Re: weird error - property substitution not working

[Tomo Suzuki]

My guess: Project A’s parent pom in your local Maven repository is outdated.

Regards,
Tomo


On Thu, May 9, 2024 at 21:43 Siddharth Jain  wrote:

> Hello,
>
> I have a property defined in parent pom:
>
> 1.17.3
>
> I have project A that has following:
>
> 
> com.microsoft.onnxruntime
> onnxruntime
> ${onnxruntime.version}
> 
>
> it installs fine.
>
> I have project B that has following:
>
> 
> com.example
> projectA
> ${project.version}
> test
> 
>
> this give me this bizarre error on test-compile:
>
> Could not resolve dependencies for project
> xxx:xxx-xxx-xxx:jar:1.0.0-SNAPSHOT: The following artifacts could not be
> resolved:
> com.microsoft.onnxruntime:onnxruntime_gpu:jar:${onnxruntime.version}
> (absent), com.microsoft.onnxruntime:onnxruntime:jar:${onnxruntime.version}
> (absent): Could not find artifact
> com.microsoft.onnxruntime:onnxruntime_gpu:jar:${onnxruntime.version} in
> central (https://repo.maven.apache.org/maven2)
>
> it does not substitute ${onnxruntime.version} with the value from
> parent pom. how can I fix this? I have never seen anything like this
> before.
>

Re: Less info please.

[Tomo Suzuki]

“-ntp” (no transfer progress) is my favorite command line option.

Regards,
Tomo


On Fri, May 3, 2024 at 06:32 Arbol One  wrote:

> Debian 12
> NetBeans 21
> Apache Maven 3.8.7
>
> Hello.
>
> The Ant tool produces very little information regarding its work. On the
> other hand, Maven displays lots and lots of output telling me what's
> happening under the hood.
> I am not interested in so much data about what Maven does in the
> background, all I need to know, for now, is that there are not errors
> and what the compilation output is.
>
> What can I do to make Maven display less data about what it does under
> the hood?
>
> Thanks in advance!
>
> --
> */ArbolOne.ca/* Using Fire Fox and Thunderbird. ArbolOne is composed of
> students and volunteers dedicated to providing free services to
> charitable organizations. ArbolOne on Java Development is in progress [ í ]

Re: A book on Maven

[Tomo Suzuki]

I would rather use the getting started guide in the Maven website:
https://maven.apache.org/guides/getting-started/maven-in-five-minutes.html

Regards,
Tomo


On Tue, Apr 30, 2024 at 18:23 Arbol One  wrote:

> Anyone here can recommend a book on maven for a truly nubby?
> Thanks!!
>
> --
> */ArbolOne.ca/* Using Fire Fox and Thunderbird. ArbolOne is composed of
> students and volunteers dedicated to providing free services to
> charitable organizations. ArbolOne on Java Development is in progress [ í ]

Re: Publishing to Maven Central and non-OSS plugin dependencies

[Tomo Suzuki]

(I’m just a Maven user)
It seems that, for consuming the artifact, the closed-source plugin seems
not a dependency. I believe it just works fine. Your company’s support team
might get questions like “I tried to build your library myself but the
build failed.”

Maven has a capability to replace pom.xml content when packaging a project.
The flatten Maven plugin uses it
https://www.mojohaus.org/flatten-maven-plugin/
.

Regards,
Tomo


On Thu, Feb 29, 2024 at 07:40 Florent Biville 
wrote:

> Yes, to clarify, our project has something like this:
>
> 
> com.acme.plugin
> plugin
> 4.2.42
> 
> 
> com.acme.plugin
> plugin-dep
> 42.4.2
> 
> 
> 
>
>
> On Thu, Feb 29, 2024 at 1:33 PM Tamás Cservenák 
> wrote:
>
> > Howdy,
> >
> > You would need to ask Sonatype about that, and check here:
> > https://central.sonatype.org/publish/requirements/
> >
> > IMHO best to ask them about it: IIUC you want to deploy artifacts to
> > central that has dependencies not available from Central
> > (nor any other public repository?)
> >
> > Thanks
> > T
> >
> >
> >
> > On Thu, Feb 29, 2024 at 1:31 PM Florent Biville <
> florent.bivi...@gmail.com
> > >
> > wrote:
> >
> > > Hello,
> > >
> > > I'm working on an open-source project that we want to release to Maven
> > > Central in the coming weeks.
> > >
> > > The project currently includes a plugin dependency that is NOT
> > open-source
> > > (nor in a public GitHub repository). Is that a blocker for releases to
> > > Maven Central? I know it would be for regular dependencies and plugins,
> > but
> > > I'm not 100% sure about plugin dependencies in particular (although I
> > would
> > > guess it's the same).
> > >
> > > Any input would be appreciated,
> > >
> > > Best regards,
> > > Florent
> > >
> >
>

Re: maven debugging frustrations

[Tomo Suzuki]

My guess is that your Maven project uses failOnWarning.
https://maven.apache.org/plugins/maven-compiler-plugin/compile-mojo.html#failOnWarning

On Tue, Dec 19, 2023 at 5:38 PM Thomas Broyer  wrote:

> In `mvn -X` you should find the arguments to javac (beware that empty
> arguments are not displayed there, rather than being shown as "" for
> instance), which would allow you to run javac on your own, taking Maven out
> of the equation.
>
> Le mar. 19 déc. 2023, 23:28,  a
> écrit :
>
> > Indeed, if there were ACTUAL error messages from the java compiler, this
> > would be far less mysterious :)
> > The trouble is that there are NOT any error messages coming from the Java
> > compiler.
> > There are a few warnings (from javac), followed soon after by
> "Compilation
> > failure" (from maven, NOT from javac)
> > I do not recommend feeling my maven-based pain :)
> > But if you happen to know where to get some pain relief, I'd love to know
> >
> > -Original Message-
> > From: Tomo Suzuki 
> > Sent: Tuesday, December 19, 2023 5:18 PM
> > To: Maven Users List 
> > Subject: Re: maven debugging frustrations
> >
> >
> > CAUTION: This email originated from outside our organisation -
> > suzt...@google.com.INVALID Do not click on links, open attachments, or
> > respond unless you recognize the sender and can validate the content is
> > safe.
> > What’s the exact error messages?
> >
> > (Maybe I’m too old to feel your pain)  If you use Java, you need to know
> > what compilation means (converting Java code to Java bytecode). Your
> Maven
> > invocation was telling it was failing due to some error messages.
> >
> > On Tue, Dec 19, 2023 at 16:57 
> > wrote:
> >
> > > When my Java code does something I didn't expect, I can run it under a
> > > debugger and step through it line by line until things make sense
> again.
> > > When maven does something I didn't expect, my debugging strategy is
> > > usually more like "try to think of something in my bag of tricks".
> > > Sometimes I suddenly have an epiphany and I realize "oh, it must have
> > > broken because of that thing I changed".
> > > But in the absence of epiphanies, I don't have any good ways to ask
> > > maven to tell me what on earth is going on.
> > >
> > > Example from today: some is failing on our build server with
> > > "Compilation failure".
> > > Looking at the build log, there are no compiler errors in sight.
> > > There are a few compiler warnings, and those seem to logged twice:
> > > once at warning level, and then again at error level.
> > > It only fails on SOME (not all) of our build configs, even though our
> > > configs are pretty darn similar to each other.
> > >
> > > So I'm left flailing around more or less at random (try compiling on a
> > > different server!  Try copying the command line flags from the one
> > > that work!  Etc.) What I actually want is for maven to give me some
> > > CRUMB of visibility into what on earth is going wrong.
> > >
> > > I don't even know what "Compilation failure" actually means.
> > > Did some process exit with non-zero status?
> > > Did the process fail to launch in the first place?
> > > Maybe there is no extra process, and the compilation is taking place
> > > in the same JVM that's running maven?
> > > If so, what went wrong?  Did an exception get thrown?  Something else?
> > >
> > > You get the idea.
> > >
> > >
> > > This message is for information purposes only. It is not a
> > > recommendation, advice, offer or solicitation to buy or sell a product
> > > or service, nor an official confirmation of any transaction. It is
> > > directed at persons who are professionals and is intended for the
> > > recipient(s) only. It is not directed at retail customers. This message
> > is subject to the terms at:
> > >
> >
> https://clicktime.symantec.com/15sifLYAwPjLHCtCgybKg?h=ANvnaYG630AR0f2GLplpUfGbAsle9xaoL2f-FF_ESsU==https://www.cib.barclays/disclosures/web-and-email-disclaimer.html
> > .
> > >
> > > For important disclosures, please see:
> > > https://clicktime.symantec.com/15siaWLtUn3jsG4H9RCB4?h=M6FIGRVBH8G_LIh
> > > m9t5V7SPthNcb5IVYLL7498zEnzg==https://www.cib.barclays/disclosures/s
> > > ales-and-trading-disclaimer.html regarding marketing commentary from
> > > Barcl

Re: maven debugging frustrations

[Tomo Suzuki]

What’s the exact error messages?

(Maybe I’m too old to feel your pain)  If you use Java, you need to know
what compilation means (converting Java code to Java bytecode). Your Maven
invocation was telling it was failing due to some error messages.

