[
https://issues.apache.org/jira/browse/MNG-7375?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Konrad Windszus updated MNG-7375:
---------------------------------
Description:
Currently the metadata at
https://repository.apache.org/service/local/repositories/snapshots/content/org/apache/jackrabbit/maven-metadata.xml
contains an invalid entry without a prefix:
{code}
<metadata>
<plugins>
<plugin>
<name>Apache Jackrabbit FileVault - Package Maven Plugin</name>
<prefix>filevault-package</prefix>
<artifactId>filevault-package-maven-plugin</artifactId>
</plugin>
<plugin>
<name>filevault-package-maven-plugin</name>
<artifactId>filevault-package-maven-plugin</artifactId>
</plugin>
</plugins>
</metadata>
{code}
This leads to an NPE when trying to deploy a new version with
{{org.apache.maven.artifact.deployer.DefaultArtifactDeployer.deploy(...)}}:
{code}
Caused by: java.lang.NullPointerException
at org.apache.maven.artifact.repository.metadata.Metadata.merge
(Metadata.java:276)
at
org.apache.maven.artifact.repository.metadata.AbstractRepositoryMetadata.updateRepositoryMetadata
(AbstractRepositoryMetadata.java:121)
at
org.apache.maven.artifact.repository.metadata.AbstractRepositoryMetadata.storeInLocalRepository
(AbstractRepositoryMetadata.java:67)
at org.apache.maven.artifact.repository.metadata.MetadataBridge.merge
(MetadataBridge.java:65)
at org.eclipse.aether.internal.impl.DefaultDeployer.upload
(DefaultDeployer.java:433)
at org.eclipse.aether.internal.impl.DefaultDeployer.deploy
(DefaultDeployer.java:321)
at org.eclipse.aether.internal.impl.DefaultDeployer.deploy
(DefaultDeployer.java:213)
at org.eclipse.aether.internal.impl.DefaultRepositorySystem.deploy
(DefaultRepositorySystem.java:386)
at org.apache.maven.artifact.deployer.DefaultArtifactDeployer.deploy
(DefaultArtifactDeployer.java:142)
{code}
Although this happened in the context of using
"org.sonatype.plugins:nexus-staging-maven-plugin:1.6.8"
(https://issues.sonatype.org/browse/NEXUS-30749) the affected code is in Maven.
The metadata is probably invalid but the Metadata class should be more robust
when trying to do the merge in
https://github.com/apache/maven/blob/951b5ee95f40147abbc2bb9d928e408b85d5aef3/maven-repository-metadata/src/main/mdo/metadata.mdo#L100
and just ignore all plugin entries without all mandatory elements.
was:
Currently the metadata at
https://repository.apache.org/service/local/repositories/snapshots/content/org/apache/jackrabbit/maven-metadata.xml
contains an invalid entry without a prefix:
{code}
<metadata>
<plugins>
<plugin>
<name>Apache Jackrabbit FileVault - Package Maven Plugin</name>
<prefix>filevault-package</prefix>
<artifactId>filevault-package-maven-plugin</artifactId>
</plugin>
<plugin>
<name>filevault-package-maven-plugin</name>
<artifactId>filevault-package-maven-plugin</artifactId>
</plugin>
</plugins>
</metadata>
{code}
This leads to an NPE when trying to deploy a new version with
{{org.apache.maven.artifact.deployer.DefaultArtifactDeployer.deploy(...)}}:
{code}
Caused by: java.lang.NullPointerException
at org.apache.maven.artifact.repository.metadata.Metadata.merge
(Metadata.java:276)
at
org.apache.maven.artifact.repository.metadata.AbstractRepositoryMetadata.updateRepositoryMetadata
(AbstractRepositoryMetadata.java:121)
at
org.apache.maven.artifact.repository.metadata.AbstractRepositoryMetadata.storeInLocalRepository
(AbstractRepositoryMetadata.java:67)
at org.apache.maven.artifact.repository.metadata.MetadataBridge.merge
(MetadataBridge.java:65)
at org.eclipse.aether.internal.impl.DefaultDeployer.upload
(DefaultDeployer.java:433)
at org.eclipse.aether.internal.impl.DefaultDeployer.deploy
(DefaultDeployer.java:321)
at org.eclipse.aether.internal.impl.DefaultDeployer.deploy
(DefaultDeployer.java:213)
at org.eclipse.aether.internal.impl.DefaultRepositorySystem.deploy
(DefaultRepositorySystem.java:386)
at org.apache.maven.artifact.deployer.DefaultArtifactDeployer.deploy
(DefaultArtifactDeployer.java:142)
{code}
Although this happened in the context of using
"org.sonatype.plugins:nexus-staging-maven-plugin:1.6.8"
(https://issues.sonatype.org/browse/NEXUS-30749) the affected code is in Maven
and should be more robust.
