Re: Running integration tests against a signed jar

2017-05-30 Thread Gary Gregory 
Hm, so I have two choices:

- Change the POM so that the failsafe plugin runs in the test phase, which
happens before the jar signing (that works BTW).
- Change the code to repackage the IT tests and make public all that the IT
tests need (I've not done that but I'll see what breaks)

Thank you all,
Gary


On Tue, May 30, 2017 at 12:15 PM, Bernd Eckenfels 
wrote:

> I think the maven way is not much concerned with package structure,
> however why not have a IT package? Do you have much need for package access
> in your ITs?
>
> For Unit tests sharing the packages can be helpful, but for IT I would
> expect it does not only need to be collocated, but it actually is better to
> have the public view. (Some hooks might be required to open up state for
> initilisation and verification, not sure. In the cases I have seen public
> interface (or access to external systems like file or database) was enough.
>
> Are those webstart client chars or do you use signed protection domains on
> the server or is this only signing for protecting the archives?
>
> Gruss
> Bernd
> --
> http://bernd.eckenfels.net
> 
> From: Martin Gainty 
> Sent: Tuesday, May 30, 2017 7:08:43 PM
> To: Maven Users List
> Subject: Re: Running integration tests against a signed jar
>
>
>
> 
> From: Gary Gregory 
> Sent: Monday, May 29, 2017 5:01 PM
> To: Maven Users List
> Subject: Running integration tests against a signed jar
>
> Hi All:
>
> I have a POM that builds a signed jar, so far so good. Unit tests run, no
> problem.
>
> When integration tests run through fail-safe, the build fails all ITs with:
>
> java.lang.ExceptionInInitializerError
> Caused by: java.lang.SecurityException: class "com.example.MyClass"'s
> signer information does not match signer information of other classes in
> the same package
>
> MG>you are running a jar with a bad signature
> MG>you are running a jar with no signature
> MG>to confirm
> MG>for every jar in your runtime classpath
> MG>BEGIN:
> MG>for each jar expand next runtime jar
> MG>edit /META-INF/MANIFEST.MF of current jar
> MG>the signature would look something like
> MG>net/sf/jasperreports/engine/util/xml/JaxenXPathExecuterFactory.class
> SHA-256-Digest: q3B5wW+hLX/+lP2+L0/6wRVXRHq1mISBo1dkixT6Vxc=
> MG>save the first signature to outside file buffer
> MG>compare  entryFromMANIFEST.MF to first-signature
> MG>if not equal or non-existent resign current jar with algorithm from
> first signed jar
> MG>goto BEGIN
>
> As I understand it, failsafe runs the classes in test-classes against the
> built JAR, and since my ITs are in the same package as the code tested, I
> get the signing error above.
>
> What is the Maven-way to get this to work?
>
> Thank you,
> Gary
>
> --
> Java Persistence with Hibernate, Second Edition
>  tl?ie=UTF8=1789=9325=1617290459&
> linkCode=as2=garygregory-20=cadb800f39946ec62ea2b1af9fe6a2b8>
>
>  1617290459>
> JUnit in Action, Second Edition
>  tl?ie=UTF8=1789=9325=1935182021&
> linkCode=as2=garygregory-20=31ecd1f6b6d1eaf8886ac902a24de418%22
> >
> JUnit in Action, Second Edition: Petar Tahchiev, Felipe Leme, Vincent
> Massol, Gary Gregory: 9781935182023: Amazon.com: Books<
> https://www.amazon.com/gp/product/1935182021/ref=as_
> li_tl?ie=UTF8=1789=9325=
> 1935182021=as2=garygregory-20=
> 31ecd1f6b6d1eaf8886ac902a24de418%22>
> www.amazon.com
> JUnit in Action, Second Edition [Petar Tahchiev, Felipe Leme, Vincent
> Massol, Gary Gregory] on Amazon.com. *FREE* shipping on qualifying offers.
> When JUnit was first introduced a decade ago by Kent Beck and Erich Gamma,
> the Agile movement was in its infancy
>
>
>
>
>  1935182021>
> Spring Batch in Action
>  tl?ie=UTF8=1789=9325=1935182951&
> linkCode=%7B%7BlinkCode%7D%7D=garygregory-20=%7B%
> 7Blink_id%7D%7D%22%3ESpring+Batch+in+Action>
> Spring Batch in Action: Arnaud Cogoluegnes, Thierry Templier, Gary
> Gregory, Olivier Bazoud: 9781935182955: Amazon.com: Books<
> https://www.amazon.com/gp/product/1935182951/ref=as_
> li_tl?ie=UTF8=1789=9325=
> 1935182951=%7B%7BlinkCode%7D%7D=garygregory-20=%7B%
> 7Blink_id%7D%7D%22%3ESpring+Batch+in+Action>
> www.amazon.com
> Spring Batch in Action [Arnaud Cogoluegnes, Thierry Templier, Gary
> Gregory, Olivier Bazoud] on Amazon.com. *FREE* shipping on qualifying
> offers.
> Summary Spring Batch in Action is an in-depth guide to writing batch
> applications using Spring Batch. Written for developers who have basic
> knowledge of Java and the Spring lightweight container
>
>
>
>

