 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.maven.plugins.jar;
+
+import javax.inject.Named;
+import javax.inject.Singleton;
+
+import java.io.IOException;
+import java.io.UncheckedIOException;
+import java.nio.file.Path;
+import java.nio.file.Paths;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Optional;
+
+import org.apache.maven.toolchain.Toolchain;
+import org.codehaus.plexus.util.cli.CommandLineException;
+import org.codehaus.plexus.util.cli.CommandLineUtils;
+import org.codehaus.plexus.util.cli.Commandline;
+
+/**
+ * Component provided JDK specification based on toolchains.
+ */
+@Named
+@Singleton
+class ToolchainsJdkSpecification {
+
+private static class UncheckedCommandLineException extends
RuntimeException {
+UncheckedCommandLineException(CommandLineException e) {
+super(e);
+}
+}
+
+private final Map cache = new HashMap<>();
+
+public synchronized Optional getJDKSpecification(Toolchain
toolchain) {
+Optional javacPath = getJavacPath(toolchain);
+return javacPath.map(path -> cache.computeIfAbsent(path,
this::getSpecForPath));
+}
+
+private Optional getJavacPath(Toolchain toolchain) {
+return
Optional.ofNullable(toolchain.findTool("javac")).map(Paths::get).map(this::getCanonicalPath);
+}
+
+private Path getCanonicalPath(Path path) {
+try {
+return path.toRealPath();
+} catch (IOException e) {
+if (path.getParent() != null) {
+return
getCanonicalPath(path.getParent()).resolve(path.getFileName());
+} else {
+throw new UncheckedIOException(e);
+}
+}
+}
+
+private String getSpecForPath(Path path) {
+try {
+Commandline cl = new Commandline(path.toString());
+cl.createArg().setValue("-version");
+CommandLineUtils.StringStreamConsumer out = new
CommandLineUtils.StringStreamConsumer();
+CommandLineUtils.StringStreamConsumer err = new
CommandLineUtils.StringStreamConsumer();
+CommandLineUtils.executeCommandLine(cl, out, err);
+String version = out.getOutput().trim();
+if (version.isEmpty()) {
+version = err.getOutput().trim();
+}
+if (version.startsWith("javac ")) {
+version = version.substring(6);
+if (version.startsWith("1.")) {
+version = version.substring(0, 3);
+} else {
+version = version.substring(0, 2);
+}
+return version;
+} else {
+return null;
+}
+} catch (CommandLineException e) {
+throw new UncheckedCommandLineException(e);
Review Comment:
It is idea but we should log a warning about it
> Build-Jdk in Manifest.mf does not reflect which compiler version actually
> compiled the classes in the jar
> -
>
> Key: MJAR-62
> URL: https://issues.apache.org/jira/browse/MJAR-62
> Project: Maven JAR Plugin
> Issue Type: Bug
>Reporter: Stefan Magnus Landrø
>Assignee: Slawomir Jaranowski
>Priority: Major
> Fix For: 3.4.0
>
> Attachments: example-app.zip
>
>
> Manifest.mf does not reflect the version of the compiler that built the jar,
> but defaults to the version that maven runs under: Build-Jdk:
> ${java.version}.
> I believe this makes users uncertain of which compiler was actually
Re: [PR] [MJAR-62] Set Build-Jdk according to used toolchain [maven-jar-plugin]
slawekjaranowski commented on code in PR #73:
URL: https://github.com/apache/maven-jar-plugin/pull/73#discussion_r1536641995
##
src/main/java/org/apache/maven/plugins/jar/ToolchainsJdkSpecification.java:
##
@@ -0,0 +1,99 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.maven.plugins.jar;
+
+import javax.inject.Named;
+import javax.inject.Singleton;
+
+import java.io.IOException;
+import java.io.UncheckedIOException;
+import java.nio.file.Path;
+import java.nio.file.Paths;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Optional;
+
+import org.apache.maven.toolchain.Toolchain;
+import org.codehaus.plexus.util.cli.CommandLineException;
+import org.codehaus.plexus.util.cli.CommandLineUtils;
+import org.codehaus.plexus.util.cli.Commandline;
+
+/**
+ * Component provided JDK specification based on toolchains.