On Tue, Dec 19, 2023 at 16:57  wrote:

> When my Java code does something I didn't expect, I can run it under a
> debugger and step through it line by line until things make sense again.
> When maven does something I didn't expect, my debugging strategy is
> usually more like "try to think of something in my bag of tricks".
> Sometimes I suddenly have an epiphany and I realize "oh, it must have
> broken because of that thing I changed".
> But in the absence of epiphanies, I don't have any good ways to ask maven
> to tell me what on earth is going on.
>
> Example from today: some is failing on our build server with "Compilation
> failure".
> Looking at the build log, there are no compiler errors in sight.
> There are a few compiler warnings, and those seem to logged twice: once at
> warning level, and then again at error level.
> It only fails on SOME (not all) of our build configs, even though our
> configs are pretty darn similar to each other.
>
> So I'm left flailing around more or less at random (try compiling on a
> different server!  Try copying the command line flags from the one that
> work!  Etc.)
> What I actually want is for maven to give me some CRUMB of visibility into
> what on earth is going wrong.
>
> I don't even know what "Compilation failure" actually means.
> Did some process exit with non-zero status?
> Did the process fail to launch in the first place?
> Maybe there is no extra process, and the compilation is taking place in
> the same JVM that's running maven?
> If so, what went wrong?  Did an exception get thrown?  Something else?
>
> You get the idea.
>
>
> This message is for information purposes only. It is not a recommendation,
> advice, offer or solicitation to buy or sell a product or service, nor an
> official confirmation of any transaction. It is directed at persons who are
> professionals and is intended for the recipient(s) only. It is not directed
> at retail customers. This message is subject to the terms at:
> https://www.cib.barclays/disclosures/web-and-email-disclaimer.html.
>
> For important disclosures, please see:
> https://www.cib.barclays/disclosures/sales-and-trading-disclaimer.html
> regarding marketing commentary from Barclays Sales and/or Trading desks,
> who are active market participants;
> https://www.cib.barclays/disclosures/barclays-global-markets-disclosures.html
> regarding our standard terms for Barclays Corporate and Investment Bank
> where we trade with you in principal-to-principal wholesale markets
> transactions; and in respect to Barclays Research, including disclosures
> relating to specific issuers, see: http://publicresearch.barclays.com.
> __
>
> If you are incorporated or operating in Australia, read these important
> disclosures:
> https://www.cib.barclays/disclosures/important-disclosures-asia-pacific.html
> .
>
> __
> For more details about how we use personal information, see our privacy
> notice: https://www.cib.barclays/disclosures/personal-information-use.html.
>
>
> __
>

Re: What could cause a missing JAR in WEB-INF?

[Tomo Suzuki]

> The pom.xml has 2 profiles

I meant the pom file that delcares the missing dependency. Your
(transitive) dependency's pom.xml.

On Sat, Apr 15, 2023 at 13:29 Thad Humphries 
wrote:

> Thanks. I might be missing something but I can't see it. Responses inline.
>
> On Sat, Apr 15, 2023 at 12:00 PM Tomo Suzuki 
> wrote:
>
> > My guess
> >
> > - Maven profiles activated based on environment
> >
>
> The pom.xml has 2 profiles, both triggered by -P, not (that I know of) by
> the environment. In any case, environments are (at least from the debug)
> the same except for "java.awt.headless: true" in the debug from the office
> Mac that I telnet into. That's the Mini with the extra JAR, but my MacBook
> has it, too, and it's here with me.
>
> Of the two declared profiles, one profile selects GWT devmode, while the
> other packages the *war. In all the cases that I am describing, I'm
> using the packaging profile. Each time the command is
>
> $ mvn clean exec:exec -Dexec.executable="xslt" package -P package
>
> (The exec:exec builds the webapp's online manual using DocBook. It's later
> copied into the *war. Same DocBook version, same version of xsltproc.)
>
> Running `mvn help:effective-settings` shows the same settings on each
> machine except for hostnames. Is there another command I should try?
>
>
> > - Download URL was unavailable
> >
>
> I don't think so. I've packaged this dozens of times over the past 3 days
> with the same results each time. The Git and Nexus servers are inside the
> office, but I've had no connection issues with them. I have a VPN to
> everything there.
>
>
> > or
> > - Disk was full when downloading
> >
>
> Both Mac Minis have 1.12TB Fusion drives with over 50% free.
>
>
> >
> > On Fri, Apr 14, 2023 at 15:34 Thad Humphries 
> > wrote:
> >
> > > I have *war that I've built on 3 different Macs (maven-war-plugin
> 3.3.2).
> > > The code is pulled from my local git repo, and the supporting jars are
> > from
> > > a local Nexus repository. All Macs use the same setup--Amazon Corretto
> > Java
> > > 11 and Maven 3.9.1. The ~/.m2/settings.xml are identical. Two of the
> Macs
> > > produce the same *war (a Mini with 10.15.7 and a MacBook with 12.6.5).
> > The
> > > third Mac--also a Mini with 10.15.7--is missing one JAR file in
> > > WEB-INF/lib. How can this be?
> > >
> > > The missing JAR is in each local repository. I do not see this JAR
> when I
> > > run `mvn dependency:tree`, though I see a different (newer) version as
> > > "provided." The missing JAR doesn't seem to matter when the webapp runs
> > (no
> > > problems found so far). Any idea as to why, and what I can (or should?)
> > do
> > > for a consistent build?
> > >
> > > --
> > > "Hell hath no limits, nor is circumscrib'd In one self-place; but where
> > we
> > > are is hell, And where hell is, there must we ever be" --Christopher
> > > Marlowe, *Doctor Faustus* (v. 111-13)
> > >
> > --
> > Regards,
> > Tomo
> >
>
>
> --
> "Hell hath no limits, nor is circumscrib'd In one self-place; but where we
> are is hell, And where hell is, there must we ever be" --Christopher
> Marlowe, *Doctor Faustus* (v. 111-13)
>
-- 
Regards,
Tomo

Re: What could cause a missing JAR in WEB-INF?

[Tomo Suzuki]

My guess

- Maven profiles activated based on environment
- Download URL was unavailable
or
- Disk was full when downloading

On Fri, Apr 14, 2023 at 15:34 Thad Humphries 
wrote:

> I have *war that I've built on 3 different Macs (maven-war-plugin 3.3.2).
> The code is pulled from my local git repo, and the supporting jars are from
> a local Nexus repository. All Macs use the same setup--Amazon Corretto Java
> 11 and Maven 3.9.1. The ~/.m2/settings.xml are identical. Two of the Macs
> produce the same *war (a Mini with 10.15.7 and a MacBook with 12.6.5). The
> third Mac--also a Mini with 10.15.7--is missing one JAR file in
> WEB-INF/lib. How can this be?
>
> The missing JAR is in each local repository. I do not see this JAR when I
> run `mvn dependency:tree`, though I see a different (newer) version as
> "provided." The missing JAR doesn't seem to matter when the webapp runs (no
> problems found so far). Any idea as to why, and what I can (or should?) do
> for a consistent build?
>
> --
> "Hell hath no limits, nor is circumscrib'd In one self-place; but where we
> are is hell, And where hell is, there must we ever be" --Christopher
> Marlowe, *Doctor Faustus* (v. 111-13)
>
-- 
Regards,
Tomo

Re: Maven build hanging -- how to collect diagnostics?

[Tomo Suzuki]

“-X” debug option would be the first step.

If it was on Linux, you can try strace command to see what system call it
is making (or not). I’m not sure about Windows.

In past, I encountered an infinite loop for very strange dependency tree.
It’s rare and has been fixed in latest releases. But inifinite loop in
Maven does exist.

Regards,
Tomo

On Thu, Dec 1, 2022 at 17:56 Slawomir Jaranowski 
wrote:

>
>
> czw., 1 gru 2022 o 23:21 John Lilley
>  napisał(a):
>
>> Greetings,
>>
>>
>>
>> I have a maven build for a somewhat complex tree of projects, where I
>> find that a multi-thread build will hang unless “clean” is done first.  A
>> single-thread build is fine.  The hang seems to occur at one of the
>> “Installing…” messages, but of course being multi-threaded it is unclear
>> whether that is the proximal cause.  Oddly, when it hangs, maven continues
>> to consume a full CPU core, which indicates some sort of live-lock
>> situation.
>>
>>
>>
>
>  “Installing…” ...
>
> Which version of maven-install-plugin do you use, if older one please
> update to 3.1.0
>
>
>
>> At this point, I have two questions:
>>
>>- Does someone recognize this as a known issue?
>>- If not, please help me collect diagnostics so that I could submit a
>>useful bug report.  Can I enable verbose debug logging?  When it hangs,
>>would a jstack dump be helpful?
>>
>>
>>
>> Basic system info:
>>
>> $ mvn --version
>>
>> Apache Maven 3.8.6 (84538c9988a25aec085021c365c560670ad80f63)
>>
>> Maven home: F:\bin\apache-maven
>>
>> Java version: 17.0.3, vendor: Eclipse Adoptium, runtime: C:\Program
>> Files\Eclipse Adoptium\jdk-17.0.3.7-hotspot
>>
>> Default locale: en_US, platform encoding: Cp1252
>>
>> OS name: "windows 10", version: "10.0", arch: "amd64", family: "windows"
>>
>>
>>
>>
>>
>> Thanks
>>
>> John
>>
>>
>>
>> [image: rg] 
>>
>> John Lilley
>>
>> Data Management Chief Architect, Redpoint Global Inc.
>>
>> 888 Worcester Street, Suite 200 Wellesley, MA 02482
>> 
>>
>> *M: *+1 7209385761 <+1%207209385761> | john.lil...@redpointglobal.com
>>
>> PLEASE NOTE: This e-mail from Redpoint Global Inc. (“Redpoint”) is
>> confidential and is intended solely for the use of the individual(s) to
>> whom it is addressed. If you believe you received this e-mail in error,
>> please notify the sender immediately, delete the e-mail from your computer
>> and do not copy, print or disclose it to anyone else. If you properly
>> received this e-mail as a customer, partner or vendor of Redpoint, you
>> should maintain its contents in confidence subject to the terms and
>> conditions of your agreement(s) with Redpoint.
>>
>
>
> --
> Sławomir Jaranowski
>
-- 
Regards,
Tomo

Re: maven-clean-plugin and plexus-utils 1.1 (CVE-2017-1000487)

[Tomo Suzuki]

Hi Martin,

Would you share the output of your [1] setup, where you saw
“plexus-utils-1.1.jar
is being downloaded“?

mvn -X -s settings.xml -Dmaven.repo.local=repository
org.apache.maven.plugins:maven-clean-plugin:3.2.0:clean


(Doesn’t the debug flag explain why it’s downloading it?)

