Tested on a MacBook, set up a HTTP (non-TLS) repository, and removed a
part of my ~/.m2/repository. The missing artifacts are not downloaded
over HTTP, which is good:
Downloading from maven-default-http-blocker: http://0.0.0.0/.......
Downloading from maven-default-http-blocker: http://0.0.0.0/.......
The logging and error message are a bit confusing for me though:
Checksum validation failed, expected Lorem but is
a0a3234b13da255645808f53efb387d26ae441db
See attachment for longer message and stacktrace.
Is that the expected type of logging in such situations?
I would say it doesn't make clear what the problem is (a repository with
HTTP) or what to do (contact administrator of repository, switch to
HTTPS if possible). Instead the message suggests a checksum failure but
that is not the real cause, is it?
Thanks,
Maarten
On March 22nd, 2021 at 21:36, Arnaud Héritier wrote:
Well done team.
Not yet tested, I'll vote later.
About the release note the link to the Repository Order
<https://maven.apache.org/docs/3.8.0/maven.apache.org/guides/mini/guide-multiple-repositories.html#repository-order>
page
is broken. I think it is because the link doesn't have the https://
prefix/protocol)
About the content and especially MNG-7117 and MNG-7118 do we have an update
of https://maven.apache.org/guides/mini/guide-mirror-settings.html ? I see
the code changes but I don't find the doc update. The release note maybe
perhaps simplified to just say that we added 2 new features in the mirror
configuration (the blocked element and the matching rule for http protocol)
and we had a link to a more detailed doc
Elliotte I am not sure. I agree with you that nobody promised anything but
if you google Maven 3.7.0 you can find many reference about the inclusion
of the wrapper [1] or the build/consumer pom [2]
In any case I don't think it will be clear for everyone.
[1] https://www.infoq.com/news/2020/04/maven-wrapper/
[2] https://cwiki.apache.org/confluence/display/MAVEN/Build+vs+Consumer+POM
Can be easily fixed.
cheers
On Mon, Mar 22, 2021 at 8:40 PM Robert Scholte <rfscho...@apache.org> wrote:
Hi,
For the details about this release, please read
https://maven.apache.org/docs/3.8.0/release-notes.html
Also please provide feedback on the release notes. (as you know, these are
published separately from the release, so it doesn't have to block the
release itself)
We solved 5 issues:
https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12316922&version=12350003&styleName=Text
There are still a couple of issues left in JIRA:
https://issues.apache.org/jira/issues/?jql=project%20%3D%2012316922%20AND%20resolution%20%3D%20Unresolved%20ORDER%20BY%20key%20DESC%2C%20priority%20DESC
Staging repo:
https://repository.apache.org/content/repositories/maven-1633/
https://dist.apache.org/repos/dist/release/maven/maven-3/3.8.0/binaries/apache-maven-3.8.0-bin.zip
https://dist.apache.org/repos/dist/release/maven/maven-3/3.8.0/source/apache-maven-3.8.0-src.zip
Source release checksum(s):
apache-maven-3.8.0-bin.zip sha512:
b56da9a0efa45e084e4882b795787fc7b61970d19835635b2db099b91a9854f14e3776a01d569e3f7af9db946a05af91abbfad41cdc5ac09e90df25077dec01e
apache-maven-3.8.0-src.zip sha512:
51a1570894e8fb1ef52cb19ce472866745ccae2720e45304edd3cabc212cdf105937c76502558fe87995aea81c41402d7f581cc8e9393af234b64696e9a45893
Staging site:
https://maven.apache.org/ref/3-LATEST/
Guide to testing staged releases:
https://maven.apache.org/guides/development/guide-testing-releases.html
Vote open for at least 72 hours.
[ ] +1
[ ] +0
[ ] -1
Downloading from maven-default-http-blocker:
http://0.0.0.0/com/google/guava/guava/30.1-jre/guava-30.1-jre.jar
Downloading from maven-default-http-blocker:
http://0.0.0.0/com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.jar
[WARNING] Checksum validation failed, expected Lorem but is
a0a3234b13da255645808f53efb387d26ae441db from maven-default-http-blocker for
http://0.0.0.0/com/google/guava/guava/30.1-jre/guava-30.1-jre.jar
[WARNING] Checksum validation failed, expected Lorem but is
a0a3234b13da255645808f53efb387d26ae441db from maven-default-http-blocker for
http://0.0.0.0/com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.jar
[WARNING] Could not validate integrity of download from
http://0.0.0.0/com/google/guava/guava/30.1-jre/guava-30.1-jre.jar
org.eclipse.aether.transfer.ChecksumFailureException: Checksum validation
failed, expected Lorem but is a0a3234b13da255645808f53efb387d26ae441db
at
org.eclipse.aether.connector.basic.ChecksumValidator.validateExternalChecksums
(ChecksumValidator.java:174)
at org.eclipse.aether.connector.basic.ChecksumValidator.validate
(ChecksumValidator.java:103)
at
org.eclipse.aether.connector.basic.BasicRepositoryConnector$GetTaskRunner.runTask
(BasicRepositoryConnector.java:460)
at
org.eclipse.aether.connector.basic.BasicRepositoryConnector$TaskRunner.run
(BasicRepositoryConnector.java:364)
at org.eclipse.aether.util.concurrency.RunnableErrorForwarder$1.run
(RunnableErrorForwarder.java:75)
at java.util.concurrent.ThreadPoolExecutor.runWorker
(ThreadPoolExecutor.java:1128)
at java.util.concurrent.ThreadPoolExecutor$Worker.run
(ThreadPoolExecutor.java:628)
at java.lang.Thread.run (Thread.java:834)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org
For additional commands, e-mail: dev-h...@maven.apache.org
