maven-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alan Czajkowski (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (MNG-6397) Maven Transitive Dependency Resolution Does Not Respect Repository Definition
Date Fri, 20 Apr 2018 02:02:00 GMT

     [ https://issues.apache.org/jira/browse/MNG-6397?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Alan Czajkowski updated MNG-6397:
---------------------------------
    Description: 
_*Note:* I am trying to do a build behind a firewall which means I cannot access the Internet,
I can only access my internal Maven repository inside my network, so:_
- _grabbing artifacts from https://artifacts.example.com/repository/maven/ works fine_
- _grabbing artifacts from anywhere fails due to firewall restrictions_

Let's begin:

My {{pom.xml}} has the following:
{code:xml}
...
    <dependencies>
...
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
            <version>${spring.boot.version}</version>
        </dependency>
...
    </dependencies>
...
    <repositories>
...
        <repository>
            <id>central</id>
            <name>Public</name>
            <url>https://artifacts.example.com/repository/maven/</url>
            <releases>
                <enabled>true</enabled>
            </releases>
            <snapshots>
                <enabled>true</enabled>
            </snapshots>
        </repository>
...
    </repositories>
...
{code}
The {{dependency:tree}} for the {{spring-boot-starter-web}} is as follows:
{code:java}
+- org.springframework.boot:spring-boot-starter-web:jar:2.0.0.RELEASE:compile
|  +- org.springframework.boot:spring-boot-starter-json:jar:2.0.0.RELEASE:compile
|  |  +- com.fasterxml.jackson.datatype:jackson-datatype-jdk8:jar:2.9.4:compile
|  |  +- com.fasterxml.jackson.datatype:jackson-datatype-jsr310:jar:2.9.4:compile
|  |  \- com.fasterxml.jackson.module:jackson-module-parameter-names:jar:2.9.4:compile
|  +- org.springframework.boot:spring-boot-starter-tomcat:jar:2.0.0.RELEASE:compile
|  |  \- org.apache.tomcat.embed:tomcat-embed-websocket:jar:8.5.28:compile
|  +- org.hibernate.validator:hibernate-validator:jar:6.0.7.Final:compile
|  |  +- javax.validation:validation-api:jar:2.0.1.Final:compile
|  |  +- org.jboss.logging:jboss-logging:jar:3.3.0.Final:compile
|  |  \- com.fasterxml:classmate:jar:1.3.1:compile
|  \- org.springframework:spring-web:jar:5.0.4.RELEASE:compile
{code}

How is it that the build fails as such:
{code:java}
...
Downloading: https://repo.spring.io/milestone/org/jboss/shrinkwrap/shrinkwrap-bom/1.2.3/shrinkwrap-bom-1.2.3.pom
Downloading: https://repo.spring.io/snapshot/org/jboss/shrinkwrap/shrinkwrap-bom/1.2.3/shrinkwrap-bom-1.2.3.pom
Downloading: https://dl.bintray.com/rabbitmq/maven-milestones/org/jboss/shrinkwrap/shrinkwrap-bom/1.2.3/shrinkwrap-bom-1.2.3.pom
Downloading: https://repo.maven.apache.org/maven2/org/jboss/shrinkwrap/shrinkwrap-bom/1.2.3/shrinkwrap-bom-1.2.3.pom
...
[ERROR] Failed to execute goal on project maven-multi-module-demo-backend: Could not resolve
dependencies for project com.example.pipe:maven-multi-module-demo-backend:war:1.0.0-SNAPSHOT:
Failed to collect dependencies at org.springframework.boot:spring-boot-starter-web:jar:2.0.0.RELEASE
-> org.hibernate.validator:hibernate-validator:jar:6.0.7.Final: Failed to read artifact
descriptor for org.hibernate.validator:hibernate-validator:jar:6.0.7.Final: Could not transfer
artifact org.jboss.shrinkwrap:shrinkwrap-bom:pom:1.2.3 from/to spring-milestone (https://repo.spring.io/milestone):
Connection reset -> [Help 1]
...
{code}
when I did not even reference this repo {{spring-milestone ([https://repo.spring.io/milestone])}}
anywhere in my {{pom.xml}}?

