[jira] [Commented] (MBUILDCACHE-86) Bugfix and enhancements with the restoration of outputs on disk
[
https://issues.apache.org/jira/browse/MBUILDCACHE-86?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17847834#comment-17847834
]
ASF GitHub Bot commented on MBUILDCACHE-86:
---
julien-pcd commented on PR #104:
URL:
https://github.com/apache/maven-build-cache-extension/pull/104#issuecomment-2120086251
The change to "Forbid the possibility to extract/restore data in a directory
outside the project" is a breaking change for some of my projects. In my case,
I have several multi-module projects with child POMs configured to use
../target/${project.artifactId} as their build directory in order to have a
single target dir in the parent rather than N children target directories.
> Bugfix and enhancements with the restoration of outputs on disk
> ---
>
> Key: MBUILDCACHE-86
> URL: https://issues.apache.org/jira/browse/MBUILDCACHE-86
> Project: Maven Build Cache Extension
> Issue Type: Improvement
>Reporter: Kevin Buntrock
>Assignee: Olivier Lamy
>Priority: Major
> Labels: pull-request-available
> Fix For: 1.2.0
>
>
> *Fixes :*
> * Files containing an underscore in their name can't be restored in the
> cache directory correctly (not in the same directory location).
> * The cache is able to extract/restore files in locations outside the
> project. I guess the extraction part is not a vulnerability since someone
> with commit permissions can guess other ways to extract data. But the
> possibility of restoring at any place on the disk looks pretty dangerous to
> me if a remote cache server is compromised.
> *Enhancements :*
> * Possibility to restore artefacts on disk, with a dedicated property :
> maven.build.cache.restoreOnDiskArtefacts (default to true). Meaning in the
> project directory, as opposed to the cache directory.
> ** IDE integration and use of the cache locally in developement is way
> easier. It is now possible to retrieve a cached jar in the "target" directory.
> * Introduce "globs" to filter extra attached outputs by filenames.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Commented] (MBUILDCACHE-86) Bugfix and enhancements with the restoration of outputs on disk
[ https://issues.apache.org/jira/browse/MBUILDCACHE-86?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17844824#comment-17844824 ] ASF GitHub Bot commented on MBUILDCACHE-86: --- olamy commented on PR #104: URL: https://github.com/apache/maven-build-cache-extension/pull/104#issuecomment-2101725049 vote started https://lists.apache.org/thread/do2dc2tpmq2zknyqnf55xpvllop94bq5 if not issues this should be available early next week > Bugfix and enhancements with the restoration of outputs on disk > --- > > Key: MBUILDCACHE-86 > URL: https://issues.apache.org/jira/browse/MBUILDCACHE-86 > Project: Maven Build Cache Extension > Issue Type: Improvement >Reporter: Kevin Buntrock >Assignee: Olivier Lamy >Priority: Major > Labels: pull-request-available > Fix For: 1.2.0 > > > *Fixes :* > * Files containing an underscore in their name can't be restored in the > cache directory correctly (not in the same directory location). > * The cache is able to extract/restore files in locations outside the > project. I guess the extraction part is not a vulnerability since someone > with commit permissions can guess other ways to extract data. But the > possibility of restoring at any place on the disk looks pretty dangerous to > me if a remote cache server is compromised. > *Enhancements :* > * Possibility to restore artefacts on disk, with a dedicated property : > maven.build.cache.restoreOnDiskArtefacts (default to true). Meaning in the > project directory, as opposed to the cache directory. > ** IDE integration and use of the cache locally in developement is way > easier. It is now possible to retrieve a cached jar in the "target" directory. > * Introduce "globs" to filter extra attached outputs by filenames. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MBUILDCACHE-86) Bugfix and enhancements with the restoration of outputs on disk
[ https://issues.apache.org/jira/browse/MBUILDCACHE-86?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17844794#comment-17844794 ] ASF GitHub Bot commented on MBUILDCACHE-86: --- kbuntrock commented on PR #104: URL: https://github.com/apache/maven-build-cache-extension/pull/104#issuecomment-2101600438 > I'm really looking forward to testing this out, is there a new release planned or a place where I can track it? Yes, Olivier mentioned on the maven dev list that he is planning to create a release probably this week. (https://lists.apache.org/list.html?d...@maven.apache.org) > Bugfix and enhancements with the restoration of outputs on disk > --- > > Key: MBUILDCACHE-86 > URL: https://issues.apache.org/jira/browse/MBUILDCACHE-86 > Project: Maven Build Cache Extension > Issue Type: Improvement >Reporter: Kevin Buntrock >Assignee: Olivier Lamy >Priority: Major > Labels: pull-request-available > Fix For: 1.2.0 > > > *Fixes :* > * Files containing an underscore in their name can't be restored in the > cache directory correctly (not in the same directory location). > * The cache is able to extract/restore files in locations outside the > project. I guess the extraction part is not a vulnerability since someone > with commit permissions can guess other ways to extract data. But the > possibility of restoring at any place on the disk looks pretty dangerous to > me if a remote cache server is compromised. > *Enhancements :* > * Possibility to restore artefacts on disk, with a dedicated property : > maven.build.cache.restoreOnDiskArtefacts (default to true). Meaning in the > project directory, as opposed to the cache directory. > ** IDE integration and use of the cache locally in developement is way > easier. It is now possible to retrieve a cached jar in the "target" directory. > * Introduce "globs" to filter extra attached outputs by filenames. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MBUILDCACHE-86) Bugfix and enhancements with the restoration of outputs on disk