+ */
+@Named
+@Singleton
+class ToolchainsJdkSpecification {
+
+private static class UncheckedCommandLineException extends
RuntimeException {
+UncheckedCommandLineException(CommandLineException e) {
+super(e);
+}
+}
+
+private final Map cache = new HashMap<>();
+
+public synchronized Optional getJDKSpecification(Toolchain
toolchain) {
+Optional javacPath = getJavacPath(toolchain);
+return javacPath.map(path -> cache.computeIfAbsent(path,
this::getSpecForPath));
+}
+
+private Optional getJavacPath(Toolchain toolchain) {
+return
Optional.ofNullable(toolchain.findTool("javac")).map(Paths::get).map(this::getCanonicalPath);
+}
+
+private Path getCanonicalPath(Path path) {
+try {
+return path.toRealPath();
+} catch (IOException e) {
+if (path.getParent() != null) {
+return
getCanonicalPath(path.getParent()).resolve(path.getFileName());
+} else {
+throw new UncheckedIOException(e);
+}
+}
+}
+
+private String getSpecForPath(Path path) {
+try {
+Commandline cl = new Commandline(path.toString());
+cl.createArg().setValue("-version");
+CommandLineUtils.StringStreamConsumer out = new
CommandLineUtils.StringStreamConsumer();
+CommandLineUtils.StringStreamConsumer err = new
CommandLineUtils.StringStreamConsumer();
+CommandLineUtils.executeCommandLine(cl, out, err);
+String version = out.getOutput().trim();
+if (version.isEmpty()) {
+version = err.getOutput().trim();
+}
+if (version.startsWith("javac ")) {
+version = version.substring(6);
+if (version.startsWith("1.")) {
+version = version.substring(0, 3);
+} else {
+version = version.substring(0, 2);
+}
+return version;
+} else {
+return null;
+}
+} catch (CommandLineException e) {
+throw new UncheckedCommandLineException(e);
Review Comment:
It is idea but we should log a warning about it
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Re: [PR] use @Component instead of @Parameter when possible [maven-plugin-tools]
slawekjaranowski commented on PR #273: URL: https://github.com/apache/maven-plugin-tools/pull/273#issuecomment-2016509256 For it we should m-plugin-tolls in version 3.11.0 😄 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[PR] Apply ASF Infra GitHub Actions Policy [maven-gh-actions-shared]
slawekjaranowski opened a new pull request, #98: URL: https://github.com/apache/maven-gh-actions-shared/pull/98 - max-parallel as 20 - most of our project use 18 - pin version of release-drafter https://infra.apache.org/github-actions-policy.html -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[PR] Remove duplicate content [maven-toolchains-plugin]
elharo opened a new pull request, #28: URL: https://github.com/apache/maven-toolchains-plugin/pull/28 and cleanup language. I noticed some copy-pasta in this page. @gnodet -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Updated] (MTOOLCHAINS-52) Explain what a toolchain is
[ https://issues.apache.org/jira/browse/MTOOLCHAINS-52?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Elliotte Rusty Harold updated MTOOLCHAINS-52: - Summary: Explain what a toolchain is (was: Explain what a custiom toolcahin is) > Explain what a toolchain is > --- > > Key: MTOOLCHAINS-52 > URL: https://issues.apache.org/jira/browse/MTOOLCHAINS-52 > Project: Maven Toolchains Plugin > Issue Type: Improvement >Affects Versions: 3.2.0 >Reporter: Elliotte Rusty Harold >Priority: Major > Labels: doc > > The page at > https://maven.apache.org/plugins/maven-toolchains-plugin/toolchains/custom.html > never explains what a custom toolchain is, or how it differs from a > toolchain. It should start with this information. > In fact, nothing I see on the maven-toolchains-plugin website ever says what > a toolchain *is*. I think this might help explain why I've found this so hard > to understand. We need to make sure the docs clearly define "toolchain". > Either that or don't use the word at all. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (MTOOLCHAINS-52) Explain what a custiom toolcahin is