Regards,
Tomo

On Thu, Sep 22, 2022 at 04:15 Martin D'Aloia  wrote:

> Hi, we are seeing that even with the latest maven-clean-plugin (currently
> 3.2.0) a plexus-utils-1.1.jar is being downloaded.
> We think that it is a real issue but we wanted to check in case we are
> overlooking something.
>
> This is reproducible 100% with a simple setup shown below. [1]
>
> In theory using 3.2.0 should resolve it as mentioned here:
>
> https://stackoverflow.com/questions/71711729/java-maven-cve-2017-1000487-on-plexus-utils-2-0-4-jar-plexus-utils-3-0-10-jar
>
> Executing the dependency:tree on 3.2.0 brings 3.3.0 but with provided
> scope. [2]
> Executing the dependency:tree on 3.1.0 brings 2.0.4 with compile scope. [3]
>
> We couldn't determine from where 1.1 comes; Maven 3.8.6 comes with
> lib/plexus-utils-3.3.1.jar
>
> Even declaring the plugin inside the pom.xml and executing
> dependency:resolve-plugins doesn't show the 1.1 version. [4]
>
> Who provides this plexus-utils 1.1?
> Should I report it on Jira?
>
> Thanks in advance
> Martin
>
> ==
>
> [1]:
>
> settings.xml
>
> 
>
> http://maven.apache.org/SETTINGS/1.2.0; xmlns:xsi="
> http://www.w3.org/2001/XMLSchema-instance;
> xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.2.0
> https://maven.apache.org/xsd/settings-1.2.0.xsd;>
>
> 
>
>
> pom.xml
>
> 
>
> http://maven.apache.org/POM/4.0.0;
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance;
> xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
> https://maven.apache.org/xsd/maven-4.0.0.xsd;>
> 4.0.0
>
> example-group
> clean-bug-example
> 0.0.1-SNAPSHOT
> pom
> 
>
>
> Maven 3.8.6:
> mvn -X -s settings.xml -Dmaven.repo.local=repository
> org.apache.maven.plugins:maven-clean-plugin:3.2.0:clean
>
> ==
>
> [2]:
> mvn -s settings.xml -Dmaven.repo.local=repository -f
>
> ./repository/org/apache/maven/plugins/maven-clean-plugin/3.2.0/maven-clean-plugin-3.2.0.pom
> dependency:tree -Dincludes="*:plexus-utils:*"
>
> [INFO] org.apache.maven.plugins:maven-clean-plugin:maven-plugin:3.2.0
> [INFO] \- org.apache.maven:maven-compat:jar:3.2.5:test
> [INFO]\- org.codehaus.plexus:plexus-utils:jar:3.3.0:provided
>
> ==
>
> [3]:
> mvn -s settings.xml -Dmaven.repo.local=repository -f
>
> ./repository/org/apache/maven/plugins/maven-clean-plugin/3.1.0/maven-clean-plugin-3.1.0.pom
> dependency:tree -Dincludes="*:plexus-utils:*"
>
> [INFO] org.apache.maven.plugins:maven-clean-plugin:maven-plugin:3.1.0
> [INFO] \- org.apache.maven:maven-compat:jar:3.0:test
> [INFO]\- org.codehaus.plexus:plexus-utils:jar:2.0.4:compile
>
> ==
>
> [4]:
> Add to pom.xml
>
> 
> 
> 
> org.apache.maven.plugins
> maven-clean-plugin
> 3.2.0
> 
> 
> 
>
> mvn --settings settings.xml -Dmaven.repo.local=repository
> dependency:resolve-plugins
>
> (full output redacted to show only plexus-utils)
>
> [INFO] Plugin Resolved: maven-install-plugin-2.4.jar
> [INFO] Plugin Dependency Resolved: plexus-utils-3.0.5.jar
> [INFO] Plugin Resolved: maven-deploy-plugin-2.7.jar
> [INFO] Plugin Dependency Resolved: plexus-utils-1.5.6.jar
> [INFO] Plugin Resolved: maven-clean-plugin-3.2.0.jar
> [INFO] Plugin Dependency Resolved: maven-shared-utils-3.3.4.jar
> [INFO] Plugin Resolved: maven-site-plugin-3.3.jar
> [INFO] Plugin Dependency Resolved: plexus-utils-1.5.10.jar
>
> ==
>
-- 
Regards,
Tomo

Re: Getting version upgrade advise to upgrade a BOM..

[Tomo Suzuki]

Hi Niels,
(Thank you for using the libraries-bom! I'm one of the maintainers of the
BOM.)

I don't know how to do it in Maven. However, I often see people using
dependabot or
renovatebot integrated with their repositories.
An example pull request by renovatebot:
https://github.com/googleapis/java-securitycenter/pull/472

Note that RenovateBot doesn't require GitHub.com repository:
https://github.com/renovatebot/renovate#self-hosting




On Thu, Apr 29, 2021 at 5:12 PM Delany  wrote:

> Is it this https://github.com/mojohaus/versions-maven-plugin/issues/395
> Regards,
> Delany
>
>
> On Thu, 29 Apr 2021, 22:22 Niels Basjes,  wrote:
>
> > Hi,
> >
> > I see quite a few situations where the dependencies for toolkit are
> > provided in the form of a dependency you must "import" in
> > the dependencyManagement section.
> > They provide this to ensure you always have a working combination for a
> lot
> > of closely related dependencies.
> >
> > To illustrate the problem I ran into I created this minimal pom.xml:
> >
> > 
> > http://maven.apache.org/POM/4.0.0;
> >  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance;
> >  xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
> > http://maven.apache.org/xsd/maven-4.0.0.xsd;>
> > 4.0.0
> >
> > nl.basjes.example
> > dependency-version-test
> > 0.1-SNAPSHOT
> > jar
> >
> > 
> > 
> > 
> > 
> > com.google.cloud
> > libraries-bom
> > 19.0.0
> > pom
> > import
> > 
> > 
> > 
> >
> > 
> > 
> > com.google.cloud
> > google-cloud-pubsub
> > 
> > 
> > 
> >
> >
> > Now for this example the 19.0.0 is a valid version and absolutely not the
> > latest version.
> > What I'm looking for is a command that will give me the advice to update
> > the 19.0.0 to whatever is currently the latest version.
> > If I put this in an empty directory and try to get insight in what I need
> > to upgrade I do this:
> >
> > mvn versions:display-dependency-updates
> >
> >
> > The output I get from this is the full list of all underlying
> dependencies
> > for which an update is available; yet no mention of the libraries-bom
> that
> > is in need of an update.
> >
> > What I would like is a list of the things for which an update is
> available;
> > yet here I effectively want the opposite of what I get from this plugin:
> I
> > only want (should?) get the suggestion to update the libraries-bom and
> not
> > the full list of the versions defined in there.
> >
> > Is there a way to achieve this?
> >
> > --
> > Best regards / Met vriendelijke groeten,
> >
> > Niels Basjes
> >
>


-- 
Regards,
Tomo

Re: BOM vs Parent inheritance

[Tomo Suzuki]

> Is it because the oci-java-sdk is 2 hops from my pom and the jackson-bom
is 3 hops?

Yes, my experience tells that the distance from your pom matters.

> Is there anything I can do to control this such that the versions defined
in my parent "win"?

No, I think you can only import jackson-bom of your choice.
But then there's a risk that that Jackson version might not work
ocj-java-sdk (and
future spring-boot versions).

On Thu, Feb 4, 2021 at 5:45 AM Andres Almiray  wrote:

