To my mind what you want to do is write an enforcer custom rule that
checks all the compile and runtime scoped dependencies against a
whitelist server...
I'd have a webserver that can e.g. take a query of the form
http://someurl/.../check?groupId=&artifactId=_&version=_&classifier=___
Hello David!
Hmmm, upon reading, it may work. If I get some time I may investigate, but
for the moment it works for me.
-Chris
[EMAIL PROTECTED] wrote on 30/06/2008 23:52:34:
> On Mon, 30 Jun 2008, [EMAIL PROTECTED] wrote:
>
> > Hi All.
> >
> >I don't mind not having this file generat
I remove the version from all of the module poms entirely and just have
the multi module build pom have it. It works for me.
-Chris
"Kallin Nagelberg" <[EMAIL PROTECTED]> wrote on 01/07/2008
04:55:00:
> Can anyone tell me what is the best/simplest way to maintain a version
> number across all
Correct. I have several Internet2 projects which are not currently in
any repository except my local one. They, in turn, have dependencies.
Of these, only the Grouper project gives me the warning.
-K, who will go over the Grouper and Signet poms with a fine-toothed
comb to see what, if any,
You're saying that you only get that warning for one dependency out of a
group of them you're working with, within the assembly process?
-j
On Mon, Jun 30, 2008 at 5:52 PM, Kathryn Huxtable <
[EMAIL PROTECTED]> wrote:
> Great, but I don't get that warning for the other dependencies. Why not, I
>
Well, that could possibly work except that there is no way I can get that
internal locked down build to actually run - remember that maven does
everything via plugins - even the compilation is done using a plugin - so
all the plugins would have to be added to the closed repo - thus polluting
it wit
2008/7/1 Brian E. Fox <[EMAIL PROTECTED]>:
>
> There are some proposals on the table to further break down the local
> repo and until those are implemented, this use case can't really be
> fully handled...regardless of the implementation of scope based repos.
>
> --Brian
>
A pity, but at least so
I agree it is a management problem - the bulk of th work would have been
done in the management of the internal closed repo - I just sort of expected
to find some way to get maven to stop polluting the artifacts and their
transitive deps retrieved from this repo from the other more open repos used
On Mon, Jun 30, 2008 at 9:10 AM, Ishaaq Chandy <[EMAIL PROTECTED]> wrote:
> On the contrary, I actually do want to codify this with my pom - i.e. I want
> to be able to instruct maven via my pom on how to decide which of the
> configured repos to use when downloading certain types of dependencies.
Thanks, you're the first person to admit that this is a valid use case and
not just some arcane process unique to my situation :)
2008/7/1 Brian E. Fox <[EMAIL PROTECTED]>:
> >1. A locked down repo in which only "approved" versions of some deps
> exist.
>
> >2. An open repo which proxied on to ma
Thanks guys! I think I finally got something together that works:
The in pom.xml of the project you want to assemble with the nar .so
libraries:
...
org.freehep
freehep-nar-plugin
Great, but I don't get that warning for the other dependencies. Why
not, I wonder?
-K
On Jun 30, 2008, at 4:21 PM, John Casey wrote:
Nothing to be too concerned about. It's a warning more intended for
plugin
developers, meaning they passed in a jar artifact instead of a pom
artifact,
and
Nothing to be too concerned about. It's a warning more intended for plugin
developers, meaning they passed in a jar artifact instead of a pom artifact,
and the project-builder is constructing a pom artifact to build the project
instance from instead.
I just need to modify the assembly plugin to ma
I'm making an assembly for a project and one of its runtime
dependencies is something called "grouper". I'm getting the following
warning:
[WARNING] Attempting to build MavenProject instance for Artifact
(edu.internet2.middleware.grouper:grouper:1.3.0) of type: jar;
constructing POM artif
I actually managed to get past this error, I shamelessly forgot to take care
of my ProGuard parameters. My POM now looks includes all of the pertinent
options, however, I continue to get errors, and I really have no clue what
they mean:
Here they are:
[proguard] Warning: org.apache.tools.ant.Mai
For archiva and artifactory I can really create username with password. But
if I have a remote repository alone, which username and password?
Giancarlo Degani wrote:
>
> The id value is not important, you have to match the id tag defined
> into your pom with an id tag defined in the server sect
No, I want another question. Why this doesn't work with remote request?
For example with https://mysite/artifactory/internal.