When you go down the Spring Boot rabbit hole (go into the {{spring-boot-starter-web}}'s {{pom.xml}}
and then traverse up its parent-pom structure a few jumps) you'll eventually get to a parent-pom
{{spring-boot-dependencies}} with this definition:
{code:xml}
...
    <repositories>
        <repository>
            <snapshots>
                <enabled>false</enabled>
            </snapshots>
            <id>spring-milestone</id>
            <name>Spring Milestone</name>
            <url>https://repo.spring.io/milestone</url>
        </repository>
        <repository>
            <snapshots>
                <enabled>true</enabled>
            </snapshots>
            <id>spring-snapshot</id>
            <name>Spring Snapshot</name>
            <url>https://repo.spring.io/snapshot</url>
        </repository>
        <repository>
            <snapshots>
                <enabled>false</enabled>
            </snapshots>
            <id>rabbit-milestone</id>
            <name>Rabbit Milestone</name>
            <url>https://dl.bintray.com/rabbitmq/maven-milestones</url>
        </repository>
    </repositories>
...
{code}
How is it that the Maven build does not even attempt to reach out to [https://artifacts.example.com/repository/maven/]
to try to find the missing dependency {{shrinkwrap-bom}}? and only reaches out to the above
repos only?

*This seems like a transitive dependency resolution bug to me as the Maven build does not
even make a single attempt at trying to get {{shrinkwrap-bom}} from the repository that I
have explicitly defined in my {{pom.xml}}.*

  was:
_*Note:* I am trying to do a build behind a firewall which means I cannot access the Internet,
I can only access my internal Maven repository inside my network, so:_
- _grabbing artifacts from https://artifacts.example.com/repository/maven/ works fine_
- _grabbing artifacts from anywhere fails (due to firewall restrictions)_

Let's begin:

My {{pom.xml}} has the following:
{code:xml}
...
    <dependencies>
...
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
            <version>${spring.boot.version}</version>
        </dependency>
...
    </dependencies>
...
    <repositories>
...
        <repository>
            <id>central</id>
            <name>Public</name>
            <url>https://artifacts.example.com/repository/maven/</url>
            <releases>
                <enabled>true</enabled>
            </releases>
            <snapshots>
                <enabled>true</enabled>
            </snapshots>
        </repository>
...
    </repositories>
...
{code}
The {{dependency:tree}} for the {{spring-boot-starter-web}} is as follows:
{code:java}
+- org.springframework.boot:spring-boot-starter-web:jar:2.0.0.RELEASE:compile
|  +- org.springframework.boot:spring-boot-starter-json:jar:2.0.0.RELEASE:compile
|  |  +- com.fasterxml.jackson.datatype:jackson-datatype-jdk8:jar:2.9.4:compile
|  |  +- com.fasterxml.jackson.datatype:jackson-datatype-jsr310:jar:2.9.4:compile
|  |  \- com.fasterxml.jackson.module:jackson-module-parameter-names:jar:2.9.4:compile
|  +- org.springframework.boot:spring-boot-starter-tomcat:jar:2.0.0.RELEASE:compile
|  |  \- org.apache.tomcat.embed:tomcat-embed-websocket:jar:8.5.28:compile
|  +- org.hibernate.validator:hibernate-validator:jar:6.0.7.Final:compile
|  |  +- javax.validation:validation-api:jar:2.0.1.Final:compile
|  |  +- org.jboss.logging:jboss-logging:jar:3.3.0.Final:compile
|  |  \- com.fasterxml:classmate:jar:1.3.1:compile
|  \- org.springframework:spring-web:jar:5.0.4.RELEASE:compile
{code}

How is it that the build fails as such:
{code:java}
...
Downloading: https://repo.spring.io/milestone/org/jboss/shrinkwrap/shrinkwrap-bom/1.2.3/shrinkwrap-bom-1.2.3.pom
Downloading: https://repo.spring.io/snapshot/org/jboss/shrinkwrap/shrinkwrap-bom/1.2.3/shrinkwrap-bom-1.2.3.pom
Downloading: https://dl.bintray.com/rabbitmq/maven-milestones/org/jboss/shrinkwrap/shrinkwrap-bom/1.2.3/shrinkwrap-bom-1.2.3.pom
Downloading: https://repo.maven.apache.org/maven2/org/jboss/shrinkwrap/shrinkwrap-bom/1.2.3/shrinkwrap-bom-1.2.3.pom
...
[ERROR] Failed to execute goal on project maven-multi-module-demo-backend: Could not resolve
dependencies for project com.example.pipe:maven-multi-module-demo-backend:war:1.0.0-SNAPSHOT:
Failed to collect dependencies at org.springframework.boot:spring-boot-starter-web:jar:2.0.0.RELEASE
-> org.hibernate.validator:hibernate-validator:jar:6.0.7.Final: Failed to read artifact
descriptor for org.hibernate.validator:hibernate-validator:jar:6.0.7.Final: Could not transfer
artifact org.jboss.shrinkwrap:shrinkwrap-bom:pom:1.2.3 from/to spring-milestone (https://repo.spring.io/milestone):
Connection reset -> [Help 1]
...
{code}
when I did not even reference this repo {{spring-milestone ([https://repo.spring.io/milestone])}}
anywhere in my {{pom.xml}}?