> I'm quite interested in this conversation as in my experience the process
> of producing & consuming BOMs is still misunderstood.
>
> Regarding 3rd party dependencies in a BOM, I've seen 2 main usages of BOMs.
>
> - library BOM: defines *only* those modules belonging to the same
> multi-project. Examples:
> https://github.com/oracle/oci-java-sdk/blob/master/bmc-bom/pom.xml
> https://github.com/oracle/helidon/blob/master/bom/pom.xml
>
> - stack BOM: defines both modules in the same multi-project build and 3rd
> party dependencies. This is the preferred way to distribute framework BOMs,
> such as Micronaut, Spring Boot, Helidon, etc. Examples:
> https://github.com/oracle/helidon/blob/master/dependencies/pom.xml
>
> Note the names "library" and "stack" are not official nor the official
> documentation makes explicit difference between them AFAICT. This is based
> on usage observation.
> Now, the docs do not mention BOMs should not have parents, do they? The
> Helidon BOM has a parent that defines publication & build-only concerns, no
>  nor 
> https://github.com/oracle/helidon/blob/master/parent/pom.xml
>
> I think that's a valid usage. The oci-java-sdk parent POM OTOH not only
> defines  but also , thus forcing those
> dependencies into every child module if I'm not mistaken
> https://github.com/oracle/oci-java-sdk/blob/master/pom.xml
>
> BOMs are just POMs that must have pom and a
>  section (besides GAV coordinates); I believe every
> other valid POM element may or may not be applied however the PomChecker
> rules go beyond that and ban a few extra elements
>
> https://github.com/kordamp/pomchecker/blob/master/pomchecker-core/src/main/java/org/kordamp/maven/checker/BomChecker.java
>
> All this being said, the rules for crafting BOMs are still unclear to me,
> happy to be corrected and help clear them out :-)
>
> Cheers,
> Andres
>
> ---
> Java Champion; Groovy Enthusiast
> http://andresalmiray.com
> http://www.linkedin.com/in/aalmiray
> --
> What goes up, must come down. Ask any system administrator.
> There are 10 types of people in the world: Those who understand binary, and
> those who don't.
> To understand recursion, we must first understand recursion.
>
>
> On Thu, Feb 4, 2021 at 8:37 AM Thomas Broyer  wrote:
>
> > Actually, I'd say those BOMs probably shouldn't declare jackson. The
> > project's dependencies should be enough, and you explicitly declare the
> > version you need/want to use.
> > In the case of the OCI BOM, it seems quite clear that it mistakenly
> > inherits dependency management from it's parent POM: most BOMs shouldn't
> > have a parent, or their parent shouldn't include dependency management
> for
> > their submodules.
> >
> > Le jeu. 4 févr. 2021 à 00:56, Rupert Madden-Abbott <
> > rupert.madden.abb...@gmail.com> a écrit :
> >
> > > Hi,
> > >
> > > I have the following structure in my pom:
> > >
> > > My pom <- import oci-java-sdk-bom <- parent = ocj-java-sdk
> > > ^
> > > |
> > > parent = spring-boot-starter-parent
> > > ^
> > > |
> > > parent = spring-boot-dependencies <- import jackson-bom
> > >
> > >
> > > Both jackson-bom and oci-java-sdk have a dependency management section
> > and
> > > declare jackson-databind and I am also using this dependency in my
> > pom.xml
> > > without specifying a version.
> > >
> > > I have found that the version from oci-java-sdk is used and not the
> > version
> > > from jackson-bom (via spring boot). I naively expected that anything
> > pulled
> > > in from my pom's parent would instead take precedence.
> > >
> > > Why is this? Is it because the oci-java-sdk is 2 hops from my pom and
> the
> > > jackson-bom is 3 hops? Is there anything I can do to control this such
> > that
> > > the versions defined in my parent "win"?
> > >
> > > Where are these rules documented so I can work this out for myself in
> the
> > > future?
> > >
> > > Are there any tools/plugins that can help say why a given version has
> > been
> > > selected?
> > >
> >
>


-- 
Regards,
Tomo

Re: maven enforcer plugin questions

[Tomo Suzuki]

>  though the changes were innocuous

In such case, usually run “mvn help:effective-pom“ to figure out the
difference.

In my experience, enforcer rules (requireUpperBounds,
dependencyConvergence) are deterministic and reliable. Would you be willing
to share a minimum reproducible project as a Github repository? I‘m
interested in 2 enforcer rule invocations show different results.

Regards,
Tomo

On Sat, Dec 5, 2020 at 13:43 Andrew Marlow  wrote:

> hi,
>
> Thank you Bernd for answering my question. I didn't know about the
> dedicated mailing list. However, when I go to
> https://maven.apache.org/enforcer/maven-enforcer-plugin/ and see the link
> to https://maven.apache.org/enforcer/maven-enforcer-plugin/mail-lists.html
> I find that link is broken, so I will ask the question here.
>
> I have introduced the enforcer to the project I am working on and have
> found it very useful. However I have just been compelled to abandon it
> which I do with great reluctance.   Upon the merging in of some pom changes
> the enforcer started to change what it had been reporting even though the
> changes were innocuous. There were no dependency changes. Furthermore, it
> started to not report on convergence errors that it previously did report.
> I run the enforcer via a python script that runs the enforcer, capturing
> the output into a logfile. It then analyses the logfile to find where the
> convergence errors are and reports on those which are not in an exemption
> list that the script has. When this started happening in some of our
> jenkins jobs I ran the same commands that the jobs uses and I got different
> results. I was also able to get a third result that was different to the
> other two by running the same command but with specifying my own maven
> local repo cache via the -Dmaven.local.repo option. So I was forced to come
> to the conclusion that the enforcer is unreliable. I would be interested to
> hear what use other developers make of the enforcer and what their
> experiences are.
>
> On Sat, 5 Dec 2020 at 17:18, Bernd Eckenfels 
> wrote:
>
> > Hello,
> >
> > Yes. this list can be used to reach users of maven, including maven
> > plugins like the enforcer plugin (a official plugin has the name
> > maven-something-plugin and is hosted on the Maven web site like
> > https://maven.apache.org/enforcer/maven-enforcer-plugin/).
> >
> > But even if it where a third party plugin, it is fine to discuss them
> here
> > with other users.
> >
> > Gruss
> > Bernd
> > --
> > http://bernd.eckenfels.net
> > 
> > Von: Andrew Marlow 
> > Gesendet: Saturday, December 5, 2020 1:01:35 PM
> > An: users@maven.apache.org 
> > Betreff: maven enforcer plugin questions
> >
> > Hello everyone,
> >
> > excuse me, is this the right place to discuss questions about the maven
> > enforcer plugin please?
> >
> > --
> > Regards,
> >
> > Andrew Marlow
> > http://www.andrewpetermarlow.co.uk
> >
>
>
> --
> Regards,
>
> Andrew Marlow
> http://www.andrewpetermarlow.co.uk
>
-- 
Regards,
Tomo

Re: Version ranges: bug or feature

[Tomo Suzuki]

I expect Maven to check all possible versions that match the range criteria
and to pick the highest one. (Sorry if I might not grasp your question)

The suffixes (-SNAPSHOT) in version ranges do not work as a filter.
(Probably this is not the point?)

The mentioned version strings (6.7.1-SNAPSHOT, 6.7.2-SNAPSHOT and
6.7.3-SNAPSHOT) are all higher than “6.7.0” and lower than “7.0.0-SNAPSHOT“.


On Tue, Nov 10, 2020 at 10:34 Maxim Solodovnik  wrote:

> Thanks for the quick answer Tomo,
>
> According to out build logs (available for ex. here [1])
> `7.0.0-SNAPSHOT` in the range results in checking all snapshot versions in
> all snapshot repositories available
>
> so 6.7.1-SNAPSHOT, 6.7.2-SNAPSHOT, 6.7.3-SNAPSHOT etc are being checked ...
> Is this expected
>
>
> https://ci-builds.apache.org/job/OpenMeetings/job/openmeetings/133/consoleFull
>
>
>
> On Tue, 10 Nov 2020 at 21:49, Tomo Suzuki 
> wrote:
>
> > I avoid using version ranges because it introduces unexpected results in
> > the dependency graphs.
> >
> > > [6.7.0,7.0.0-SNAPSHOT)
> >
> > I felt the intention of the range is the highest version before
> > 7.0.0-SNAPSHOT (without including 7.0.0-SNAPSHOT version).
> > As per [1], this range includes versions such as "7.0.0-alpha" and
> > "7.0.0-rc".
> >
> > [1]:
> >
> >
> https://maven.apache.org/ref/3.6.3/maven-artifact/apidocs/org/apache/maven/artifact/versioning/ComparableVersion.html
> > ,
> >
> >
> >
> > On Tue, Nov 10, 2020 at 8:54 AM Maxim Solodovnik 
> > wrote:
> >
> > > Hello Maven experts,
> > >
> > > one sub-dependencies of our project has following
> > >   [6.7.0,7.0.0-SNAPSHOT)
> > > [1]
> > >
> > > as a result metadata for all available SNAPSHOT version is being
> checked
> > in
> > > all SNAPSHOT repositories
> > > this takes time
> > > (full story is here https://groups.google.com/g/kurento/c/7B5k_cZ2Ya0)
> > >
> > > this is reproducible using both local build and build at
> > > ci-builds.apache.org
> > >
> > > Is this expected behavior?
> > > Is it Ok to use range dependency with SNAPSHOT in release version of
> > > library?
> > >
> > >
> > >
> > > [1]
> > >
> > >
> >
> https://repo1.maven.org/maven2/org/kurento/kms-api-elements/6.15.0/kms-api-elements-6.15.0.pom
> > >
> > > --
> > > Best regards,
> > > Maxim
> > >
> >
> >
> > --
> > Regards,
> > Tomo
> >
>
>
> --
> Best regards,
> Maxim
>
-- 
Regards,
Tomo

Re: Version ranges: bug or feature

[Tomo Suzuki]

I avoid using version ranges because it introduces unexpected results in
the dependency graphs.

> [6.7.0,7.0.0-SNAPSHOT)

I felt the intention of the range is the highest version before
7.0.0-SNAPSHOT (without including 7.0.0-SNAPSHOT version).
As per [1], this range includes versions such as "7.0.0-alpha" and
"7.0.0-rc".

[1]:
https://maven.apache.org/ref/3.6.3/maven-artifact/apidocs/org/apache/maven/artifact/versioning/ComparableVersion.html
,



On Tue, Nov 10, 2020 at 8:54 AM Maxim Solodovnik 
wrote:

> Hello Maven experts,
>
> one sub-dependencies of our project has following
>   [6.7.0,7.0.0-SNAPSHOT)
> [1]
>
> as a result metadata for all available SNAPSHOT version is being checked in
> all SNAPSHOT repositories
> this takes time
> (full story is here https://groups.google.com/g/kurento/c/7B5k_cZ2Ya0)
>
> this is reproducible using both local build and build at
> ci-builds.apache.org
>
> Is this expected behavior?
> Is it Ok to use range dependency with SNAPSHOT in release version of
> library?
>
>
>
> [1]
>
> https://repo1.maven.org/maven2/org/kurento/kms-api-elements/6.15.0/kms-api-elements-6.15.0.pom
>
> --
> Best regards,
> Maxim
>


-- 
Regards,
Tomo

Re: exec:java doesn't find classes from jar files

[Tomo Suzuki]

Hi Raivo,

Interesting problem. Would you share the entire error message and minimum
reproducible pom.xml?