Giancarlo Degani wrote:
>
> The id value is not important, you have to match the id tag defined
> into your pom with an id tag defined in the server section of your
> se
Thank you very much Giancarlo.
Another question: which user-password paar? server-user-password or
archiva-user-password?
Thanks beforehand,
regards, buters
Giancarlo Degani wrote:
>
> The id value is not important, you have to match the id tag defined
> into your pom with an id tag defined i
Can anyone tell me what is the best/simplest way to maintain a version
number across all the poms in a multi-module project?
They are all to be deployed with the same version every time.
Ideally, the version could be declared in one place (the superpom), and all
children would know to use it.
I'
Just a note to remind that the dependencies are different for WAS 6.0 and
6.1.
One particular difference is the "eclipse-like" paths to important jars in
6.1 that weren't there in 6.0. These paths look like paths to jars inside
eclipse plugins and have a "plugins" folder as one path component.
Th
It seems to me to be a management problem rather than a technical problem
although the technical tools could help the manager identify the problem.
If you inform your developers that they can only use certain libraries and
have to check with your (or someone) if they want to use other libraries,
y
The id value is not important, you have to match the id tag defined
into your pom with an id tag defined in the server section of your
settings.xml.
This is an example:
pom.xml
archiva.acme.internal
Internal Release Repository
dav:http://A/archiva/rep
Hey guys,
I am trying to obfuscate my code by using Maven's ProGuard plugin.
This is the section I added to my POM file to activate the plugin:
...
com.pyx4me
proguard-maven-plugin
package
> (slightly) surprised there isn't a dependency black/whitelisting
>enforcer rule - but just because I haven't seen one doesn't mean there
>isn't one out there.
There is. It currently doesn't consider effective scope, but it could.
>Hmm, so in short you're telling me that I should completely lock down
my
>build process simply because maven can't differentiate between plugin
deps,
>test deps and compile/runtime deps.
No, only because it will save you hassle later.
Another thing to consider is that regardless of what decisio
>1. A locked down repo in which only "approved" versions of some deps
exist.
>2. An open repo which proxied on to maven central.
This is commonly done where the CI system uses only the approved
versions and the devs are free to use the proxied one. It simply means
that they must be sure that the
Hi,
here it is explained:
http://maven.apache.org/guides/getting-started/index.html#How_do_I_deploy_my_jar_in_my_remote_repository
I don't only understand here one thing. How can I assign my remote
repository an id?
Thanks beforehand,
regards, buters
--
View this message in context:
http://ww
I want to copy some files to my WEB-INF when I package my Web Application.
So I included the configuration
dist/Jboss/teste
WEB-INF
on the maven-war-plugin
The files are copied correctly to the war, the problem is that they are also
copied to the source folder (the one that I use to edit my
Hi Ishaaq,
Ishaaq Chandy wrote:
> Aha! I think I see now why you think I have a special case, I think its a
> simple case of misunderstanding - for which I'll assume all fault is mine
> :)
>
> Locked down versioning is not really the point. Even if we had a locked
> versions of the test (in fact
On Mon, Jun 30, 2008 at 5:10 PM, Ishaaq Chandy <[EMAIL PROTECTED]> wrote:
> 2008/7/1 Nigel Magnay <[EMAIL PROTECTED]>:
>
>> > However, even if you did assume that, it would be easy to work around if
>> you
>> > enforced a full build from scratch to delete the local repo. As a
>> developer
>> > you
Hmmm, maybe a bit more info about your environment is necessary.
What's your OS? Java Version? Where is the JDK installed? Are you
running this under cygwin?
What output does
java --version
produce?
> -Original Message-
> From: James Davis [mailto:[EMAIL PROTECTED]
> Sent:
On Saturday 28 June 2008 Niranjan Deshpande wrote:
> Can i get a jar of the junit4.x maven plugin?
Never heard of this plugin and according to its SVN repository it's quite
dead. Are you maybe looking the maven-surefire-plugin[0]?
hth,
- martin
[0] http://maven.apache.org/plugins/maven-surefire
Hi folks,
I am using Maven 2.09 with site plugin 2.0-beta-6,
maven-project-info-reports-plugin 2.0.1 and the maven-changelog-plugin 2.1.