[ https://issues.apache.org/jira/browse/MBUILDCACHE-86?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17844656#comment-17844656 ] ASF GitHub Bot commented on MBUILDCACHE-86: --- hacosta commented on PR #104: URL: https://github.com/apache/maven-build-cache-extension/pull/104#issuecomment-2100572149 I'm really looking forward to testing this out, is there a new release planned or a place where I can track it? > Bugfix and enhancements with the restoration of outputs on disk > --- > > Key: MBUILDCACHE-86 > URL: https://issues.apache.org/jira/browse/MBUILDCACHE-86 > Project: Maven Build Cache Extension > Issue Type: Improvement >Reporter: Kevin Buntrock >Assignee: Olivier Lamy >Priority: Major > Labels: pull-request-available > Fix For: 1.2.0 > > > *Fixes :* > * Files containing an underscore in their name can't be restored in the > cache directory correctly (not in the same directory location). > * The cache is able to extract/restore files in locations outside the > project. I guess the extraction part is not a vulnerability since someone > with commit permissions can guess other ways to extract data. But the > possibility of restoring at any place on the disk looks pretty dangerous to > me if a remote cache server is compromised. > *Enhancements :* > * Possibility to restore artefacts on disk, with a dedicated property : > maven.build.cache.restoreOnDiskArtefacts (default to true). Meaning in the > project directory, as opposed to the cache directory. > ** IDE integration and use of the cache locally in developement is way > easier. It is now possible to retrieve a cached jar in the "target" directory. > * Introduce "globs" to filter extra attached outputs by filenames. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MBUILDCACHE-86) Bugfix and enhancements with the restoration of outputs on disk
[ https://issues.apache.org/jira/browse/MBUILDCACHE-86?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17843078#comment-17843078 ] ASF GitHub Bot commented on MBUILDCACHE-86: --- kbuntrock commented on PR #104: URL: https://github.com/apache/maven-build-cache-extension/pull/104#issuecomment-2091521362 > Thank you, @kbuntrock! You're welcome :) > Bugfix and enhancements with the restoration of outputs on disk > --- > > Key: MBUILDCACHE-86 > URL: https://issues.apache.org/jira/browse/MBUILDCACHE-86 > Project: Maven Build Cache Extension > Issue Type: Improvement >Reporter: Kevin Buntrock >Assignee: Olivier Lamy >Priority: Major > Labels: pull-request-available > Fix For: 1.2.0 > > > *Fixes :* > * Files containing an underscore in their name can't be restored in the > cache directory correctly (not in the same directory location). > * The cache is able to extract/restore files in locations outside the > project. I guess the extraction part is not a vulnerability since someone > with commit permissions can guess other ways to extract data. But the > possibility of restoring at any place on the disk looks pretty dangerous to > me if a remote cache server is compromised. > *Enhancements :* > * Possibility to restore artefacts on disk, with a dedicated property : > maven.build.cache.restoreOnDiskArtefacts (default to true). Meaning in the > project directory, as opposed to the cache directory. > ** IDE integration and use of the cache locally in developement is way > easier. It is now possible to retrieve a cached jar in the "target" directory. > * Introduce "globs" to filter extra attached outputs by filenames. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MBUILDCACHE-86) Bugfix and enhancements with the restoration of outputs on disk
[ https://issues.apache.org/jira/browse/MBUILDCACHE-86?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17842747#comment-17842747 ] ASF GitHub Bot commented on MBUILDCACHE-86: --- nobesio commented on PR #104: URL: https://github.com/apache/maven-build-cache-extension/pull/104#issuecomment-2088939166 Thank you, @kbuntrock! > Bugfix and enhancements with the restoration of outputs on disk > --- > > Key: MBUILDCACHE-86 > URL: https://issues.apache.org/jira/browse/MBUILDCACHE-86 > Project: Maven Build Cache Extension > Issue Type: Improvement >Reporter: Kevin Buntrock >Assignee: Olivier Lamy >Priority: Major > Labels: pull-request-available > Fix For: 1.2.0 > > > *Fixes :* > * Files containing an underscore in their name can't be restored in the > cache directory correctly (not in the same directory location). > * The cache is able to extract/restore files in locations outside the > project. I guess the extraction part is not a vulnerability since someone > with commit permissions can guess other ways to extract data. But the > possibility of restoring at any place on the disk looks pretty dangerous to > me if a remote cache server is compromised. > *Enhancements :* > * Possibility to restore artefacts on disk, with a dedicated property : > maven.build.cache.restoreOnDiskArtefacts (default to true). Meaning in the > project directory, as opposed to the cache directory. > ** IDE integration and use of the cache locally in developement is way > easier. It is now possible to retrieve a cached jar in the "target" directory. > * Introduce "globs" to filter extra attached outputs by filenames. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MBUILDCACHE-86) Bugfix and enhancements with the restoration of outputs on disk
