Re: Avoid to bring in new repositories via dependencies
On Friday 12 September 2008 Stephen Connolly wrote: > On Fri, Sep 12, 2008 at 8:46 AM, Martin Höller <[EMAIL PROTECTED]> wrote: > > On Friday 12 September 2008 Stephen Connolly wrote: > > > I know that plans for Maven 2.2 or 3.0 or some such is/was to > > > deprecate the declaration of repositories within the pom because of > > > this very problem. > > > > > > Of course banning repository declarations within poms is a swings and > > > roundabouts solution: > > > + fix this type of problem > > > - cause problems if you need something that you cannot get pushed > > > into repo1 > > > > Well, one could always declare additional repos in settings.xml. I'd > > say this is a far better place than pom.xml. > > > > Thank's Stephen for clarifying this. > > > > - martin > > Yeah but the problem with having to declare the additional repos in your > settings.xml is now the project builds for me but not for you (until you > get my settings.xml) That's true, but usually building some project imlies reading the installation instruction anyway... at least in theory ;) On the other hand reproducablity is an important requirement. Relying on a repository which some dependency introduced doesn't really increase reproducablity. > And additionally, each repository that you add slows down the build as > Maven has to check _all_ repositories that it knows about for the > artifacts... and then if one of those is feeling slow your (normally > fast) build becomes increasingly slow. At least for companies working seriously on software projects having an internal remote repository is a must, which reduces this problem. OTOH, for OSS developers working on multiple OSS projects, this might be a bigger issue. - martin signature.asc Description: This is a digitally signed message part.
Re: Avoid to bring in new repositories via dependencies
On Fri, Sep 12, 2008 at 8:46 AM, Martin Höller <[EMAIL PROTECTED]> wrote: > On Friday 12 September 2008 Stephen Connolly wrote: > > Chirstian, > > > > the problem is that the pom for the dependency that he wants to use > > declares repositories to use for resolving its transitive dependencies. > > > > He does not want to have that repository dragged in to his build. > > Exactly. > > > Other than re-releasing the jar with a different version (e.g. releasing > > log4j:log4j:1.2.14-mycompany-1 it'd be the same jar as 1.2.14, but using > > a hand rolled pom) there is no real solution to this. > > :( > > > I know that plans for Maven 2.2 or 3.0 or some such is/was to deprecate > > the declaration of repositories within the pom because of this very > > problem. > > > > Of course banning repository declarations within poms is a swings and > > roundabouts solution: > > + fix this type of problem > > - cause problems if you need something that you cannot get pushed into > > repo1 > > Well, one could always declare additional repos in settings.xml. I'd say > this is a far better place than pom.xml. > > Thank's Stephen for clarifying this. > > - martin > Yeah but the problem with having to declare the additional repos in your settings.xml is now the project builds for me but not for you (until you get my settings.xml) And additionally, each repository that you add slows down the build as Maven has to check _all_ repositories that it knows about for the artifacts... and then if one of those is feeling slow your (normally fast) build becomes increasingly slow. Hm One change that _might_ work would be to force all repositories added via a pom.xml to have the update policy of "never". Thus that way you'd get the artifact the first time and it would never be checked again (ok, so it would be more seldom than never!)
Re: Avoid to bring in new repositories via dependencies
On Friday 12 September 2008 Stephen Connolly wrote: > Chirstian, > > the problem is that the pom for the dependency that he wants to use > declares repositories to use for resolving its transitive dependencies. > > He does not want to have that repository dragged in to his build. Exactly. > Other than re-releasing the jar with a different version (e.g. releasing > log4j:log4j:1.2.14-mycompany-1 it'd be the same jar as 1.2.14, but using > a hand rolled pom) there is no real solution to this. :( > I know that plans for Maven 2.2 or 3.0 or some such is/was to deprecate > the declaration of repositories within the pom because of this very > problem. > > Of course banning repository declarations within poms is a swings and > roundabouts solution: > + fix this type of problem > - cause problems if you need something that you cannot get pushed into > repo1 Well, one could always declare additional repos in settings.xml. I'd say this is a far better place than pom.xml. Thank's Stephen for clarifying this. - martin signature.asc Description: This is a digitally signed message part.