When you go down the Spring Boot rabbit hole (go into the {{spring-boot-starter-web}}'s {{pom.xml}}
and then traverse up its parent-pom structure a few jumps) you'll eventually get to a parent-pom
{{spring-boot-dependencies}} with this definition:
{code:xml}
...
    <repositories>
        <repository>
            <snapshots>
                <enabled>false</enabled>
            </snapshots>
            <id>spring-milestone</id>
            <name>Spring Milestone</name>
            <url>https://repo.spring.io/milestone</url>
        </repository>
        <repository>
            <snapshots>
                <enabled>true</enabled>
            </snapshots>
            <id>spring-snapshot</id>
            <name>Spring Snapshot</name>
            <url>https://repo.spring.io/snapshot</url>
        </repository>
        <repository>
            <snapshots>
                <enabled>false</enabled>
            </snapshots>
            <id>rabbit-milestone</id>
            <name>Rabbit Milestone</name>
            <url>https://dl.bintray.com/rabbitmq/maven-milestones</url>
        </repository>
    </repositories>
...
{code}
How is it that the Maven build does not even attempt to reach out to [https://artifacts.example.com/repository/maven/]
to try to find the missing dependency {{shrinkwrap-bom}}? and only reaches out to the above
repos only?

*This seems like a transitive dependency resolution bug to me as the Maven build does not
even make a single attempt at trying to get {{shrinkwrap-bom}} from the repository that I
have explicitly defined in my {{pom.xml}}.*