[ https://issues.apache.org/jira/browse/MBUILDCACHE-86?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17842589#comment-17842589 ] ASF GitHub Bot commented on MBUILDCACHE-86: --- martincekodhima commented on PR #104: URL: https://github.com/apache/maven-build-cache-extension/pull/104#issuecomment-2088170053 Thanks everyone! > Bugfix and enhancements with the restoration of outputs on disk > --- > > Key: MBUILDCACHE-86 > URL: https://issues.apache.org/jira/browse/MBUILDCACHE-86 > Project: Maven Build Cache Extension > Issue Type: Improvement >Reporter: Kevin Buntrock >Assignee: Olivier Lamy >Priority: Major > Labels: pull-request-available > Fix For: 1.2.0 > > > *Fixes :* > * Files containing an underscore in their name can't be restored in the > cache directory correctly (not in the same directory location). > * The cache is able to extract/restore files in locations outside the > project. I guess the extraction part is not a vulnerability since someone > with commit permissions can guess other ways to extract data. But the > possibility of restoring at any place on the disk looks pretty dangerous to > me if a remote cache server is compromised. > *Enhancements :* > * Possibility to restore artefacts on disk, with a dedicated property : > maven.build.cache.restoreOnDiskArtefacts (default to true). Meaning in the > project directory, as opposed to the cache directory. > ** IDE integration and use of the cache locally in developement is way > easier. It is now possible to retrieve a cached jar in the "target" directory. > * Introduce "globs" to filter extra attached outputs by filenames. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MBUILDCACHE-86) Bugfix and enhancements with the restoration of outputs on disk
[ https://issues.apache.org/jira/browse/MBUILDCACHE-86?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17842550#comment-17842550 ] ASF GitHub Bot commented on MBUILDCACHE-86: --- olamy merged PR #104: URL: https://github.com/apache/maven-build-cache-extension/pull/104 > Bugfix and enhancements with the restoration of outputs on disk > --- > > Key: MBUILDCACHE-86 > URL: https://issues.apache.org/jira/browse/MBUILDCACHE-86 > Project: Maven Build Cache Extension > Issue Type: Improvement >Reporter: Kevin Buntrock >Priority: Major > Labels: pull-request-available > Fix For: 1.2.0 > > > *Fixes :* > * Files containing an underscore in their name can't be restored in the > cache directory correctly (not in the same directory location). > * The cache is able to extract/restore files in locations outside the > project. I guess the extraction part is not a vulnerability since someone > with commit permissions can guess other ways to extract data. But the > possibility of restoring at any place on the disk looks pretty dangerous to > me if a remote cache server is compromised. > *Enhancements :* > * Possibility to restore artefacts on disk, with a dedicated property : > maven.build.cache.restoreOnDiskArtefacts (default to true). Meaning in the > project directory, as opposed to the cache directory. > ** IDE integration and use of the cache locally in developement is way > easier. It is now possible to retrieve a cached jar in the "target" directory. > * Introduce "globs" to filter extra attached outputs by filenames. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MBUILDCACHE-86) Bugfix and enhancements with the restoration of outputs on disk
[ https://issues.apache.org/jira/browse/MBUILDCACHE-86?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17842511#comment-17842511 ] ASF GitHub Bot commented on MBUILDCACHE-86: --- kbuntrock commented on PR #104: URL: https://github.com/apache/maven-build-cache-extension/pull/104#issuecomment-2087551261 > @kbuntrock #103 has been merged. Thanks! @olamy: rebased, ready to merge :) > Bugfix and enhancements with the restoration of outputs on disk > --- > > Key: MBUILDCACHE-86 > URL: https://issues.apache.org/jira/browse/MBUILDCACHE-86 > Project: Maven Build Cache Extension > Issue Type: Improvement >Reporter: Kevin Buntrock >Priority: Major > Labels: pull-request-available > Fix For: 1.2.0 > > > *Fixes :* > * Files containing an underscore in their name can't be restored in the > cache directory correctly (not in the same directory location). > * The cache is able to extract/restore files in locations outside the > project. I guess the extraction part is not a vulnerability since someone > with commit permissions can guess other ways to extract data. But the > possibility of restoring at any place on the disk looks pretty dangerous to > me if a remote cache server is compromised. > *Enhancements :* > * Possibility to restore artefacts on disk, with a dedicated property : > maven.build.cache.restoreOnDiskArtefacts (default to true). Meaning in the > project directory, as opposed to the cache directory. > ** IDE integration and use of the cache locally in developement is way > easier. It is now possible to retrieve a cached jar in the "target" directory. > * Introduce "globs" to filter extra attached outputs by filenames. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MBUILDCACHE-86) Bugfix and enhancements with the restoration of outputs on disk
[ https://issues.apache.org/jira/browse/MBUILDCACHE-86?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17842506#comment-17842506 ] ASF GitHub Bot commented on MBUILDCACHE-86: --- olamy commented on PR #104: URL: https://github.com/apache/maven-build-cache-extension/pull/104#issuecomment-2087302271 @kbuntrock #103 has been merged. Thanks! > Bugfix and enhancements with the restoration of outputs on disk > --- > > Key: MBUILDCACHE-86 > URL: https://issues.apache.org/jira/browse/MBUILDCACHE-86 > Project: Maven Build Cache Extension > Issue Type: Improvement >Reporter: Kevin Buntrock >Priority: Major > Labels: pull-request-available > Fix For: 1.2.0 > > > *Fixes :* > * Files containing an underscore in their name can't be restored in the > cache directory correctly (not in the same directory location). > * The cache is able to extract/restore files in locations outside the > project. I guess the extraction part is not a vulnerability since someone > with commit permissions can guess other ways to extract data. But the > possibility of restoring at any place on the disk looks pretty dangerous to > me if a remote cache server is compromised. > *Enhancements :* > * Possibility to restore artefacts on disk, with a dedicated property : > maven.build.cache.restoreOnDiskArtefacts (default to true). Meaning in the > project directory, as opposed to the cache directory. > ** IDE integration and use of the cache locally in developement is way > easier. It is now possible to retrieve a cached jar in the "target" directory. > * Introduce "globs" to filter extra attached outputs by filenames. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MBUILDCACHE-86) Bugfix and enhancements with the restoration of outputs on disk
