[
http://jira.codehaus.org/browse/MEV-649?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Carlos Sanchez closed MEV-649.
------------------------------
Resolution: Won't Fix
Assignee: Carlos Sanchez
Log4j team need to fix the pom for their next release, you need to talk to them.
They probably want to make these dependencies optional and they must remove the
repositories section
1) com.sun.jmx:jmxri:jar:1.2.1
2) com.sun.jdmk:jmxtools:jar:1.2.1
3) javax.jms:jms:jar:1.1
In the meantime you can exclude them
> log4j 1.2.15 points to nonfuctional maven-repository.dev.java.net packages
> breaking whole build
> -----------------------------------------------------------------------------------------------
>
> Key: MEV-649
> URL: http://jira.codehaus.org/browse/MEV-649
> Project: Maven Evangelism
> Issue Type: Bug
> Reporter: Jan Uhlir
> Assignee: Carlos Sanchez
>
> Log4j 2.1.15 dependency from central repository has dependencies linked to
> https://maven-repository.dev.java.net/nonav/repository - jmxri, jmxtools and
> java mail (and others?). These denpendencies are broken or the whole external
> repository is unaccesible by now.
> Is it even permitted to have "external" dependency for a package in central
> repository?
> I found it hard to find how to disable a repository (block a repository) so I
> am using this opportunity for a micro how to for unlucky ones like me.
> Troubled dependency definition:
> <dependency>
> <groupId>log4j</groupId>
> <artifactId>log4j</artifactId>
> <version>1.2.15</version>
> </dependency>
> Error log (shortened) ----------------------
> [INFO] Scanning for projects...
> ...
> [INFO] Copying 1 resource
> Downloading:
> https://maven-repository.dev.java.net/nonav/repository/com.sun.jmx/jars/jmxri-1.2.1.jar
> Downloading:
> https://maven-repository.dev.java.net/nonav/repository/com.sun.jdmk/jars/jmxtools-1.2.1.jar
> 353/353b
> 353b downloaded (jmxri-1.2.1.jar)
> 357/357b
> 357b downloaded (jmxtools-1.2.1.jar)
> [WARNING] *** CHECKSUM FAILED - Checksum failed on download: local =
> 'a55ce8e95c9bb027e78557acc9e2b973fe3c611e'; remote = '<!DOCTYPE' - RETRYING
> Downloading:
> https://maven-repository.dev.java.net/nonav/repository/com.sun.jmx/jars/jmxri-1.2.1.jar
> 353/353b
> 353b downloaded (jmxri-1.2.1.jar)
> [WARNING] [WARNING] *** CHECKSUM FAILED - Checksum failed on download: local
> = 'a55ce8e95c9bb027e78557acc9e2b973fe3c611e'; remote = '<!DOCTYPE' - IGNORING
> *** CHECKSUM FAILED - Checksum failed on download: local =
> '9e1dae7682d2b60d5b17b7d47e20d99d70ba65cf'; remote = '<!DOCTYPE' - RETRYING
> Downloading:
> https://maven-repository.dev.java.net/nonav/repository/com.sun.jdmk/jars/jmxtools-1.2.1.jar
> 357/357b
> 357b downloaded (jmxtools-1.2.1.jar)
> [WARNING] *** CHECKSUM FAILED - Checksum failed on download: local =
> '9e1dae7682d2b60d5b17b7d47e20d99d70ba65cf'; remote = '<!DOCTYPE' - IGNORING
> ...
> [INFO] Compilation failure
> ...
> error: error reading
> /opt/javalibs/com/sun/jdmk/jmxtools/1.2.1/jmxtools-1.2.1.jar; error in
> opening zip file
> error: error reading /opt/javalibs/com/sun/jmx/jmxri/1.2.1/jmxri-1.2.1.jar;
> error in opening zip file
> Solution (1) - Disable repository (settings.xml).
> Note, it is much more tricky that it seems to be! It gave me hard time before
> I found out. Documentation should be improved here.
> 1) Tricky, you have to do it for releases and snapshots. There is no
> repository wide disabling option.
> 2) You have to provide not just same (failing) repository URL but more
> importantly the same repository ID as it is in ill referencig POM (log4j
> 2.1.15 in our case)
> 3) Blacklisting repository is something completely different then disabling.
> Not usable in this case (?). It is not ad hoc settable by user anyway
> OK, here is the code:
> <profile>
> <id>default</id>
> ...
> <repositories>
> <repository>
> <id>java.net</id>
> <!-- IMPORTANT!!! you have to use same ID as in
> affected POM otherwise it does not work -->
>
> <url>https://maven-repository.dev.java.net/nonav/repository</url>
> <releases>
> <enabled>false</enabled>
> </releases>
> <snapshots>
> <enabled>false</enabled>
> </snapshots>
> </repository>
> </repositories>
> </profile>
> Solution (2) - exclude the "external" sub-dependencies of log4j 2.1.15, like
> jmxri, jmxtools and java mail. And perhaps others. It takes more time to
> figure out what else "external".
> Solution (3) - the best one. Use version log4j 2.1.14 instead. It seems to be
> OK.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