Tomo

On Sat, Oct 31, 2020 at 07:17 Raivo Rebane  wrote:

> Hello
>
> If I use single httpclient.jar it doesn't find HttpClient.class
>
> if I duplicate dependencies wuidth addisional httpclient-beta.jar it
> finds HttpClient.class
>
> Then it didn't find HttpClientConnectionManager.class witch exist in
> both jars :
>
> org/apache/http/conn/OperatedClientConnection.class
> org/apache/http/conn/ManagedClientConnection.class
> org/apache/http/conn/ConnectionRequest.class
> org/apache/http/conn/EofSensorInputStream.class
> org/apache/http/conn/ClientConnectionOperator.class
> org/apache/http/conn/HttpClientConnectionOperator.class
> org/apache/http/conn/BasicManagedEntity.class
> org/apache/http/conn/ConnectionKeepAliveStrategy.class
> org/apache/http/conn/ManagedHttpClientConnection.class
> org/apache/http/conn/BasicEofSensorWatcher.class
> org/apache/http/conn/HttpClientConnectionManager.class
> org/apache/http/conn/HttpRoutedConnection.class
> org/apache/http/conn/EofSensorWatcher.class
> org/apache/http/conn/SchemePortResolver.class
> org/apache/http/conn/ClientConnectionManager.class
>
> What to do ?
>
> Regrds
>
> Raivo
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@maven.apache.org
> For additional commands, e-mail: users-h...@maven.apache.org
>
> --
Regards,
Tomo

Re: My maven module dependencies got wipe out randomly

[Tomo Suzuki]

Hi Dan,

(I don't use openapi-generator-maven-plugin)
I had a similar situation where my Maven plugin (Linkage Checker enforcer
rule
,
which reads dependencies of a project) stopped working when I started to
use Maven's "-T" option. The root cause was that, with multi-threading, JAR
files in ~/.m2/repository were deleted and recreated while the plugin was
reading JAR files as another thread was resolving dependencies of another
project. I figured out that when I checked the timestamp of the error and
the JAR files. I ended up not running the plugin with multi-thread.

So if your error is about missing files and the files' timestamps were
close to the time of the error, that might be caused by another project
being built simultaneously.

Regards,
Tomo



On Tue, Oct 13, 2020 at 2:30 AM Dan Tran  wrote:

> Hello to all,
>
> I have a 300+ java modules [0] which takes about 2 min to build without
> tests.  The build randomly failing once a while(%5) where I am able to
> chase it to the root cause mentioned in the title
>
> Further guessing[2] takes me to the removal of one module which
> uses openapi-generator-maven-plugin-4.3.1[1] and the issue completely
> disappears.
>
> Looking at the plugin source, iI could not figure out anything standing
> out.
>
> Looking for more set of eyes to see if that plugin is thread-safe
>
> Appreciate all advice and helps
>
> -D
>
> [0] error is reproducible with maven 3.6.3 and latest 3.7.0-SNAPSHOT
>
> [1]
>
> https://github.com/OpenAPITools/openapi-generator/blob/v4.3.1/modules/openapi-generator-maven-plugin/src/main/java/org/openapitools/codegen/plugin/CodeGenMojo.java
>
> [2] I used to face this type of issue before where a none threadsafe plugin
> can corrupted classpath in reactor mode ( for example:
> build-number-maven-plugin)
>


-- 
Regards,
Tomo

Re: Why does POM have precedence over -D property expressions?

[Tomo Suzuki]

> *any* explicit pom.xml  cannot be overridden by a property
expression given on
> the command line.

I also encountered the problem when my Maven project has multiple main
classes and I wanted to run them by switching "mvn exec:java
-Dexec.mainClass=...' while keeping the default one in pom.xml. I don't
know why Maven is designed in that way.

Good to know the use of properties to control it. Thank you.

-- 
Regards,
Tomo

Re: does order of dependencies in dependemcymanagement matter?

[Tomo Suzuki]

The order does not matter. I usually sort them alphabetically so that I can
easily find duplicates.

On Wed, Jul 8, 2020 at 02:11 彭宁均  wrote:

> hi,
> guys!
> in my team, we use dependencymanagement to manage the version of hundreds
> dependencies. Now i want to adjust the order of dependencies to make it
> more clear. So i am wondering does order of dependencies in
> dependemcymanagement matters?
> and also, does order of plugins in pluginmanagement matters?
>
>
> thanks!

-- 
Regards,
Tomo

Re: Maven Artifacts not consumable after Introducing ci-friendly approach - revision tag

[Tomo Suzuki]

Hi Hanish,

I see child1 in my Maven local repository cannot resolve the $version to
refer to its parent, because $version is defined at the parent (the error
message below).

How about specifying the concrete version when specifying parent? While you
might not like that the version value will appear multiple places, you can
update them by "mvn version:set"
https://www.mojohaus.org/versions-maven-plugin/set-mojo.html


[ERROR] Failed to execute goal on project child2: Could not resolve
dependencies for project com.sample:child2:jar:1.1.0-SNAPSHOT: Failed to
collect dependencies at com.sample:child1:jar:1.1.0-SNAPSHOT: Failed to
read artifact descriptor for com.sample:child1:jar:1.1.0-SNAPSHOT: Could
not find artifact com.sample:test-parent:pom:${revision} in central (
https://repo.maven.apache.org/maven2) -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e
switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions,
please read the following articles:
[ERROR] [Help 1]
http://cwiki.apache.org/confluence/display/MAVEN/DependencyResolutionException

/tmp/test-parent/child2 $ cat
~/.m2/repository/com/sample/child1/1.1.0-SNAPSHOT/child1-1.1.0-SNAPSHOT.pom
http://maven.apache.org/POM/4.0.0; xmlns:xsi="
http://www.w3.org/2001/XMLSchema-instance; xsi:schemaLocation="
http://maven.apache.org/POM/4.0.0
http://maven.apache.org/xsd/maven-4.0.0.xsd;>
  4.0.0
  
com.sample
test-parent
${revision}
  
  child1
%

On Sat, Jun 13, 2020 at 8:41 AM Francois Marot 
wrote:

> Hello,
> I can confirm that you sample project works as intended once you add the
> missing configuration for the flatten plugin. Without it the pom.xml
> installed in your local repo are not correct because of the placeholders in
> the .
>
> I just copy pasted the  content as explained here:
> http://maven.apache.org/maven-ci-friendly.html#install-deploy
>
> Hope you will soon make it work
>
>
>
> *- - - - -François Marot06 50 91 96 38*
>
>
>
> On Sat, 13 Jun 2020 at 05:39, Hanish Bansal <
> hanish.bansal.agar...@gmail.com>
> wrote:
>
> > Hi Team,
> >
> > I have pushed a sample minimal project in git at the following link
> > https://github.com/hanishbansal/test-parent
> >
> > Project Structure:
> >   test-parent
> >- child1
> >- child2
> >
> > child2 project has dependency of child1 project.
> >
> > Steps to Reproduce the error:
> > 1. Compile test-parent project with goal "clean install". It will compile
> > and install all child projects.
> > 2. Now compile child2 project, it would give compilation error due to
> > dependency of child1 project.
> >
> >
> >
> > On Sat, Jun 13, 2020 at 12:58 AM Tomo Suzuki  >
> > wrote:
> >
> > > I suspect typo in child module name. Do you want to share minimum
> > > reproducible project?
> > >
> > > On Fri, Jun 12, 2020 at 07:17 Hanish Bansal <
> > > hanish.bansal.agar...@gmail.com>
> > > wrote:
> > >
> > > > Yes, that has been already tried. I have installed child modules
> > > separately
> > > > but if there is any child module (e.g. child2) has dependency of
> other
> > > > child module child1 then I am not able to compile child2 project.
> > > >
> > > > On Fri, Jun 12, 2020 at 3:39 PM Tomo Suzuki
>  > >
> > > > wrote:
> > > >
> > > > > (Assuming yy-utils is the one of the child project)
> > > > > Run ”mvn install” in yy-utils module first.
> > > > >
> > > > > On Fri, Jun 12, 2020 at 01:56 Hanish Bansal <
> > > > > hanish.bansal.agar...@gmail.com>
> > > > > wrote:
> > > > >
> > > > > > Hi All,
> > > > > >
> > > > > > We have maven Multi Module Project, where we have recently
> > > implemented
> > > > > > version control process as mentioned in below documentation but
> > after
> > > > > > introducing it we are not able to compile child projects
> > > independently
> > > > > > because of dependency failure.
> > > > > >
> http://maven.apache.org/maven-ci-friendly.html#multi-module-setup
> > > > > >
> > > > > > We have also used flatten-maven-plugin but artifacts deployed in
> > our
> > > > > > repository via this setup are not consumable by Maven anymore.
> > > > > >
> > >

Re: Maven Artifacts not consumable after Introducing ci-friendly approach - revision tag

[Tomo Suzuki]

I suspect typo in child module name. Do you want to share minimum
reproducible project?