[ https://issues.apache.org/jira/browse/MBUILDCACHE-86?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17842342#comment-17842342 ] ASF GitHub Bot commented on MBUILDCACHE-86: --- kbuntrock commented on PR #104: URL: https://github.com/apache/maven-build-cache-extension/pull/104#issuecomment-2085055768 Just for clarity, #103 should be merged first. > Bugfix and enhancements with the restoration of outputs on disk > --- > > Key: MBUILDCACHE-86 > URL: https://issues.apache.org/jira/browse/MBUILDCACHE-86 > Project: Maven Build Cache Extension > Issue Type: Improvement >Reporter: Kevin Buntrock >Priority: Major > Labels: pull-request-available > Fix For: 1.2.0 > > > *Fixes :* > * Files containing an underscore in their name can't be restored in the > cache directory correctly (not in the same directory location). > * The cache is able to extract/restore files in locations outside the > project. I guess the extraction part is not a vulnerability since someone > with commit permissions can guess other ways to extract data. But the > possibility of restoring at any place on the disk looks pretty dangerous to > me if a remote cache server is compromised. > *Enhancements :* > * Possibility to restore artefacts on disk, with a dedicated property : > maven.build.cache.restoreOnDiskArtefacts (default to true). Meaning in the > project directory, as opposed to the cache directory. > ** IDE integration and use of the cache locally in developement is way > easier. It is now possible to retrieve a cached jar in the "target" directory. > * Introduce "globs" to filter extra attached outputs by filenames. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MBUILDCACHE-86) Bugfix and enhancements with the restoration of outputs on disk
[ https://issues.apache.org/jira/browse/MBUILDCACHE-86?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17841337#comment-17841337 ] ASF GitHub Bot commented on MBUILDCACHE-86: --- kbuntrock commented on PR #104: URL: https://github.com/apache/maven-build-cache-extension/pull/104#issuecomment-2079914284 Alright, javadoc generation should be fixed > Bugfix and enhancements with the restoration of outputs on disk > --- > > Key: MBUILDCACHE-86 > URL: https://issues.apache.org/jira/browse/MBUILDCACHE-86 > Project: Maven Build Cache Extension > Issue Type: Improvement >Reporter: Kevin Buntrock >Priority: Major > Labels: pull-request-available > > *Fixes :* > * Files containing an underscore in their name can't be restored in the > cache directory correctly (not in the same directory location). > * The cache is able to extract/restore files in locations outside the > project. I guess the extraction part is not a vulnerability since someone > with commit permissions can guess other ways to extract data. But the > possibility of restoring at any place on the disk looks pretty dangerous to > me if a remote cache server is compromised. > *Enhancements :* > * Possibility to restore artefacts on disk, with a dedicated property : > maven.build.cache.restoreOnDiskArtefacts (default to true). Meaning in the > project directory, as opposed to the cache directory. > ** IDE integration and use of the cache locally in developement is way > easier. It is now possible to retrieve a cached jar in the "target" directory. > * Introduce "globs" to filter extra attached outputs by filenames. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MBUILDCACHE-86) Bugfix and enhancements with the restoration of outputs on disk
[ https://issues.apache.org/jira/browse/MBUILDCACHE-86?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17840987#comment-17840987 ] ASF GitHub Bot commented on MBUILDCACHE-86: --- kbuntrock commented on PR #104: URL: https://github.com/apache/maven-build-cache-extension/pull/104#issuecomment-2078236378 Alright, I think I've completed my TODO list. :) (@hboutemy & @AlexanderAshitkin) > Bugfix and enhancements with the restoration of outputs on disk > --- > > Key: MBUILDCACHE-86 > URL: https://issues.apache.org/jira/browse/MBUILDCACHE-86 > Project: Maven Build Cache Extension > Issue Type: Improvement >Reporter: Kevin Buntrock >Priority: Major > Labels: pull-request-available > > *Fixes :* > * Files containing an underscore in their name can't be restored in the > cache directory correctly (not in the same directory location). > * The cache is able to extract/restore files in locations outside the > project. I guess the extraction part is not a vulnerability since someone > with commit permissions can guess other ways to extract data. But the > possibility of restoring at any place on the disk looks pretty dangerous to > me if a remote cache server is compromised. > *Enhancements :* > * Possibility to restore artefacts on disk, with a dedicated property : > maven.build.cache.restoreOnDiskArtefacts (default to true). Meaning in the > project directory, as opposed to the cache directory. > ** IDE integration and use of the cache locally in developement is way > easier. It is now possible to retrieve a cached jar in the "target" directory. > * Introduce "globs" to filter extra attached outputs by filenames. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MBUILDCACHE-86) Bugfix and enhancements with the restoration of outputs on disk