[ https://issues.apache.org/jira/browse/MTOOLCHAINS-52?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Elliotte Rusty Harold updated MTOOLCHAINS-52: - Labels: doc (was: ) > Explain what a custiom toolcahin is > --- > > Key: MTOOLCHAINS-52 > URL: https://issues.apache.org/jira/browse/MTOOLCHAINS-52 > Project: Maven Toolchains Plugin > Issue Type: Improvement >Affects Versions: 3.2.0 >Reporter: Elliotte Rusty Harold >Priority: Major > Labels: doc > > The page at > https://maven.apache.org/plugins/maven-toolchains-plugin/toolchains/custom.html > never explains what a custom toolchain is, or how it differs from a > toolchain. It should start with this information. > In fact, nothing I see on the maven-toolchains-plugin website ever says what > a toolchain *is*. I think this might help explain why I've found this so hard > to understand. We need to make sure the docs clearly define "toolchain". > Either that or don't use the word at all. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (MTOOLCHAINS-52) Explain what a custiom toolcahin is
Elliotte Rusty Harold created MTOOLCHAINS-52: Summary: Explain what a custiom toolcahin is Key: MTOOLCHAINS-52 URL: https://issues.apache.org/jira/browse/MTOOLCHAINS-52 Project: Maven Toolchains Plugin Issue Type: Improvement Affects Versions: 3.2.0 Reporter: Elliotte Rusty Harold The page at https://maven.apache.org/plugins/maven-toolchains-plugin/toolchains/custom.html never explains what a custom toolchain is, or how it differs from a toolchain. It should start with this information. In fact, nothing I see on the maven-toolchains-plugin website ever says what a toolchain *is*. I think this might help explain why I've found this so hard to understand. We need to make sure the docs clearly define "toolchain". Either that or don't use the word at all. -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: [PR] Remove Java 5 references and clean up [maven-toolchains-plugin]
elharo commented on code in PR #24: URL: https://github.com/apache/maven-toolchains-plugin/pull/24#discussion_r1536633681 ## src/site/apt/toolchains/custom.apt: ## @@ -25,22 +25,22 @@ Custom Toolchains - You can create your own custom toolchains with plugins using them. + You can create your own custom toolchains for plugins to use. Review Comment: done, though I'm not sure "custom plugin" is really a thing. At this level, aren't they all just plugins? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] use @Component instead of @Parameter when possible [maven-plugin-tools]
hboutemy merged PR #273: URL: https://github.com/apache/maven-plugin-tools/pull/273 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] Bump org.codehaus.plexus:plexus-archiver from 4.9.1 to 4.9.2 [maven-plugin-tools]
hboutemy merged PR #270: URL: https://github.com/apache/maven-plugin-tools/pull/270 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[PR] use @Component instead of @Parameter when possible [maven-plugin-tools]
hboutemy opened a new pull request, #273: URL: https://github.com/apache/maven-plugin-tools/pull/273 (no comment) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] rename mavenVersion to maven3Version [maven-plugin-tools]
hboutemy merged PR #272: URL: https://github.com/apache/maven-plugin-tools/pull/272 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@maven.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (MJLINK-83) Allow adding multiple launchers to a jlink'ed image
[
https://issues.apache.org/jira/browse/MJLINK-83?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17830039#comment-17830039
]
Peter Hull commented on MJLINK-83:
--
I have implemented this myself as it was a very small change
[https://github.com/pedro-w/maven-jlink-plugin/commit/195eac10f5146da37128ba5d26b631b32eba818d]
I can submit as a PR if this is deemed useful
> Allow adding multiple launchers to a jlink'ed image
> ---
>
> Key: MJLINK-83
> URL: https://issues.apache.org/jira/browse/MJLINK-83
> Project: Maven JLink Plugin
> Issue Type: Improvement
>Affects Versions: 3.2.0
> Environment: (applies to all platforms)
>Reporter: Peter Hull
>Priority: Minor
>
> The {{jlink}} command line tool allows the {{--launcher}} argument to be
> specified multiple times to create multiple launcher scripts in the image.