In my parent pom I got:
[…]
scm:svn:https://myURL:443/myMainProject/TRUNK
scm:svn:https://myURL:443/myMainProject/TRUNK
https://myURL:44
Hi,
I would like to define a dependency which is necessary for the project at
runtime and:
* gets imported from the repository --> scope != system
* should be assembled for runtime distributions --> scope != provided
* should not be added to the compile and runtime classpath --> scope != runti
Hi,
I want to build an "baseline distribution" for the sake of taking a snapshot of
the current project and its dependencies. This distribution shall include the
*-source.jar files of all dependencies as available in the repository.
For that purpose I tried various configurations of the maven-a
2008/7/1 Nigel Magnay <[EMAIL PROTECTED]>:
> > However, even if you did assume that, it would be easy to work around if
> you
> > enforced a full build from scratch to delete the local repo. As a
> developer
> > you may decide to avoid doing a full build but our continuous integration
> > environm
The dependency report in the soon-to-be-released next version, 2.1, of MPIR
plugin lists the license used (assuming the license section is filled in in
the particular pom). That should help verifying the licenses used and
needed.
Kalle
On Mon, Jun 30, 2008 at 8:53 AM, Ishaaq Chandy <[EMAIL PROTE
Or libraries that illegally (whether maliciously or not) have
not-redistributable transitive dependencies of their own that are not
compatible with their own licenses.
So, yes, I agree, you can't really legally rely on that - you'd have to
manually check each dep down the whole dependency tree - n
... and lo - I can't even read -
http://maven.apache.org/plugins/maven-enforcer-plugin/rules/bannedDependencies.html
On Mon, Jun 30, 2008 at 4:48 PM, Nigel Magnay <[EMAIL PROTECTED]> wrote:
>> However, even if you did assume that, it would be easy to work around if you
>> enforced a full build fro
> > There would be other ways to accomplish this -- for instance, if Maven were
> > aware of the license (if it were published in the POM), you could put
>
> You'd probably still have to cope with libraries that are (say) GPL,
> but don't declare themselves in the pom as such.
Which is why people
> However, even if you did assume that, it would be easy to work around if you
> enforced a full build from scratch to delete the local repo. As a developer
> you may decide to avoid doing a full build but our continuous integration
> environment would certainly enforce it and would catch the probl
I agree to a certain extend - i.e. maven is not really the tool to use for
license verification, but since dependency management and license management
are related issues I'd like to leverage its dependency management ability to
solve my license verification needs, but it looks like it stops me fro
Hi,
i have a three module maven project:
1) ejb
2) war
3) ear
In ear's pom.xml I put the following
org.apache.maven.plugins
maven-antrun-plugin
deploy_jboss
package
>
> There would be other ways to accomplish this -- for instance, if Maven were
> aware of the license (if it were published in the POM), you could put
It is published in the pom.
You'd probably still have to cope with libraries that are (say) GPL,
but don't declare themselves in the pom as such.
Yup, you're assuming that maven works as it currently does - i.e. it is
unable to remember the context of how the dependency was originally pulled
down.
However, even if you did assume that, it would be easy to work around if you
enforced a full build from scratch to delete the local repo. As a de
On Mon, Jun 30, 2008 at 4:14 AM, Ishaaq Chandy <[EMAIL PROTECTED]> wrote:
> Well, not knowing who else uses maven out there I have no reasonable way to
> verify or deny your claim that this is not useful for 95%. I can only say
> that I find it hard to believe that only 5% of maven users would con
I'm having a problem dowloading the dependency from the main repo:
org.springframework
spring-ldap
1.1.2
When Maven tries to retrieve the dependencies, I get checksum errors (posted
below). On subsequent builds no CHECKSUM errors are generated, but the
build breaks w
2008/6/30 Ishaaq Chandy <[EMAIL PROTECTED]>:
> Well, assuming that a hypothetical implementation of maven only downloads
> compile/runtime deps from the repo that we actively control and restrict
> access to, wouldn't that be safe enough? I can't think of a scenario where
> this would lead to acci
2008/7/1 Stuart McCulloch <[EMAIL PROTECTED]>:
>
> my perspective (as a maven user) is that if I was concerned
> about dragging in artifacts with certain licenses then I'd want
> to be 100% sure I had everything locked down build-wise.
>
> that seems easier to defend (legally-speaking) than relyin
Aha! I think I see now why you think I have a special case, I think its a
simple case of misunderstanding - for which I'll assume all fault is mine :)
Locked down versioning is not really the point. Even if we had a locked
versions of the test (in fact we do lock the test dependency versions) and
Hi,
I just installed Archiva and added the people.apache.org snapshot repository
through a proxy connector to my internal snapshot repository. This is
working perfectly, if I try to download an artifact that's hosted on
people.apache.org it's successfully cached by archiva.