[ https://issues.apache.org/jira/browse/MBUILDCACHE-86?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17840354#comment-17840354 ] ASF GitHub Bot commented on MBUILDCACHE-86: --- hboutemy commented on PR #104: URL: https://github.com/apache/maven-build-cache-extension/pull/104#issuecomment-2074492962 notice: if you build with Maven 3, you won't have this extra file, which is Maven 4 specific https://cwiki.apache.org/confluence/display/MAVEN/Build+vs+Consumer+POM > Bugfix and enhancements with the restoration of outputs on disk > --- > > Key: MBUILDCACHE-86 > URL: https://issues.apache.org/jira/browse/MBUILDCACHE-86 > Project: Maven Build Cache Extension > Issue Type: Improvement >Reporter: Kevin Buntrock >Priority: Major > Labels: pull-request-available > > *Fixes :* > * Files containing an underscore in their name can't be restored in the > cache directory correctly (not in the same directory location). > * The cache is able to extract/restore files in locations outside the > project. I guess the extraction part is not a vulnerability since someone > with commit permissions can guess other ways to extract data. But the > possibility of restoring at any place on the disk looks pretty dangerous to > me if a remote cache server is compromised. > *Enhancements :* > * Possibility to restore artefacts on disk, with a dedicated property : > maven.build.cache.restoreOnDiskArtefacts (default to true). Meaning in the > project directory, as opposed to the cache directory. > ** IDE integration and use of the cache locally in developement is way > easier. It is now possible to retrieve a cached jar in the "target" directory. > * Introduce "globs" to filter extra attached outputs by filenames. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MBUILDCACHE-86) Bugfix and enhancements with the restoration of outputs on disk
[ https://issues.apache.org/jira/browse/MBUILDCACHE-86?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17840338#comment-17840338 ] ASF GitHub Bot commented on MBUILDCACHE-86: --- kbuntrock commented on PR #104: URL: https://github.com/apache/maven-build-cache-extension/pull/104#issuecomment-2074391072 > > some "weird" pom files > > oh, this is Maven 4 consumer POMs, that seem to have been generated with random file names > > @gnodet do we really want these random file names? Do we need to create a hack in build cache extension to manage this randomness? To add a bit of context, I did some experiment yesterday evening. Here are some extract of the file `buildinfo.xml` after the execution of the goal package in different contexts: ### Test "IncrementalRestoreTest", on this branch: ```xml package org.apache.maven.caching.test mbuildcache-incremental 0.0.1-SNAPSHOT jar mbuildcache-incremental.jar 887c667918b9b71d 3119 target/mbuildcache-incremental-final.jar org.apache.maven.caching.test mbuildcache-incremental 0.0.1-SNAPSHOT consumer pom mbuildcache-incremental-consumer.pom bf52cc397806673a 430 target/consumer-4676390733155918308.pom ``` ### Test "IncrementalRestoreTest", on the branch master: ```xml package org.apache.maven.caching.test mbuildcache-incremental 0.0.1-SNAPSHOT jar mbuildcache-incremental.jar 41e8d89e0385f771 3119 org.apache.maven.caching.test mbuildcache-incremental 0.0.1-SNAPSHOT consumer pom mbuildcache-incremental-consumer.pom bf52cc397806673a 430 ``` ### On a standalone project based on "IncrementalRestoreTest", with the extension code of this branch: ```xml package org.apache.maven.caching.test mbuildcache-incremental 0.0.1-SNAPSHOT jar mbuildcache-incremental.jar 8d6a9a9795c1f249 3122 target/mbuildcache-incremental-final.jar ``` Meaning that: - It might be linked to the IT execution context - It is not related to this PR, so I will focus on updating the current tests and put this problem aside. > Bugfix and enhancements with the restoration of outputs on disk > --- > > Key: MBUILDCACHE-86 > URL: https://issues.apache.org/jira/browse/MBUILDCACHE-86 > Project: Maven Build Cache Extension > Issue Type: Improvement >Reporter: Kevin Buntrock >Priority: Major > Labels: pull-request-available > > *Fixes :* > * Files containing an underscore in their name can't be restored in the > cache directory correctly (not in the same directory location). > * The cache is able to extract/restore files in locations outside the > project. I guess the extraction part is not a vulnerability since someone > with commit permissions can guess other ways to extract data. But the > possibility of restoring at any place on the disk looks pretty dangerous to > me if a remote cache server is compromised. > *Enhancements :* > * Possibility to restore artefacts on disk, with a dedicated property : > maven.build.cache.restoreOnDiskArtefacts (default to true). Meaning in the > project directory, as opposed to the cache directory. > ** IDE integration and use of the cache locally in developement is way > easier. It is now possible to retrieve a cached jar in the "target" directory. > * Introduce "globs" to filter extra attached outputs by filenames. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MBUILDCACHE-86) Bugfix and enhancements with the restoration of outputs on disk
[ https://issues.apache.org/jira/browse/MBUILDCACHE-86?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17840304#comment-17840304 ] ASF GitHub Bot commented on MBUILDCACHE-86: --- hboutemy commented on PR #104: URL: https://github.com/apache/maven-build-cache-extension/pull/104#issuecomment-2074220142 > some "weird" pom files oh, this is Maven 4 consumer POMs, that seem to have been generated with random file names @gnodet do we really want these random file names? Do we need to create a hack in build cache extension to manage this randomness? > Bugfix and enhancements with the restoration of outputs on disk > --- > > Key: MBUILDCACHE-86 > URL: https://issues.apache.org/jira/browse/MBUILDCACHE-86 > Project: Maven Build Cache Extension > Issue Type: Improvement >Reporter: Kevin Buntrock >Priority: Major > Labels: pull-request-available > > *Fixes :* > * Files containing an underscore in their name can't be restored in the > cache directory correctly (not in the same directory location). > * The cache is able to extract/restore files in locations outside the > project. I guess the extraction part is not a vulnerability since someone > with commit permissions can guess other ways to extract data. But the > possibility of restoring at any place on the disk looks pretty dangerous to > me if a remote cache server is compromised. > *Enhancements :* > * Possibility to restore artefacts on disk, with a dedicated property : > maven.build.cache.restoreOnDiskArtefacts (default to true). Meaning in the > project directory, as opposed to the cache directory. > ** IDE integration and use of the cache locally in developement is way > easier. It is now possible to retrieve a cached jar in the "target" directory. > * Introduce "globs" to filter extra attached outputs by filenames. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MBUILDCACHE-86) Bugfix and enhancements with the restoration of outputs on disk
[ https://issues.apache.org/jira/browse/MBUILDCACHE-86?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17839856#comment-17839856 ] ASF GitHub Bot commented on MBUILDCACHE-86: --- kbuntrock commented on PR #104: URL: https://github.com/apache/maven-build-cache-extension/pull/104#issuecomment-2070979208 The code introduced with MBUILDCACHE-80 has partially the same purpose of this MR. I need to adapt my code. First version of the merge can be seen in commit : https://github.com/apache/maven-build-cache-extension/pull/104/commits/c2878e17514ac909343e0ff10898b3bcbab0c2a7 But I still have some work since restored `target` directory shows some "weird" pom files.  > Bugfix and enhancements with the restoration of outputs on disk > --- > > Key: MBUILDCACHE-86 > URL: https://issues.apache.org/jira/browse/MBUILDCACHE-86 > Project: Maven Build Cache Extension > Issue Type: Improvement >Reporter: Kevin Buntrock >Priority: Major > Labels: pull-request-available > > *Fixes :* > * Files containing an underscore in their name can't be restored in the > cache directory correctly (not in the same directory location). > * The cache is able to extract/restore files in locations outside the > project. I guess the extraction part is not a vulnerability since someone > with commit permissions can guess other ways to extract data. But the > possibility of restoring at any place on the disk looks pretty dangerous to > me if a remote cache server is compromised. > *Enhancements :* > * Possibility to restore artefacts on disk, with a dedicated property : > maven.build.cache.restoreOnDiskArtefacts (default to true). Meaning in the > project directory, as opposed to the cache directory. > ** IDE integration and use of the cache locally in developement is way > easier. It is now possible to retrieve a cached jar in the "target" directory. > * Introduce "globs" to filter extra attached outputs by filenames. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MBUILDCACHE-86) Bugfix and enhancements with the restoration of outputs on disk
[
https://issues.apache.org/jira/browse/MBUILDCACHE-86?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17839400#comment-17839400
]
ASF GitHub Bot commented on MBUILDCACHE-86:
---
kbuntrock commented on code in PR #104:
URL:
https://github.com/apache/maven-build-cache-extension/pull/104#discussion_r1573829035
##
src/main/java/org/apache/maven/buildcache/CacheControllerImpl.java:
##
@@ -112,13 +114,10 @@
@SuppressWarnings("unused")
public class CacheControllerImpl implements CacheController {
-public static final String FILE_SEPARATOR_SUBST = "_";
-/**
- * Prefix for generated sources stored as a separate artifact in cache
- */
-private static final String BUILD_PREFIX = "build" + FILE_SEPARATOR_SUBST;
-
private static final Logger LOGGER =
LoggerFactory.getLogger(CacheControllerImpl.class);
+private static final String DEFAULT_FILE_GLOB = "*";
+public static final String ERROR_MSG_RESTORATION_OUTSIDE_PROJECT =
+"Blocked an attempt to restore files outside of a project
directory : ";
Review Comment:
Gosh, I should know, it is precisely the reason how I got a Apache Jira
account (and my very first contribution to the open source world ) :
https://issues.apache.org/jira/browse/CXF-7185
> Bugfix and enhancements with the restoration of outputs on disk
> ---
>
> Key: MBUILDCACHE-86
> URL: https://issues.apache.org/jira/browse/MBUILDCACHE-86
> Project: Maven Build Cache Extension
> Issue Type: Improvement
>Reporter: Kevin Buntrock
>Priority: Major
> Labels: pull-request-available
>
> *Fixes :*
> * Files containing an underscore in their name can't be restored in the
> cache directory correctly (not in the same directory location).
> * The cache is able to extract/restore files in locations outside the
> project. I guess the extraction part is not a vulnerability since someone
> with commit permissions can guess other ways to extract data. But the
> possibility of restoring at any place on the disk looks pretty dangerous to
> me if a remote cache server is compromised.
> *Enhancements :*
> * Possibility to restore artefacts on disk, with a dedicated property :
> maven.build.cache.restoreOnDiskArtefacts (default to true). Meaning in the
> project directory, as opposed to the cache directory.
> ** IDE integration and use of the cache locally in developement is way
> easier. It is now possible to retrieve a cached jar in the "target" directory.
> * Introduce "globs" to filter extra attached outputs by filenames.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Commented] (MBUILDCACHE-86) Bugfix and enhancements with the restoration of outputs on disk
[
https://issues.apache.org/jira/browse/MBUILDCACHE-86?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17839399#comment-17839399
]
ASF GitHub Bot commented on MBUILDCACHE-86:
---
kbuntrock commented on PR #104:
URL:
https://github.com/apache/maven-build-cache-extension/pull/104#issuecomment-2068086415
> Hi, @kbuntrock @hboutemy. This PR looks good. How can we move it from a
draft to an open state?