Re: Avoid to bring in new repositories via dependencies
Chirstian, the problem is that the pom for the dependency that he wants to use declares repositories to use for resolving its transitive dependencies. He does not want to have that repository dragged in to his build. Other than re-releasing the jar with a different version (e.g. releasing log4j:log4j:1.2.14-mycompany-1 it'd be the same jar as 1.2.14, but using a hand rolled pom) there is no real solution to this. I know that plans for Maven 2.2 or 3.0 or some such is/was to deprecate the declaration of repositories within the pom because of this very problem. Of course banning repository declarations within poms is a swings and roundabouts solution: + fix this type of problem - cause problems if you need something that you cannot get pushed into repo1 Stephen On Fri, Sep 12, 2008 at 8:11 AM, Christian Schuhegger < [EMAIL PROTECTED]> wrote: > Hi Martin, > > Martin Höller wrote: > >> On Thursday 11 September 2008 Wendy Smoak wrote: >> >>> On Thu, Sep 11, 2008 at 5:03 AM, Martin Höller <[EMAIL PROTECTED]> wrote: >>> Unfortunately this dependency's pom.xml specifies other remote repositories. Could someone please tell me what is the recomended way to avoid getting a new repository into my environment? >>> You can use mirrors, especially mirrorOf=*, to prevent additional >>> repositories from being introduced. >>> >>> http://maven.apache.org/guides/mini/guide-mirror-settings.html >>> >> >> That doesn't prevent additional repositories of beeing introduced. It just >> prevents direct usage of them, which is IMHO just a workaround but no >> solution. >> > > I am not sure what you try to do? You want to add a new jar file, but you > do not want to introduce a dependency to the repository where that jar file > lives, right? > > Let's introduce some names: > - your pom : project.pom.xml > - the dependency that you introduced by hand : A.pom.original.xml > - a sub dependency that A.pom.original.xml mentions : B.pom.xml > > That jar file has in its A.pom.original.xml other dependencies that live in > other remote repositories that you do not want to introduce in your > project.pom.xml of your project. For sure the jar that you included needs > these additional dependencies, because otherwise it would not mention them > in its A.pom.original.xml in the first place. > > If you fulfilled those dependencies on the several B.pom.xml already by > some other way, e.g. you introduced them in your local repository by hand > and introduced those dependencies into your project.pom.xml via a separate > , then you can use on the original dependency that > you have in project.pom.xml like that: > >... >A >... > > >... >B > > ... > > > > In this case maven will not try to resolve the dependencies you have in the > A.pom.original.xml > > Another even simpler way is to create a A.pom.modified.xml yourself for > your jar that you introduced in your local repository :) Why do you want to > use the A.pom.original.xml that you downloaded manually from the remote > repository if that pom.xml causes you problems? > > I hop that helps, > -- > Christian Schuhegger > http://www.el-chef.de/ > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >
Re: Avoid to bring in new repositories via dependencies
Hi Martin, Martin Höller wrote: On Thursday 11 September 2008 Wendy Smoak wrote: On Thu, Sep 11, 2008 at 5:03 AM, Martin Höller <[EMAIL PROTECTED]> wrote: Unfortunately this dependency's pom.xml specifies other remote repositories. Could someone please tell me what is the recomended way to avoid getting a new repository into my environment? You can use mirrors, especially mirrorOf=*, to prevent additional repositories from being introduced. http://maven.apache.org/guides/mini/guide-mirror-settings.html That doesn't prevent additional repositories of beeing introduced. It just prevents direct usage of them, which is IMHO just a workaround but no solution. I am not sure what you try to do? You want to add a new jar file, but you do not want to introduce a dependency to the repository where that jar file lives, right? Let's introduce some names: - your pom : project.pom.xml - the dependency that you introduced by hand : A.pom.original.xml - a sub dependency that A.pom.original.xml mentions : B.pom.xml That jar file has in its A.pom.original.xml other dependencies that live in other remote repositories that you do not want to introduce in your project.pom.xml of your project. For sure the jar that you included needs these additional dependencies, because otherwise it would not mention them in its A.pom.original.xml in the first place. If you fulfilled those dependencies on the several B.pom.xml already by some other way, e.g. you introduced them in your local repository by hand and introduced those dependencies into your project.pom.xml via a separate , then you can use on the original dependency that you have in project.pom.xml like that: ... A ... ... B ... In this case maven will not try to resolve the dependencies you have in the A.pom.original.xml Another even simpler way is to create a A.pom.modified.xml yourself for your jar that you introduced in your local repository :) Why do you want to use the A.pom.original.xml that you downloaded manually from the remote repository if that pom.xml causes you problems? I hop that helps, -- Christian Schuhegger http://www.el-chef.de/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Avoid to bring in new repositories via dependencies
Hi Wendy! Thanks for your reply. On Thursday 11 September 2008 Wendy Smoak wrote: > On Thu, Sep 11, 2008 at 5:03 AM, Martin Höller <[EMAIL PROTECTED]> wrote: > > Unfortunately this dependency's pom.xml specifies other remote > > repositories. Could someone please tell me what is the recomended way > > to avoid getting a new repository into my environment? > > You can use mirrors, especially mirrorOf=*, to prevent additional > repositories from being introduced. > > http://maven.apache.org/guides/mini/guide-mirror-settings.html That doesn't prevent additional repositories of beeing introduced. It just prevents direct usage of them, which is IMHO just a workaround but no solution. > It might also be worth bringing this up to the dev team responsible > for the pom to get them to remove it in future releases. I'm not suscribed to the maven-developer mailinglist and was hoping to find some solution on the users list. However, eventually I'll bring this up on the developers list... regards, - martin signature.asc Description: This is a digitally signed message part.
Re: Avoid to bring in new repositories via dependencies
On Thu, Sep 11, 2008 at 5:03 AM, Martin Höller <[EMAIL PROTECTED]> wrote: > Unfortunately this dependency's pom.xml specifies other remote repositories. > Could someone please tell me what is the recomended way to avoid getting a > new repository into my environment? You can use mirrors, especially mirrorOf=*, to prevent additional repositories from being introduced. http://maven.apache.org/guides/mini/guide-mirror-settings.html It might also be worth bringing this up to the dev team responsible for the pom to get them to remove it in future releases. -- Wendy - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Avoid to bring in new repositories via dependencies
Hi all! I want to use some new dependency which is not in maven central but in some other remote repository. I downloaded and imported this dependency in our internal archiva to have access to it without adding some new remote repository. Unfortunately this dependency's pom.xml specifies other remote repositories. Could someone please tell me what is the recomended way to avoid getting a new repository into my environment? tia, - martin signature.asc Description: This is a digitally signed message part.