Re: Running integration tests against a signed jar

2017-05-30 Thread Bernd Eckenfels 
I think the maven way is not much concerned with package structure, however why 
not have a IT package? Do you have much need for package access in your ITs?

For Unit tests sharing the packages can be helpful, but for IT I would expect 
it does not only need to be collocated, but it actually is better to have the 
public view. (Some hooks might be required to open up state for initilisation 
and verification, not sure. In the cases I have seen public interface (or 
access to external systems like file or database) was enough.

Are those webstart client chars or do you use signed protection domains on the 
server or is this only signing for protecting the archives?

Gruss
Bernd
--
http://bernd.eckenfels.net

From: Martin Gainty 
Sent: Tuesday, May 30, 2017 7:08:43 PM
To: Maven Users List
Subject: Re: Running integration tests against a signed jar




From: Gary Gregory 
Sent: Monday, May 29, 2017 5:01 PM
To: Maven Users List
Subject: Running integration tests against a signed jar

Hi All:

I have a POM that builds a signed jar, so far so good. Unit tests run, no
problem.

When integration tests run through fail-safe, the build fails all ITs with:

java.lang.ExceptionInInitializerError
Caused by: java.lang.SecurityException: class "com.example.MyClass"'s
signer information does not match signer information of other classes in
the same package

MG>you are running a jar with a bad signature
MG>you are running a jar with no signature
MG>to confirm
MG>for every jar in your runtime classpath
MG>BEGIN:
MG>for each jar expand next runtime jar
MG>edit /META-INF/MANIFEST.MF of current jar
MG>the signature would look something like
MG>net/sf/jasperreports/engine/util/xml/JaxenXPathExecuterFactory.class 
SHA-256-Digest: q3B5wW+hLX/+lP2+L0/6wRVXRHq1mISBo1dkixT6Vxc=
MG>save the first signature to outside file buffer
MG>compare  entryFromMANIFEST.MF to first-signature
MG>if not equal or non-existent resign current jar with algorithm from first 
signed jar
MG>goto BEGIN

As I understand it, failsafe runs the classes in test-classes against the
built JAR, and since my ITs are in the same package as the code tested, I
get the signing error above.

What is the Maven-way to get this to work?

Thank you,
Gary

--
Java Persistence with Hibernate, Second Edition



JUnit in Action, Second Edition

JUnit in Action, Second Edition: Petar Tahchiev, Felipe Leme, Vincent Massol, 
Gary Gregory: 9781935182023: Amazon.com: 
Books
www.amazon.com
JUnit in Action, Second Edition [Petar Tahchiev, Felipe Leme, Vincent Massol, 
Gary Gregory] on Amazon.com. *FREE* shipping on qualifying offers.
When JUnit was first introduced a decade ago by Kent Beck and Erich Gamma, the 
Agile movement was in its infancy





Spring Batch in Action

Spring Batch in Action: Arnaud Cogoluegnes, Thierry Templier, Gary Gregory, 
Olivier Bazoud: 9781935182955: Amazon.com: 
Books
www.amazon.com
Spring Batch in Action [Arnaud Cogoluegnes, Thierry Templier, Gary Gregory, 
Olivier Bazoud] on Amazon.com. *FREE* shipping on qualifying offers.
Summary Spring Batch in Action is an in-depth guide to writing batch 
applications using Spring Batch. Written for developers who have basic 
knowledge of Java and the Spring lightweight container




Blog: http://garygregory.wordpress.com
[https://s0.wp.com/i/blank.jpg]

Gary Gregory
garygregory.wordpress.com
Software construction, the web, and other techs

Re: Inject xml into the POM for build specific elements.