On Fri, Jun 12, 2020 at 07:17 Hanish Bansal 
wrote:

> Yes, that has been already tried. I have installed child modules separately
> but if there is any child module (e.g. child2) has dependency of other
> child module child1 then I am not able to compile child2 project.
>
> On Fri, Jun 12, 2020 at 3:39 PM Tomo Suzuki 
> wrote:
>
> > (Assuming yy-utils is the one of the child project)
> > Run ”mvn install” in yy-utils module first.
> >
> > On Fri, Jun 12, 2020 at 01:56 Hanish Bansal <
> > hanish.bansal.agar...@gmail.com>
> > wrote:
> >
> > > Hi All,
> > >
> > > We have maven Multi Module Project, where we have recently implemented
> > > version control process as mentioned in below documentation but after
> > > introducing it we are not able to compile child projects independently
> > > because of dependency failure.
> > > http://maven.apache.org/maven-ci-friendly.html#multi-module-setup
> > >
> > > We have also used flatten-maven-plugin but artifacts deployed in our
> > > repository via this setup are not consumable by Maven anymore.
> > >
> > >  
> > >   
> > > 
> > >   org.codehaus.mojo
> > >   flatten-maven-plugin
> > >   1.1.0
> > >   
> > > true
> > > resolveCiFriendliesOnly
> > >   
> > >   
> > > 
> > >   flatten
> > >   process-resources
> > >   
> > > flatten
> > >   
> > > 
> > > 
> > >   flatten.clean
> > >   clean
> > >   
> > > clean
> > >   
> > > 
> > >   
> > > 
> > >   
> > >   
> > >
> > > While trying to get artifacts, maven build failed with below error:
> > >
> > > Failed to read artifact descriptor for
> > > org..xxx.x:yy-utils:jar:0.0.1: Could not transfer artifact
> > >
> > > Can you please help here?
> > >
> > > --
> > >
> > > *Thanks & Regards,Hanish Bansal*
> > >
> > --
> > Regards,
> > Tomo
> >
>
>
> --
>
> *Thanks & Regards,Hanish Bansal*
> Lead Software Engineer, Big Data
> (M) : +91-995-339-9925
> LinkedIn: www.linkedin.com/in/hanishbansal/
>
-- 
Regards,
Tomo

Re: Maven Artifacts not consumable after Introducing ci-friendly approach - revision tag

[Tomo Suzuki]

(Assuming yy-utils is the one of the child project)
Run ”mvn install” in yy-utils module first.

On Fri, Jun 12, 2020 at 01:56 Hanish Bansal 
wrote:

> Hi All,
>
> We have maven Multi Module Project, where we have recently implemented
> version control process as mentioned in below documentation but after
> introducing it we are not able to compile child projects independently
> because of dependency failure.
> http://maven.apache.org/maven-ci-friendly.html#multi-module-setup
>
> We have also used flatten-maven-plugin but artifacts deployed in our
> repository via this setup are not consumable by Maven anymore.
>
>  
>   
> 
>   org.codehaus.mojo
>   flatten-maven-plugin
>   1.1.0
>   
> true
> resolveCiFriendliesOnly
>   
>   
> 
>   flatten
>   process-resources
>   
> flatten
>   
> 
> 
>   flatten.clean
>   clean
>   
> clean
>   
> 
>   
> 
>   
>   
>
> While trying to get artifacts, maven build failed with below error:
>
> Failed to read artifact descriptor for
> org..xxx.x:yy-utils:jar:0.0.1: Could not transfer artifact
>
> Can you please help here?
>
> --
>
> *Thanks & Regards,Hanish Bansal*
>
-- 
Regards,
Tomo

Re: How to exclude certain dependencies from being added to the Class-Path in maven?

[Tomo Suzuki]

I see that you accepted the answer. Nice.

On Thu, Jun 11, 2020 at 8:29 AM  wrote:

> Hello,
>
>
>
> I would like to know how to exclude certain dependencies from being added
> to the Class-Path using maven. I posted a detailed StackOverflow question
> here: https://stackoverflow.com/questions/62173831
>
>
>
> Thank you very much for any kind of help 
>
>

-- 
Regards,
Tomo

Re: slf4j-jcl-1.0.1: Checksum validation failed

[Tomo Suzuki]

The discrepancy has been resolved as per the ticket.

On Tue, May 26, 2020 at 10:15 PM Tomo Suzuki  wrote:

> Hi Olivier,
>
> Thank you for your response! I just created a ticket for them:
> https://issues.sonatype.org/browse/MVNCENTRAL-5833
>
> On Sun, May 24, 2020 at 04:56 Olivier Lamy  wrote:
>
>> Maven Central is managed by Sonatype read term of services
>> https://repo1.maven.org/terms.html
>>
>> You should report this issue here
>> https://issues.sonatype.org/projects/MVNCENTRAL
>>
>> On Sat, 23 May 2020 at 02:04, Tomo Suzuki 
>> wrote:
>>
>> > Hi Maven users,
>> >
>> > Does anyone know why slf4j-jcl-1.0.1's checksum is invalid in Maven
>> > Central?
>> >
>> > I'm investigating the following warning message:
>> >
>> > [WARNING] Could not validate integrity of download from
>> >
>> >
>> https://repo1.maven.org/maven2/org/slf4j/slf4j-jcl/1.0.1/slf4j-jcl-1.0.1.pom
>> > :
>> > Checksum validation failed, expected
>> > 7035ae7774a9a082a316a6943bbad9dfab6319b3 but is
>> > c5c0a3fff6071a4c720f1b7aa1b66cb9d0b26a21
>> >
>> > When I checked
>> >
>> >
>> https://repo1.maven.org/maven2/org/slf4j/slf4j-jcl/1.0.1/slf4j-jcl-1.0.1.pom.sha1
>> > ,
>> > it has
>> >
>> > 7035ae7774a9a082a316a6943bbad9dfab6319b3
>> >
>> >
>> /home/projects/maven/repository-staging/to-ibiblio/maven2/org/slf4j/slf4j-jcl/1.0.1/slf4j-jcl-1.0.1.pom
>> >
>> > However, curl and sha1sum say otherwise:
>> >
>> > suztomo@suztomo:~/spring-cloud-gcp$ curl
>> >
>> >
>> https://repo1.maven.org/maven2/org/slf4j/slf4j-jcl/1.0.1/slf4j-jcl-1.0.1.pom
>> > |sha1sum
>> > <
>> https://repo1.maven.org/maven2/org/slf4j/slf4j-jcl/1.0.1/slf4j-jcl-1.0.1.pom%7Csha1sum
>> >
>> >   % Total% Received % Xferd  Average Speed   TimeTime Time
>> >  Current
>> >  Dload  Upload   Total   SpentLeft
>> >  Speed
>> > 100   394  100   3940 0   4061  0 --:--:-- --:--:-- --:--:--
>> >  4104
>> > c5c0a3fff6071a4c720f1b7aa1b66cb9d0b26a21  -
>> >
>> > So from my perspective, the discrepancy is in line with the Maven
>> warning
>> > message. Maven Central is hosting invalid checksum files. Does anyone
>> know
>> > why this discrepancy happens slf4j-jcl-1.0.1?
>> >
>> > --
>> > Regards,
>> > Tomo
>> >
>>
>>
>> --
>> Olivier Lamy
>> http://twitter.com/olamy | http://linkedin.com/in/olamy
>>
>

-- 
Regards,
Tomo

Re: Unable to update version for provided transient dependencies

[Tomo Suzuki]

Hi Mitchell,

Does your "mvn dependency:tree" contain the unwanted logging library?
If yes, that's strange. Maven does not automatically include Provided
transitive dependencies as far as I know.
If not, then it's Storm that brought the library by reading the dependency
graph in their way.



On Thu, May 28, 2020 at 1:41 PM Mitchell Rathbun (BLOOMBERG/ 731 LEX) <
mrathb...@bloomberg.net> wrote:

> We are currently using Storm 1.2.3, and we want to update the version of
> log4j2 being used. In our Maven file, we specify storm-core with version
> 1.2.3 and provided scope. This dependency has dependencies on log4j-api,
> log4j-core, slf4j-log4j-impl, etc. The provided version of these
> dependencies is 2.8.2. I have tried declaring the log4j dependencies in our
> top level pom.xml with version 2.13.2 and compile scope, and have excluded
> these dependencies from the storm-core dependency. Regardless, when
> submitting our Storm topology, we always get the issue:
>
> SLF4J: Class path contains multiple SLF4J bindings.
> SLF4J: Found binding in
> [jar:file:/bb/bin/package/a/apache-storm-1.2.3/1.2.3-3+b20200407T00292257/libexec/apache-storm-1.2.3/lib/log4j-slf4j-impl-2.8.2.jar!/org/slf4j/impl/StaticLoggerBinder.class]
> .
>
> The 2.8.2 version of log4j2 is always used. So it doesn't seem like
> excluding provided transient dependencies is working as hoped. How can we
> update the transient log4j2 dependencies that are brought in with provided
> scope by the storm-core dependency?