> However the maven plugin only passes on one {{}} element from its
> configuration section to the tool. If multiple are specified, the last one
> takes precedence. I would like to improve this so the plugin will pass
> multiple launcher specs on to the {{jlink}} tool. I suggest the config should
> look like:
> {noformat}
> command=module/main{noformat}
> (as before, for backward compatibility and the common case where there is
> only one)
> or
>
> {noformat}
>
> command1=module1/main1
> command2=module2/main2
> ...
>
> {noformat}
>
> where {{}} can contain zero or more {{}} elements with
> the same syntax as the existing element.
> One remaining question - what do do if the config specifies both
> {{}} and {{}} - combine the two or signal an error?
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Created] (MJLINK-83) Allow adding multiple launchers to a jlink'ed image
Peter Hull created MJLINK-83:
Summary: Allow adding multiple launchers to a jlink'ed image
Key: MJLINK-83
URL: https://issues.apache.org/jira/browse/MJLINK-83
Project: Maven JLink Plugin
Issue Type: Improvement
Affects Versions: 3.2.0
Environment: (applies to all platforms)
Reporter: Peter Hull
The {{jlink}} command line tool allows the {{--launcher}} argument to be
specified multiple times to create multiple launcher scripts in the image.
However the maven plugin only passes on one {{}} element from its
configuration section to the tool. If multiple are specified, the last one
takes precedence. I would like to improve this so the plugin will pass multiple
launcher specs on to the {{jlink}} tool. I suggest the config should look like:
{noformat}
command=module/main{noformat}
(as before, for backward compatibility and the common case where there is only
one)
or
{noformat}
command1=module1/main1
command2=module2/main2
...
{noformat}
where {{}} can contain zero or more {{}} elements with the
same syntax as the existing element.
One remaining question - what do do if the config specifies both
{{}} and {{}} - combine the two or signal an error?
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Comment Edited] (MARTIFACT-58) display origin of local repository artifact when comparing
[ https://issues.apache.org/jira/browse/MARTIFACT-58?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17808920#comment-17808920 ] Herve Boutemy edited comment on MARTIFACT-58 at 3/23/24 7:10 AM: - notice that the info was removed from maven-project-info-reports-plugin MPIR-367 when cleaning code for Maven 3 because the code was not giving trust worthy results when users has a MRM perhaps this is not a problem in the current case because it's an info that is expected to be used locally instead of being published... was (Author: hboutemy): notice that the info was removed from maven-project-info-reports-plugin MPIR-367 when cleaning code for Maven 3 because the code was not giving good results perhaps this is not a problem in the current case because it's an info that is expected to be used locally instead of being published... > display origin of local repository artifact when comparing > -- > > Key: MARTIFACT-58 > URL: https://issues.apache.org/jira/browse/MARTIFACT-58 > Project: Maven Artifact Plugin > Issue Type: Wish > Components: artifact:compare >Affects Versions: 3.5.0 >Reporter: Herve Boutemy >Priority: Major > > artifact:compare compares output from current build (available in target/) to > content from local repository > what is not easy to detect is if content from local repository comes from a > previous local "mvn install" (done recently or a long time ago) or if it was > downloaded from a remote repository > perhaps the artifact:compare can detect and display the info -- This message was sent by Atlassian Jira (v8.20.10#820010)