2017-05-30 Thread Karl Heinz Marbaise 

Hi,

On 30/05/17 16:44, George Kopf wrote:

I apologize if this topic has already been discussed.  I searched all over
the web and the archives and didn't find anything, but I can't believe that
I'm the only person with this request.


No need to apologize for asking...



I'm running the CI/CD pipeline for several java projects.

We're using Git, Maven, Jenkins, Sonar, and Nexus.

I would like to to have the developers create and own their own POM.XML
that will be used for Snapshots and Release Candidates.


and in consequence also for releases ?



I want to add my build specific POM elements to the effective POM for the
CI process but I don't want their POM to have to include all the extra
elements for Jacoco and Sonar (and whatever else we add in the future >
I can do this with profiles but then their POM will have everything in it.
I can do this with a parent POM but they already have a parent POM
(springboot) so that they can run locally.  


If you have springboot as parent it might be a good choice to use spring 
as bom instead of as a parent...than you can control things different 
and better...


Does it not work ?

So where is the difference for a CI pom and usual pom file ?

>
I would have to insert my

parent pom in between and that seems fragile since mine is only for CI
builds.


What exactly is fragile here?




I can't do this with the settings.xml, on the build server, because it
doesn't have all the required elements.


Sure the settings.xml has a different purpose...



I hope that there is something obvious that I've missed (like a Jenkins
plugin) but I'm about to give up and just require the developers to live
with an excessively complicated POM file.



Maybe it's worth to take al look at the tiles-maven-plugin[1] which 
might help here...



Maybe you can give an example what becomes so long or complicated ?


Kind regards
Karl Heinz Marbaise

[1]: https://github.com/repaint-io/maven-tiles

-
To unsubscribe, e-mail: users-unsubscr...@maven.apache.org
For additional commands, e-mail: users-h...@maven.apache.org

Re: Running integration tests against a signed jar

2017-05-30 Thread Martin Gainty 



From: Gary Gregory 
Sent: Monday, May 29, 2017 5:01 PM
To: Maven Users List
Subject: Running integration tests against a signed jar

Hi All:

I have a POM that builds a signed jar, so far so good. Unit tests run, no
problem.

When integration tests run through fail-safe, the build fails all ITs with:

java.lang.ExceptionInInitializerError
Caused by: java.lang.SecurityException: class "com.example.MyClass"'s
signer information does not match signer information of other classes in
the same package

MG>you are running a jar with a bad signature
MG>you are running a jar with no signature
MG>to confirm
MG>for every jar in your runtime classpath
MG>BEGIN:
MG>for each jar expand next runtime jar
MG>edit /META-INF/MANIFEST.MF of current jar
MG>the signature would look something like
MG>net/sf/jasperreports/engine/util/xml/JaxenXPathExecuterFactory.class 
SHA-256-Digest: q3B5wW+hLX/+lP2+L0/6wRVXRHq1mISBo1dkixT6Vxc=
MG>save the first signature to outside file buffer
MG>compare  entryFromMANIFEST.MF to first-signature
MG>if not equal or non-existent resign current jar with algorithm from first 
signed jar
MG>goto BEGIN

As I understand it, failsafe runs the classes in test-classes against the
built JAR, and since my ITs are in the same package as the code tested, I
get the signing error above.

What is the Maven-way to get this to work?

Thank you,
Gary

--
Java Persistence with Hibernate, Second Edition



JUnit in Action, Second Edition

JUnit in Action, Second Edition: Petar Tahchiev, Felipe Leme, Vincent Massol, 
Gary Gregory: 9781935182023: Amazon.com: 
Books
www.amazon.com
JUnit in Action, Second Edition [Petar Tahchiev, Felipe Leme, Vincent Massol, 
Gary Gregory] on Amazon.com. *FREE* shipping on qualifying offers.
When JUnit was first introduced a decade ago by Kent Beck and Erich Gamma, the 
Agile movement was in its infancy





Spring Batch in Action

Spring Batch in Action: Arnaud Cogoluegnes, Thierry Templier, Gary Gregory, 
Olivier Bazoud: 9781935182955: Amazon.com: 
Books
www.amazon.com
Spring Batch in Action [Arnaud Cogoluegnes, Thierry Templier, Gary Gregory, 
Olivier Bazoud] on Amazon.com. *FREE* shipping on qualifying offers.
Summary Spring Batch in Action is an in-depth guide to writing batch 
applications using Spring Batch. Written for developers who have basic 
knowledge of Java and the Spring lightweight container




Blog: http://garygregory.wordpress.com
[https://s0.wp.com/i/blank.jpg]

Gary Gregory
garygregory.wordpress.com
Software construction, the web, and other techs

dependency:tree without downloading binaries

2017-05-30 Thread Viktor Sadovnikov 
Hello everyone,

I need to collect information about dependencies (their GAV only) of a very
large number of projects. Therefore I wrote a simple Maven plugin. It's is
based on maven-dependency-plugin, but reports dependencies in a format,
whihc I can use later.