Maven however complains
2008/6/30 Ishaaq Chandy <[EMAIL PROTECTED]>:
> Hmm, so in short you're telling me that I should completely lock down my
> build process simply because maven can't differentiate between plugin deps,
> test deps and compile/runtime deps.
>
my perspective (as a maven user) is that if I was concerned
Thank you very much Ringo.
My tests was named ATests.java.
I've renamed it in ATest.java, and now it works.
Best regards, buters
De Smet Ringo wrote:
>
>
>> -Original Message-
>> From: buters [mailto:[EMAIL PROTECTED]
>> Sent: maandag 30 juni 2008 15:04
>> To: users@maven.apache.or
On Mon, 30 Jun 2008, [EMAIL PROTECTED] wrote:
Hi All.
I don't mind not having this file generated, but I do need to
manipulate it.
The issue arises with the name attribute of the routerModules
element. It needs the name of the war file that hosts the router modules.
Maybe you can
Ishaaq Chandy wrote:
> Hmm, so in short you're telling me that I should completely
> lock down my
> build process simply because maven can't differentiate
> between plugin deps,
> test deps and compile/runtime deps.
>
> Look, I know I'm starting to sound like a whining complainer
> and I wouldn't
Hey thanx a lot Stefan.. Its working.
But there is one more problem with the plugin..
It only deploys my application in the container.
But doesn't explicitly starts and stops the container.
Why so
Here is my pom configuration:
org.codehaus.cargo
cargo-
Hmm, so in short you're telling me that I should completely lock down my
build process simply because maven can't differentiate between plugin deps,
test deps and compile/runtime deps.
Look, I know I'm starting to sound like a whining complainer and I wouldn't
blame you if you got annoyed, but loo
> -Original Message-
> From: buters [mailto:[EMAIL PROTECTED]
> Sent: maandag 30 juni 2008 15:15
> To: users@maven.apache.org
> Subject: RE: Maven&Properties2
>
>
> log4j.properties file is arranged in src/main/resources and
> in lib. Earlier it was an Ant-Project and all work cute.
log4j.properties file is arranged in src/main/resources and in lib. Earlier
it was an Ant-Project and all work cute. Now it must be a Maven-Project. It
won't only work on this place.
De Smet Ringo wrote:
>
>>
>> For log4j things I have only:
>>
>> ...
>> public static Logger logger = Logger
> -Original Message-
> From: buters [mailto:[EMAIL PROTECTED]
> Sent: maandag 30 juni 2008 15:04
> To: users@maven.apache.org
> Subject: RE: There are no tests to run
>
>
> I use m2eclipse and I create Maven projects direct in
> eclipse. Also folder structure must be ok. (src/test/java
I use m2eclipse and I create Maven projects direct in eclipse. Also folder
structure must be ok. (src/test/java)
De Smet Ringo wrote:
>
>> I've created tests. They run ok with junit-test. But mvn test
>> display this:
>> ---
>> T E S T S
>>
>
> For log4j things I have only:
>
> ...
> public static Logger logger = Logger.getLogger("A"); ...
>
> There is no explicit reference to, where is the log4j.properties file.
Did you create a log4j.properties file? If so, where did you put it in
the source tree?
I suspect you have a log4j.pr
> I've created tests. They run ok with junit-test. But mvn test
> display this:
> ---
> T E S T S
> ---
> There are no tests to run.
>
> Results :
>
> Tests run: 0, Failures: 0, Errors: 0, Sk
Hi,
I've created tests. They run ok with junit-test. But mvn test display this:
---
T E S T S
---
There are no tests to run.
Results :
Tests run: 0, Failures: 0, Errors: 0, Skipped: 0
What
More detailed:
I've (in 'Maven&Properties') explicit in A.java path to my file
94 Properties configFile = new Properties();
95 configFile.load(A.class.getResourceAsStream("/A.ini"));
For log4j things I have only:
...
public static Logger logger = Logger.getLogger("A");
...
There is no exp
2008/6/30 Ishaaq Chandy <[EMAIL PROTECTED]>:
> Hi Jörg,
> Thanks for your reply.
>
> Unapproved transitive deps can "creep" in because we do not lock down
> plugin
> dep versions - for e.g. even maven's compiler plugin could conceivably have
> transitive deps - we do not explicitly lock down the v
Thank you very much Ringo.