-- 
Regards,
Tomo

Re: slf4j-jcl-1.0.1: Checksum validation failed

[Tomo Suzuki]

Hi Olivier,

Thank you for your response! I just created a ticket for them:
https://issues.sonatype.org/browse/MVNCENTRAL-5833

On Sun, May 24, 2020 at 04:56 Olivier Lamy  wrote:

> Maven Central is managed by Sonatype read term of services
> https://repo1.maven.org/terms.html
>
> You should report this issue here
> https://issues.sonatype.org/projects/MVNCENTRAL
>
> On Sat, 23 May 2020 at 02:04, Tomo Suzuki 
> wrote:
>
> > Hi Maven users,
> >
> > Does anyone know why slf4j-jcl-1.0.1's checksum is invalid in Maven
> > Central?
> >
> > I'm investigating the following warning message:
> >
> > [WARNING] Could not validate integrity of download from
> >
> >
> https://repo1.maven.org/maven2/org/slf4j/slf4j-jcl/1.0.1/slf4j-jcl-1.0.1.pom
> > :
> > Checksum validation failed, expected
> > 7035ae7774a9a082a316a6943bbad9dfab6319b3 but is
> > c5c0a3fff6071a4c720f1b7aa1b66cb9d0b26a21
> >
> > When I checked
> >
> >
> https://repo1.maven.org/maven2/org/slf4j/slf4j-jcl/1.0.1/slf4j-jcl-1.0.1.pom.sha1
> > ,
> > it has
> >
> > 7035ae7774a9a082a316a6943bbad9dfab6319b3
> >
> >
> /home/projects/maven/repository-staging/to-ibiblio/maven2/org/slf4j/slf4j-jcl/1.0.1/slf4j-jcl-1.0.1.pom
> >
> > However, curl and sha1sum say otherwise:
> >
> > suztomo@suztomo:~/spring-cloud-gcp$ curl
> >
> >
> https://repo1.maven.org/maven2/org/slf4j/slf4j-jcl/1.0.1/slf4j-jcl-1.0.1.pom
> > |sha1sum
> > <
> https://repo1.maven.org/maven2/org/slf4j/slf4j-jcl/1.0.1/slf4j-jcl-1.0.1.pom%7Csha1sum
> >
> >   % Total% Received % Xferd  Average Speed   TimeTime Time
> >  Current
> >  Dload  Upload   Total   SpentLeft
> >  Speed
> > 100   394  100   3940 0   4061  0 --:--:-- --:--:-- --:--:--
> >  4104
> > c5c0a3fff6071a4c720f1b7aa1b66cb9d0b26a21  -
> >
> > So from my perspective, the discrepancy is in line with the Maven warning
> > message. Maven Central is hosting invalid checksum files. Does anyone
> know
> > why this discrepancy happens slf4j-jcl-1.0.1?
> >
> > --
> > Regards,
> > Tomo
> >
>
>
> --
> Olivier Lamy
> http://twitter.com/olamy | http://linkedin.com/in/olamy
>

Re: Maven brings “test” transitive dependency as “compile”

[Tomo Suzuki]

Debraj,

I couldn't reproduce the problem in my setting. Netty-common appears as
test scope.
https://gist.github.com/suztomo/69f854bddd102b3fe83eae8f0720c494

Would you be willing to create a minimum reproducible project?
Hopefully it builds only artifacts available on the public Internet (no
artifactory.arkin.local:8000).

BTW, this is the documentation I think your Maven tree is not behaving as
documented:
https://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html#dependency-scope




On Sat, May 23, 2020 at 12:40 AM Debraj Manna 
wrote:

> Thanks Andy for replying.
>
> maven dependency:tree -Dverbose does not seem to work for me. It gives me
> the below message
>
> ...
> [INFO] --- maven-dependency-plugin:3.1.1:tree (default-cli) @ delete ---
> [INFO] Verbose not supported since maven-dependency-plugin 3.0
> [INFO] com.vnera:delete:jar:0.001-SNAPSHOT
> ...
>
> If I just exclude netty-common from apache-bookkeeper then netty-common
> 4.1.32 does not show up in the dependency tree.
>
>
> On Sat, May 23, 2020 at 3:57 AM Andy Feldman 
> wrote:
>
> > On Fri, May 22, 2020 at 6:31 AM Debraj Manna 
> > wrote:
> >
> > > bookkeeper-common is in test scope but still netty-common is showing up
> > as
> > > compile dependency.
> > >
> >
> > Is it possible that netty-common is a transitive dependency of another
> > dependency as well? Running dependency:tree does not show all paths to
> each
> > dependency.
> >
> > You can try running dependency:tree with the verbose flag to see more
> > branches of the tree, although the documentation says it is not
> guaranteed
> > to work properly with Maven 3.
> >
> >
> https://maven.apache.org/plugins/maven-dependency-plugin/tree-mojo.html#verbose
> >
> > You can also try removing the dependency on bookkeeper-common and running
> > dependency:tree again to see if netty-common still shows up.
> >
> > --
> > Andy Feldman
> > Wealthfront
> >
>


-- 
Regards,
Tomo

slf4j-jcl-1.0.1: Checksum validation failed

[Tomo Suzuki]

Hi Maven users,

Does anyone know why slf4j-jcl-1.0.1's checksum is invalid in Maven Central?

I'm investigating the following warning message:

[WARNING] Could not validate integrity of download from
https://repo1.maven.org/maven2/org/slf4j/slf4j-jcl/1.0.1/slf4j-jcl-1.0.1.pom:
Checksum validation failed, expected
7035ae7774a9a082a316a6943bbad9dfab6319b3 but is
c5c0a3fff6071a4c720f1b7aa1b66cb9d0b26a21

When I checked
https://repo1.maven.org/maven2/org/slf4j/slf4j-jcl/1.0.1/slf4j-jcl-1.0.1.pom.sha1,
it has

7035ae7774a9a082a316a6943bbad9dfab6319b3
 
/home/projects/maven/repository-staging/to-ibiblio/maven2/org/slf4j/slf4j-jcl/1.0.1/slf4j-jcl-1.0.1.pom

However, curl and sha1sum say otherwise:

suztomo@suztomo:~/spring-cloud-gcp$ curl
https://repo1.maven.org/maven2/org/slf4j/slf4j-jcl/1.0.1/slf4j-jcl-1.0.1.pom
|sha1sum
  % Total% Received % Xferd  Average Speed   TimeTime Time
 Current
 Dload  Upload   Total   SpentLeft
 Speed
100   394  100   3940 0   4061  0 --:--:-- --:--:-- --:--:--
 4104
c5c0a3fff6071a4c720f1b7aa1b66cb9d0b26a21  -

So from my perspective, the discrepancy is in line with the Maven warning
message. Maven Central is hosting invalid checksum files. Does anyone know
why this discrepancy happens slf4j-jcl-1.0.1?

-- 
Regards,
Tomo

Re: Maven brings “test” transitive dependency as “compile”

[Tomo Suzuki]

Hi Debraj,

That's strange. "mvn dependency:tree -Dverbose" gives more information.

"mvn help:effective-pom" may give you some information for netty-comon.

By any change, does the parent (or poms imported by parent) declare
dependencyManagement for netty-common?


On Fri, May 22, 2020 at 9:31 AM Debraj Manna 
wrote:

> Hi
>
> In my project I am observing that maven 3.6.3 is bringing the test
> transitive dependency as compile. My understanding is that transitive
> dependency coming from test scope should also have test scope. Can someone
> let me know is my understanding wrong?
>
> When I run "mvn dependency:tree" for my project it shows the following:
>
> [INFO] \-
> org.apache.bookkeeper:bookkeeper-common:test-jar:tests:4.10.0:test
> [INFO]+-
> org.apache.bookkeeper.stats:bookkeeper-stats-api:jar:4.10.0:test
> [INFO]+- org.apache.bookkeeper:cpu-affinity:jar:4.10.0:test
> *[INFO]+- io.netty:netty-common:jar:4.1.32.Final:compile*
> [INFO]+- org.jctools:jctools-core:jar:2.1.2:test
> [INFO]+- org.slf4j:slf4j-api:jar:1.7.25:compile
> [INFO]\- commons-configuration:commons-configuration:jar:1.10:compile
>
> bookkeeper-common is in test scope but still netty-common is showing up as
> compile dependency. I have placed the entire dependency tree output here
> .
>
> The pom is like below
>
> 
> com.vnera
> main
> 0.001-SNAPSHOT
> 
>
> delete
> jar
> delete
>
> 
> 
> com.vnera
> programs
> ${main.version}
> 
> 
> com.vnera
> programs
> ${main.version}
> tests
> test
> 
> 
> com.vnera
> core-model
> ${main.version}
> 
> 
> com.vnera
> storage-utils
> ${main.version}
> test-jar
> test
> 
> 
> com.github.rholder
> guava-retrying
> 1.0.5
> 
> 
> com.google.guava
> guava
> 
> 
> 
> 
> 
>
>
> bookkeeper-common is defined in the parent pom as below
>
> 
> org.apache.bookkeeper
> bookkeeper-common
> 4.10.0
> test-jar
> test
> 
>


-- 
Regards,
Tomo

Re: Launching full Maven programmatically

[Tomo Suzuki]

I'm interested in that problem too. In the project below, we use
PlexusContainer to instantiate MavenProject class from pom file:
https://github.com/GoogleCloudPlatform/cloud-opensource-java/blob/master/dependencies/src/main/java/com/google/cloud/tools/opensource/dependencies/RepositoryUtility.java#L209

I hope there's a better way to achieve this.