Hello @AlexanderAshitkin. I guess this PR needs now a bit of "huile de
coude" like we say in France ("elbow oil" ...). Meaning that I have to work.
In details, I need to :
- take into account your reviews
- update the documentation
- add some tests
> Bugfix and enhancements with the restoration of outputs on disk
> ---
>
> Key: MBUILDCACHE-86
> URL: https://issues.apache.org/jira/browse/MBUILDCACHE-86
> Project: Maven Build Cache Extension
> Issue Type: Improvement
>Reporter: Kevin Buntrock
>Priority: Major
> Labels: pull-request-available
>
> *Fixes :*
> * Files containing an underscore in their name can't be restored in the
> cache directory correctly (not in the same directory location).
> * The cache is able to extract/restore files in locations outside the
> project. I guess the extraction part is not a vulnerability since someone
> with commit permissions can guess other ways to extract data. But the
> possibility of restoring at any place on the disk looks pretty dangerous to
> me if a remote cache server is compromised.
> *Enhancements :*
> * Possibility to restore artefacts on disk, with a dedicated property :
> maven.build.cache.restoreOnDiskArtefacts (default to true). Meaning in the
> project directory, as opposed to the cache directory.
> ** IDE integration and use of the cache locally in developement is way
> easier. It is now possible to retrieve a cached jar in the "target" directory.
> * Introduce "globs" to filter extra attached outputs by filenames.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Commented] (MBUILDCACHE-86) Bugfix and enhancements with the restoration of outputs on disk
[ https://issues.apache.org/jira/browse/MBUILDCACHE-86?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17839303#comment-17839303 ] ASF GitHub Bot commented on MBUILDCACHE-86: --- olamy commented on PR #104: URL: https://github.com/apache/maven-build-cache-extension/pull/104#issuecomment-2067829609 > you should just search global "artefact" and fix :) > Both are correct it only depends if we consider speaking English from UK or English from US But hey original English is from UK :) > Bugfix and enhancements with the restoration of outputs on disk > --- > > Key: MBUILDCACHE-86 > URL: https://issues.apache.org/jira/browse/MBUILDCACHE-86 > Project: Maven Build Cache Extension > Issue Type: Improvement >Reporter: Kevin Buntrock >Priority: Major > Labels: pull-request-available > > *Fixes :* > * Files containing an underscore in their name can't be restored in the > cache directory correctly (not in the same directory location). > * The cache is able to extract/restore files in locations outside the > project. I guess the extraction part is not a vulnerability since someone > with commit permissions can guess other ways to extract data. But the > possibility of restoring at any place on the disk looks pretty dangerous to > me if a remote cache server is compromised. > *Enhancements :* > * Possibility to restore artefacts on disk, with a dedicated property : > maven.build.cache.restoreOnDiskArtefacts (default to true). Meaning in the > project directory, as opposed to the cache directory. > ** IDE integration and use of the cache locally in developement is way > easier. It is now possible to retrieve a cached jar in the "target" directory. > * Introduce "globs" to filter extra attached outputs by filenames. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MBUILDCACHE-86) Bugfix and enhancements with the restoration of outputs on disk
[ https://issues.apache.org/jira/browse/MBUILDCACHE-86?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17839294#comment-17839294 ] ASF GitHub Bot commented on MBUILDCACHE-86: --- AlexanderAshitkin commented on PR #104: URL: https://github.com/apache/maven-build-cache-extension/pull/104#issuecomment-2067786122 Hi, @kbuntrock @hboutemy. This PR looks good. How can we move it from a draft to an open state? > Bugfix and enhancements with the restoration of outputs on disk > --- > > Key: MBUILDCACHE-86 > URL: https://issues.apache.org/jira/browse/MBUILDCACHE-86 > Project: Maven Build Cache Extension > Issue Type: Improvement >Reporter: Kevin Buntrock >Priority: Major > Labels: pull-request-available > > *Fixes :* > * Files containing an underscore in their name can't be restored in the > cache directory correctly (not in the same directory location). > * The cache is able to extract/restore files in locations outside the > project. I guess the extraction part is not a vulnerability since someone > with commit permissions can guess other ways to extract data. But the > possibility of restoring at any place on the disk looks pretty dangerous to > me if a remote cache server is compromised. > *Enhancements :* > * Possibility to restore artefacts on disk, with a dedicated property : > maven.build.cache.restoreOnDiskArtefacts (default to true). Meaning in the > project directory, as opposed to the cache directory. > ** IDE integration and use of the cache locally in developement is way > easier. It is now possible to retrieve a cached jar in the "target" directory. > * Introduce "globs" to filter extra attached outputs by filenames. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MBUILDCACHE-86) Bugfix and enhancements with the restoration of outputs on disk
[
https://issues.apache.org/jira/browse/MBUILDCACHE-86?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17839259#comment-17839259
]