However applying this plugin to projects results in filling local maven
repository with binaries of all the dependencies with their different
versions. It's vey time consuming and hungry for the disk space. Is there a
way to make DependencyGraphBuilder (class from Maven Shared) to resolve
dependencies using poms only? wihtout downloading actuall binaries?

With kind regards,
Viktor

Re: Inject xml into the POM for build specific elements.

2017-05-30 Thread Jeff Jensen 
I think a BOM POM will work for your situation.  The developers add your CI
POM as a dependency in dependencyManagement using import scope:

  
ci.pom.group
ci.pom
${ci.pom.version}
pom
import
  

Read about the import scope here: https://maven.apache.org/
guides/introduction/introduction-to-dependency-mechanism.html


On Tue, May 30, 2017 at 9:44 AM, George Kopf  wrote:

> I apologize if this topic has already been discussed.  I searched all over
> the web and the archives and didn't find anything, but I can't believe that
> I'm the only person with this request.
>
> I'm running the CI/CD pipeline for several java projects.
>
> We're using Git, Maven, Jenkins, Sonar, and Nexus.
>
> I would like to to have the developers create and own their own POM.XML
> that will be used for Snapshots and Release Candidates.
>
> I want to add my build specific POM elements to the effective POM for the
> CI process but I don't want their POM to have to include all the extra
> elements for Jacoco and Sonar (and whatever else we add in the future).
>
> I can do this with profiles but then their POM will have everything in it.
> I can do this with a parent POM but they already have a parent POM
> (springboot) so that they can run locally.  I would have to insert my
> parent pom in between and that seems fragile since mine is only for CI
> builds.
>
> I can't do this with the settings.xml, on the build server, because it
> doesn't have all the required elements.
>
> I hope that there is something obvious that I've missed (like a Jenkins
> plugin) but I'm about to give up and just require the developers to live
> with an excessively complicated POM file.
>
> Thanks.
>
> --
> George Kopf
>

Inject xml into the POM for build specific elements.

2017-05-30 Thread George Kopf 
I apologize if this topic has already been discussed.  I searched all over
the web and the archives and didn't find anything, but I can't believe that
I'm the only person with this request.

I'm running the CI/CD pipeline for several java projects.

We're using Git, Maven, Jenkins, Sonar, and Nexus.

I would like to to have the developers create and own their own POM.XML
that will be used for Snapshots and Release Candidates.

I want to add my build specific POM elements to the effective POM for the
CI process but I don't want their POM to have to include all the extra
elements for Jacoco and Sonar (and whatever else we add in the future).

I can do this with profiles but then their POM will have everything in it.
I can do this with a parent POM but they already have a parent POM
(springboot) so that they can run locally.  I would have to insert my
parent pom in between and that seems fragile since mine is only for CI
builds.

I can't do this with the settings.xml, on the build server, because it
doesn't have all the required elements.

I hope that there is something obvious that I've missed (like a Jenkins
plugin) but I'm about to give up and just require the developers to live
with an excessively complicated POM file.

Thanks.

-- 
George Kopf

Re: Work-around for antrun AttachArtifact not working in external Ant build file

2017-05-30 Thread Jörg Schaible 
Hi Jürgen,

Jürgen Weber wrote:

> What is the recommended work-around for attaching artifacts created by
> antrun?
> 
> * forward target directory as variable to ant ?

That helps if the created files should be removed in a normal "clean" phase.

> * build-helper-maven-plugin attach-artifact ?

Definitely the proper action.

> http://technotes.khitrenovich.com/attach-maven-artifact-external-build-xml-file/
> https://issues.apache.org/jira/browse/MANTRUN-181
> 
> Thx,
> Juergen

Cheers,
Jörg


-
To unsubscribe, e-mail: users-unsubscr...@maven.apache.org
For additional commands, e-mail: users-h...@maven.apache.org