> Maven Transitive Dependency Resolution Does Not Respect Repository Definition
> -----------------------------------------------------------------------------
>
>                 Key: MNG-6397
>                 URL: https://issues.apache.org/jira/browse/MNG-6397
>             Project: Maven
>          Issue Type: Bug
>          Components: Dependencies
>    Affects Versions: 3.5.0, 3.5.2, 3.5.3
>         Environment: Apache Maven 3.5.0 (ff8f5e7444045639af65f6095c62210b5713f426; 2017-04-03T15:39:06-04:00)
> Maven home: /usr/local/share/maven
> Java version: 1.8.0_161, vendor: Oracle Corporation
> Java home: /Library/Java/JavaVirtualMachines/jdk1.8.0_161.jdk/Contents/Home/jre
> Default locale: en_US, platform encoding: UTF-8
> OS name: "mac os x", version: "10.10.5", arch: "x86_64", family: "mac"
>            Reporter: Alan Czajkowski
>            Priority: Critical
>
> _*Note:* I am trying to do a build behind a firewall which means I cannot access the
Internet, I can only access my internal Maven repository inside my network, so:_
> - _grabbing artifacts from https://artifacts.example.com/repository/maven/ works fine_
> - _grabbing artifacts from anywhere fails due to firewall restrictions_
> Let's begin:
> My {{pom.xml}} has the following:
> {code:xml}
> ...
>     <dependencies>
> ...
>         <dependency>
>             <groupId>org.springframework.boot</groupId>
>             <artifactId>spring-boot-starter-web</artifactId>
>             <version>${spring.boot.version}</version>
>         </dependency>
> ...
>     </dependencies>
> ...
>     <repositories>
> ...
>         <repository>
>             <id>central</id>
>             <name>Public</name>
>             <url>https://artifacts.example.com/repository/maven/</url>
>             <releases>
>                 <enabled>true</enabled>
>             </releases>
>             <snapshots>
>                 <enabled>true</enabled>
>             </snapshots>
>         </repository>
> ...
>     </repositories>
> ...
> {code}
> The {{dependency:tree}} for the {{spring-boot-starter-web}} is as follows:
> {code:java}
> +- org.springframework.boot:spring-boot-starter-web:jar:2.0.0.RELEASE:compile
> |  +- org.springframework.boot:spring-boot-starter-json:jar:2.0.0.RELEASE:compile
> |  |  +- com.fasterxml.jackson.datatype:jackson-datatype-jdk8:jar:2.9.4:compile
> |  |  +- com.fasterxml.jackson.datatype:jackson-datatype-jsr310:jar:2.9.4:compile
> |  |  \- com.fasterxml.jackson.module:jackson-module-parameter-names:jar:2.9.4:compile
> |  +- org.springframework.boot:spring-boot-starter-tomcat:jar:2.0.0.RELEASE:compile
> |  |  \- org.apache.tomcat.embed:tomcat-embed-websocket:jar:8.5.28:compile
> |  +- org.hibernate.validator:hibernate-validator:jar:6.0.7.Final:compile
> |  |  +- javax.validation:validation-api:jar:2.0.1.Final:compile
> |  |  +- org.jboss.logging:jboss-logging:jar:3.3.0.Final:compile
> |  |  \- com.fasterxml:classmate:jar:1.3.1:compile
> |  \- org.springframework:spring-web:jar:5.0.4.RELEASE:compile
> {code}
> How is it that the build fails as such:
> {code:java}
> ...
> Downloading: https://repo.spring.io/milestone/org/jboss/shrinkwrap/shrinkwrap-bom/1.2.3/shrinkwrap-bom-1.2.3.pom
> Downloading: https://repo.spring.io/snapshot/org/jboss/shrinkwrap/shrinkwrap-bom/1.2.3/shrinkwrap-bom-1.2.3.pom
> Downloading: https://dl.bintray.com/rabbitmq/maven-milestones/org/jboss/shrinkwrap/shrinkwrap-bom/1.2.3/shrinkwrap-bom-1.2.3.pom
> Downloading: https://repo.maven.apache.org/maven2/org/jboss/shrinkwrap/shrinkwrap-bom/1.2.3/shrinkwrap-bom-1.2.3.pom
> ...
> [ERROR] Failed to execute goal on project maven-multi-module-demo-backend: Could not
resolve dependencies for project com.example.pipe:maven-multi-module-demo-backend:war:1.0.0-SNAPSHOT:
Failed to collect dependencies at org.springframework.boot:spring-boot-starter-web:jar:2.0.0.RELEASE
-> org.hibernate.validator:hibernate-validator:jar:6.0.7.Final: Failed to read artifact
descriptor for org.hibernate.validator:hibernate-validator:jar:6.0.7.Final: Could not transfer
artifact org.jboss.shrinkwrap:shrinkwrap-bom:pom:1.2.3 from/to spring-milestone (https://repo.spring.io/milestone):
Connection reset -> [Help 1]
> ...
> {code}
> when I did not even reference this repo {{spring-milestone ([https://repo.spring.io/milestone])}}
anywhere in my {{pom.xml}}?
> When you go down the Spring Boot rabbit hole (go into the {{spring-boot-starter-web}}'s
{{pom.xml}} and then traverse up its parent-pom structure a few jumps) you'll eventually get
to a parent-pom {{spring-boot-dependencies}} with this definition:
> {code:xml}
> ...
>     <repositories>
>         <repository>
>             <snapshots>
>                 <enabled>false</enabled>
>             </snapshots>
>             <id>spring-milestone</id>
>             <name>Spring Milestone</name>
>             <url>https://repo.spring.io/milestone</url>
>         </repository>
>         <repository>
>             <snapshots>
>                 <enabled>true</enabled>
>             </snapshots>
>             <id>spring-snapshot</id>
>             <name>Spring Snapshot</name>
>             <url>https://repo.spring.io/snapshot</url>
>         </repository>
>         <repository>
>             <snapshots>
>                 <enabled>false</enabled>
>             </snapshots>
>             <id>rabbit-milestone</id>
>             <name>Rabbit Milestone</name>
>             <url>https://dl.bintray.com/rabbitmq/maven-milestones</url>
>         </repository>
>     </repositories>
> ...
> {code}
> How is it that the Maven build does not even attempt to reach out to [https://artifacts.example.com/repository/maven/]
to try to find the missing dependency {{shrinkwrap-bom}}? and only reaches out to the above
repos only?
> *This seems like a transitive dependency resolution bug to me as the Maven build does
not even make a single attempt at trying to get {{shrinkwrap-bom}} from the repository that
I have explicitly defined in my {{pom.xml}}.*



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message