Yes this works.
Best regards, buters
De Smet Ringo wrote:
>
>>
>> If you do not want the second "resources" folder, you have to
>> adapt your code to read:
>>
>> configFile.load(A.class.getResourceAsStream("A.ini"));
>
> My mistake! This should read:
>
> config
Hi Jörg,
Thanks for your reply.
Unapproved transitive deps can "creep" in because we do not lock down plugin
dep versions - for e.g. even maven's compiler plugin could conceivably have
transitive deps - we do not explicitly lock down the version numbers of each
and every plugin we use - yes, this
Hi,
my problem:
analog to Maven&Properties
the application can not find log4j.properties. It is located in
src/main/resorces and a copy in lib. But I get an error:
'log4j:ERROR Could not connect to remote log4j server at [localhost]. We
will try again later.
java.net.ConnectException: Connection
>
> If you do not want the second "resources" folder, you have to
> adapt your code to read:
>
> configFile.load(A.class.getResourceAsStream("A.ini"));
My mistake! This should read:
configFile.load(A.class.getResourceAsStream("/A.ini"));
R.
> my problem:
> ...
> 94 Properties configFile = new Properties();
> 95 configFile.load(A.class.getResourceAsStream("/resources/A.ini"));
> ...
> The file 'A.ini' is located in src/main/resources.
> I get NullPointerException at line 95. Where and which
> changes must I make?
With the getR
Hi,
my problem:
...
94 Properties configFile = new Properties();
95 configFile.load(A.class.getResourceAsStream("/resources/A.ini"));
...
The file 'A.ini' is located in src/main/resources.
I get NullPointerException at line 95. Where and which changes must I make?
Thanks beforehand,
regar
Would it be possible to write an enforcer plugin rule that checks the
licenses of the dependencies?
regards,
Wim
2008/6/30 Jörg Schaible <[EMAIL PROTECTED]>:
> Hi Ishaaq,
>
> Ishaaq Chandy wrote:
> > Well, not knowing who else uses maven out there I have no
> > reasonable way to
> > verify or d
Could it be you're looking for Cargo?
http://cargo.codehaus.org/Maven2+plugin
Stefan
Renu Gupta wrote:
Hi,
Can any one tell me that
Does maven2 supports jboss plugin?
Because none of my jboss goals are working in maven2.
When I execute mvn jboss:start it gives successful status but server i
Hi,
I want to check out latest code from CVS using Maven. I browsed the SCM
project and found the following URL:
http://maven.apache.org/scm/plugins/checkout-mojo.html
The link founds good but how to introduce it into my pom.xml file is not
discussed. Can you please throw some light on this?
Hi,
Can any one tell me that
Does maven2 supports jboss plugin?
Because none of my jboss goals are working in maven2.
When I execute mvn jboss:start it gives successful status but server is not
actually started
Same is the case with other goals of jboss plugin
I m giving the link when it says
I generate some documentation as a part of maven's build life cycle. and i
want the generated doc to be avaialble as a link
on the report that maven generates after i run mvn site command.
how to do this?
--
Regards,
Niranjan Deshpande
"Shut yourself from the world and create the reality you wan
Hi Ishaaq,
Ishaaq Chandy wrote:
> Well, not knowing who else uses maven out there I have no
> reasonable way to
> verify or deny your claim that this is not useful for 95%. I
> can only say
> that I find it hard to believe that only 5% of maven users
> would conform to
> both of the following crit
oh - and I should also clarify, the use case is not as you said:
"specify which repos may/must contain specific artifacts"
that, I agree, would be overkill, but rather:
"specify which repos may/must contain dependencies of a certain scope type
(considering plugin as an additional scope-type for t
Well, not knowing who else uses maven out there I have no reasonable way to
verify or deny your claim that this is not useful for 95%. I can only say
that I find it hard to believe that only 5% of maven users would conform to
both of the following criteria - but then again, I don't really know:
1.
It looks like "mvn --version" is simply calling "java --version",
which is invalid. Check your installation again, and perhaps
re-install from scratch if you still can't figure it out (delete it
all and start over).
C:\>java --version
Unrecognized option: --version
Could not create the Java virtua
As far as I know, the answer is 4.
Generally I expect your problem(s) can be solved by setting up
multiple environments, each with its own repo manager and liberal use
of "rm -rf ~/.m2/repository" (or dependency:purge-local-repository).
Then you would specify which repo to connect to with a profil
82 matches
Mail list logo