Although the metadata is probably invalid, the Metadata class should be more
robust when trying to do the merge in
https://github.com/apache/maven/blob/951b5ee95f40147abbc2bb9d928e408b85d5aef3/maven-repository-metadata/src/main/mdo/metadata.mdo#L100
> Potential NPE in
> org.apache.maven.artifact.repository.metadata.Metadata.merge(...) with
> invalid metadata
> --------------------------------------------------------------------------------------------------------
>
> Key: MNG-7375
> URL: https://issues.apache.org/jira/browse/MNG-7375
> Project: Maven
> Issue Type: Improvement
> Components: Artifacts and Repositories
> Affects Versions: 3.8.4
> Reporter: Konrad Windszus
> Priority: Major
>
> Currently the metadata at
> https://repository.apache.org/service/local/repositories/snapshots/content/org/apache/jackrabbit/maven-metadata.xml
> contains an invalid entry without a prefix:
> {code}
> <metadata>
> <plugins>
> <plugin>
> <name>Apache Jackrabbit FileVault - Package Maven Plugin</name>
> <prefix>filevault-package</prefix>
> <artifactId>filevault-package-maven-plugin</artifactId>
> </plugin>
> <plugin>
> <name>filevault-package-maven-plugin</name>
> <artifactId>filevault-package-maven-plugin</artifactId>
> </plugin>
> </plugins>
> </metadata>
> {code}
> This leads to an NPE when trying to deploy a new version with
> {{org.apache.maven.artifact.deployer.DefaultArtifactDeployer.deploy(...)}}:
> {code}
> Caused by: java.lang.NullPointerException
> at org.apache.maven.artifact.repository.metadata.Metadata.merge
> (Metadata.java:276)
> at
> org.apache.maven.artifact.repository.metadata.AbstractRepositoryMetadata.updateRepositoryMetadata
> (AbstractRepositoryMetadata.java:121)
> at
> org.apache.maven.artifact.repository.metadata.AbstractRepositoryMetadata.storeInLocalRepository
> (AbstractRepositoryMetadata.java:67)
> at org.apache.maven.artifact.repository.metadata.MetadataBridge.merge
> (MetadataBridge.java:65)
> at org.eclipse.aether.internal.impl.DefaultDeployer.upload
> (DefaultDeployer.java:433)
> at org.eclipse.aether.internal.impl.DefaultDeployer.deploy
> (DefaultDeployer.java:321)
> at org.eclipse.aether.internal.impl.DefaultDeployer.deploy
> (DefaultDeployer.java:213)
> at org.eclipse.aether.internal.impl.DefaultRepositorySystem.deploy
> (DefaultRepositorySystem.java:386)
> at org.apache.maven.artifact.deployer.DefaultArtifactDeployer.deploy
> (DefaultArtifactDeployer.java:142)
> {code}
> Although this happened in the context of using
> "org.sonatype.plugins:nexus-staging-maven-plugin:1.6.8"
> (https://issues.sonatype.org/browse/NEXUS-30749) the affected code is in
> Maven.
> The metadata is probably invalid but the Metadata class should be more robust
> when trying to do the merge in
> https://github.com/apache/maven/blob/951b5ee95f40147abbc2bb9d928e408b85d5aef3/maven-repository-metadata/src/main/mdo/metadata.mdo#L100
> and just ignore all plugin entries without all mandatory elements.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