ASF GitHub Bot commented on MBUILDCACHE-86:
---
hboutemy commented on code in PR #104:
URL:
https://github.com/apache/maven-build-cache-extension/pull/104#discussion_r1573334304
##
src/main/java/org/apache/maven/buildcache/checksum/MavenProjectInput.java:
##
@@ -92,16 +92,17 @@
import static
org.apache.maven.buildcache.xml.CacheConfigImpl.CACHE_ENABLED_PROPERTY_NAME;
import static org.apache.maven.buildcache.xml.CacheConfigImpl.CACHE_SKIP;
import static
org.apache.maven.buildcache.xml.CacheConfigImpl.RESTORE_GENERATED_SOURCES_PROPERTY_NAME;
+import static
org.apache.maven.buildcache.xml.CacheConfigImpl.RESTORE_ON_DISK_ARTEFACTS_PROPERTY_NAME;
Review Comment:
s/ARTEFACT/ARTIFACT/
##
src/main/java/org/apache/maven/buildcache/artifact/OutputType.java:
##
@@ -0,0 +1,49 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.maven.buildcache.artifact;
+
+public enum OutputType {
+// generated project artefact
+ARTEFACT(""),
Review Comment:
yes, ARTIFACT in english, not nice french ARTEFACT :)
##
src/main/java/org/apache/maven/buildcache/xml/CacheConfigImpl.java:
##
@@ -90,6 +91,7 @@ public class CacheConfigImpl implements
org.apache.maven.buildcache.xml.CacheCon
public static final String FAIL_FAST_PROPERTY_NAME =
"maven.build.cache.failFast";
public static final String BASELINE_BUILD_URL_PROPERTY_NAME =
"maven.build.cache.baselineUrl";
public static final String LAZY_RESTORE_PROPERTY_NAME =
"maven.build.cache.lazyRestore";
+public static final String RESTORE_ON_DISK_ARTEFACTS_PROPERTY_NAME =
"maven.build.cache.restoreOnDiskArtefacts";
Review Comment:
same
##
src/main/java/org/apache/maven/buildcache/checksum/MavenProjectInput.java:
##
@@ -710,6 +711,18 @@ public static boolean
isRestoreGeneratedSources(MavenProject project) {
project.getProperties().getProperty(RESTORE_GENERATED_SOURCES_PROPERTY_NAME,
"true"));
}
+/**
+ * Allow skipping artefacts restoration on a per-project level via a
property (which defaults to true)
Review Comment:
s/artefacts/artifacts/ (in comment, not critical)
##
src/main/java/org/apache/maven/buildcache/CacheControllerImpl.java:
##
@@ -112,13 +114,10 @@
@SuppressWarnings("unused")
public class CacheControllerImpl implements CacheController {
-public static final String FILE_SEPARATOR_SUBST = "_";
-/**
- * Prefix for generated sources stored as a separate artifact in cache
- */
-private static final String BUILD_PREFIX = "build" + FILE_SEPARATOR_SUBST;
-
private static final Logger LOGGER =
LoggerFactory.getLogger(CacheControllerImpl.class);
+private static final String DEFAULT_FILE_GLOB = "*";
+public static final String ERROR_MSG_RESTORATION_OUTSIDE_PROJECT =
+"Blocked an attempt to restore files outside of a project
directory : ";
Review Comment:
in english, no space before `:` (yes, french with non-breaking space is much
better, but we must adapt :) )
##
src/main/java/org/apache/maven/buildcache/xml/CacheConfig.java:
##
@@ -131,5 +132,10 @@ public interface CacheConfig {
*/
boolean isRestoreGeneratedSources();
+/**
+ * Flag to restore (default) or not generated artefacts
+ */
+boolean isRestoreOnDiskArtefacts();
Review Comment:
s/artefacts/artifacts/
##
src/main/java/org/apache/maven/buildcache/CacheControllerImpl.java:
##
@@ -133,6 +132,15 @@ public class CacheControllerImpl implements
CacheController {
private final RestoredArtifactHandler restoreArtifactHandler;
private volatile Scm scm;
+/**
+ * A map dedicated to store the base path of resources stored to the cache
which are not original artefacts
Review Comment:
s/artefacts/artifacts/
> Bugfix and enhancements with the restoration of outputs on disk
>
[jira] [Commented] (MBUILDCACHE-86) Bugfix and enhancements with the restoration of outputs on disk
[ https://issues.apache.org/jira/browse/MBUILDCACHE-86?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17839258#comment-17839258 ] ASF GitHub Bot commented on MBUILDCACHE-86: --- hboutemy commented on PR #104: URL: https://github.com/apache/maven-build-cache-extension/pull/104#issuecomment-2067720981 @kbuntrock I see you created MBUILDCACHE-86 and renamed the PR title can you also update the Git commit to `[MBUILDCACHE-86]` instead of `[PR-104]` please? > Bugfix and enhancements with the restoration of outputs on disk > --- > > Key: MBUILDCACHE-86 > URL: https://issues.apache.org/jira/browse/MBUILDCACHE-86 > Project: Maven Build Cache Extension > Issue Type: Improvement >Reporter: Kevin Buntrock >Priority: Major > > *Fixes :* > * Files containing an underscore in their name can't be restored in the > cache directory correctly (not in the same directory location). > * The cache is able to extract/restore files in locations outside the > project. I guess the extraction part is not a vulnerability since someone > with commit permissions can guess other ways to extract data. But the > possibility of restoring at any place on the disk looks pretty dangerous to > me if a remote cache server is compromised. > *Enhancements :* > * Possibility to restore artefacts on disk, with a dedicated property : > maven.build.cache.restoreOnDiskArtefacts (default to true). Meaning in the > project directory, as opposed to the cache directory. > ** IDE integration and use of the cache locally in developement is way > easier. It is now possible to retrieve a cached jar in the "target" directory. > * Introduce "globs" to filter extra attached outputs by filenames. -- This message was sent by Atlassian Jira (v8.20.10#820010)