On Thu, Apr 16, 2020 at 6:55 AM Andres Almiray  wrote:

> Hi,
>
> I'm looking for a way to launch Maven programmatically in such a way that I
> can get access to fully resolved Model and MavenProject instances, and not
> just for a single project but also for all projects that belong to a
> Reactor.
>
> At first I used this code
>
> try {
> FileReader reader = new FileReader(pom);
> MavenXpp3Reader mavenReader = new MavenXpp3Reader();
> return new MavenProject(mavenReader.read(reader));
> } catch (Exception e) {
> throw new IllegalArgumentException(e);
> }
>
> But of course that's not enough. Next I tried using the maven-model-builder
> APIs directly but not all references get resolved (such as parent POMs) as
> a custom ModelResolver is required and the default one is not intended to
> be used in standalone fashion.
>
> Ideally I would call some sort of embeddable Maven API that can give me the
> answers I seek, something like this
>
> MavenProject project = EmbeddableMaven.launch(propsOrFlags).file(pomFile);
>
> or alternatively something like
>
> MavenReactor reactor = EmbeddableMaven.launch(propsOrFlags).file(pomFile);
> for(MavenProject project : reactor.getProjects()) { /* do stuff */ }
>
> Of course I'm making up these types and method names as I do not know if
> something like this exist or not, hence why I'm asking here.
>
> Thanks in advance.
>
> Cheers
> Andres
>


-- 
Regards,
Tomo

Re: Global setting for --no-transfer-progress

[Tomo Suzuki]

I tried MAVEN_OPTS, which did not work (it's not for Java virtual machine):

suztomo-macbookpro44% export MAVEN_OPTS='--no-transfer-progress'
suztomo-macbookpro44% mvn compile
Unrecognized option: --no-transfer-progress
Error: Could not create the Java Virtual Machine.
Error: A fatal exception has occurred. Program will exit.


Ugly suggestion: adding that option at the end of "mvn" shell script.




On Tue, Apr 7, 2020 at 7:29 AM Tarakesh Vishwanath 
wrote:

> Hi,
>
> We have started using Maven 3.6.1's new option --no-transfer-progress to
> reduce the log output. However, it is cumbersome to add this flag to every
> maven invocation in codebase.
> Just wanted to know if there's any way this setting can be made Global ??
>
> Regards,
> Tarakesh
>


-- 
Regards,
Tomo

Re: Build Failed

[Tomo Suzuki]

In the command prompt, would you run
ping repo.maven.apache.org
and
ping repo1.maven.org
and share the result?


On Thu, Mar 19, 2020 at 08:07 John Patrick  wrote:

> Did it previously work from this machine?
> Are you being a firewall or proxy server?
> What version of maven are you using?
> What version of Java are you using?
>
> I've just deleted org/apache/maven from my local repository and it
> downloaded fine.
>
> If you go to other websites do they work? i.e. are you on a public wifi
> and it's doing captive portal before allowing you to access the internet...
>
> John
>
>
>
> On Thu, 19 Mar 2020 at 11:53, Robert Manikonda 
> wrote:
>
>> Hi
>>  Please check the attached error and im unable to build maven project
>>
>> Thanks
>>
>> Br//
>> Robert M
>> --
>>
>>
>>
>>
>> Thanks & Regards
>> Robert Manikonda
>> 7013207511
>>
> --
Regards,
Tomo

Re: Querying Maven Central Index by Class Name

[Tomo Suzuki]

>  indexes published by central does NOT have class names available

Thank you for clarification!

On Sat, Jan 25, 2020 at 11:35 AM Tamás Cservenák  wrote:
>
> Not to mention that the indexes published by central does NOT have class
> names available.
>
> T
>
> On Sat, Jan 25, 2020 at 5:25 PM Tomo Suzuki 
> wrote:
>
> > Anthony and Robert,
> >
> > Thank you for information. They both seem better than querying
> > nexus-maven-repository-index.gz by myself.
> >
> > Regards,
> > Tomo
> >
> > On Fri, Jan 24, 2020 at 15:38 Robert Scholte  wrote:
> >
> > > Try
> > >
> > https://search.maven.org/search?q=fc:com.google.common.util.concurrent.MoreExecutors
> > >
> > >
> > > On https://search.maven.org/ you can click on Advanced options to see
> > > all  possibilities
> > >
> > > Robert
> > > On 24-1-2020 20:33:21, Tomo Suzuki  wrote:
> > > Hi Maven users,
> > >
> > > Does anybody know how to query class names in Maven Central Index
> > > (nexus-maven-repository-index.gz) [1] to get Maven artifacts that
> > > contain the class?
> > >
> > > I'm exploring ways to find Maven artifacts by a class name. For
> > > example, I want to find which versions of Guava had class
> > > "com.google.common.util.concurrent.MoreExecutors" with
> > > "sameThreadExecutor" method. More background is in my GitHub issue
> > > [2].
> > >
> > > I found Central Index page [1] explaining
> > > nexus-maven-repository-index.gz and use of "luke".
> > > The Maven Indexer's documentation [3] says I should be able to find
> > > "classnames" field, but I could not find the field when I opened it in
> > > luke [4]. Even if helps looking up class name, it might not provide
> > > method information. Does anybody know how to use the index?
> > >
> > > [1]: https://maven.apache.org/repository/central-index.html
> > > [2]:
> > > https://github.com/GoogleCloudPlatform/cloud-opensource-java/issues/1095
> > > [3]:
> > >
> > https://maven.apache.org/maven-indexer-archives/maven-indexer-LATEST/indexer-core/
> > > [4]:
> > >
> > https://user-images.githubusercontent.com/28604/73096813-b67dfe80-3eb3-11ea-82e4-dec1f9ca7519.png
> > >
> > > --
> > > Regards,
> > > Tomo
> > >
> > > -
> > > To unsubscribe, e-mail: users-unsubscr...@maven.apache.org
> > > For additional commands, e-mail: users-h...@maven.apache.org
> > >
> > > --
> > Regards,
> > Tomo
> >



-- 
Regards,
Tomo

-
To unsubscribe, e-mail: users-unsubscr...@maven.apache.org
For additional commands, e-mail: users-h...@maven.apache.org

Re: Querying Maven Central Index by Class Name

[Tomo Suzuki]

Anthony and Robert,

Thank you for information. They both seem better than querying
nexus-maven-repository-index.gz by myself.

Regards,
Tomo

On Fri, Jan 24, 2020 at 15:38 Robert Scholte  wrote:

> Try
> https://search.maven.org/search?q=fc:com.google.common.util.concurrent.MoreExecutors
>
>
> On https://search.maven.org/ you can click on Advanced options to see
> all  possibilities
>
> Robert
> On 24-1-2020 20:33:21, Tomo Suzuki  wrote:
> Hi Maven users,
>
> Does anybody know how to query class names in Maven Central Index
> (nexus-maven-repository-index.gz) [1] to get Maven artifacts that
> contain the class?
>
> I'm exploring ways to find Maven artifacts by a class name. For
> example, I want to find which versions of Guava had class
> "com.google.common.util.concurrent.MoreExecutors" with
> "sameThreadExecutor" method. More background is in my GitHub issue
> [2].
>
> I found Central Index page [1] explaining
> nexus-maven-repository-index.gz and use of "luke".
> The Maven Indexer's documentation [3] says I should be able to find
> "classnames" field, but I could not find the field when I opened it in
> luke [4]. Even if helps looking up class name, it might not provide
> method information. Does anybody know how to use the index?
>
> [1]: https://maven.apache.org/repository/central-index.html
> [2]:
> https://github.com/GoogleCloudPlatform/cloud-opensource-java/issues/1095
> [3]:
> https://maven.apache.org/maven-indexer-archives/maven-indexer-LATEST/indexer-core/
> [4]:
> https://user-images.githubusercontent.com/28604/73096813-b67dfe80-3eb3-11ea-82e4-dec1f9ca7519.png
>
> --
> Regards,
> Tomo
>
> -
> To unsubscribe, e-mail: users-unsubscr...@maven.apache.org
> For additional commands, e-mail: users-h...@maven.apache.org
>
> --
Regards,
Tomo

Querying Maven Central Index by Class Name

[Tomo Suzuki]

Hi Maven users,

Does anybody know how to query class names in Maven Central Index
(nexus-maven-repository-index.gz) [1] to get Maven artifacts that
contain the class?

I'm exploring ways to find Maven artifacts by a class name. For
example, I want to find which versions of Guava had class
"com.google.common.util.concurrent.MoreExecutors" with
"sameThreadExecutor" method. More background is in my GitHub issue
[2].

I found Central Index page [1] explaining
nexus-maven-repository-index.gz and use of "luke".
The Maven Indexer's documentation [3] says I should be able to find
"classnames" field, but I could not find the field when I opened it in
luke [4]. Even if helps looking up class name, it might not provide
method information. Does anybody know how to use the index?

[1]: https://maven.apache.org/repository/central-index.html
[2]: https://github.com/GoogleCloudPlatform/cloud-opensource-java/issues/1095
[3]: 
https://maven.apache.org/maven-indexer-archives/maven-indexer-LATEST/indexer-core/
[4]: 
https://user-images.githubusercontent.com/28604/73096813-b67dfe80-3eb3-11ea-82e4-dec1f9ca7519.png

-- 
Regards,
Tomo

-
To unsubscribe, e-mail: users-unsubscr...@maven.apache.org
For additional commands, e-mail: users-h...@maven.apache.org

Re: Unknown lifecycle phase " ".

[Tomo Suzuki]

What command did you run to get the error? I guess you put some
unnecessary white space when you run Maven.
https://stackoverflow.com/questions/18697461/unknown-lifecycle-phase-maven

I could not reproduce the problem:
https://gist.github.com/suztomo/1b053683be08928598ea141f330bb167

Regards,
Tomo

On Tue, Jan 7, 2020 at 12:30 PM sireindera...@gmail.com
 wrote:
>
> Adding users group  too..
>
> mvn -version
>
> *Apache Maven 3.6.3 (cecedd343002696d0abb50b32b541b8a6ba2883f)*
>
> Maven home: /Users//apache-maven-3.6.3
>
> Java version: 1.8.0_231, vendor: Oracle Corporation, runtime:
> /Library/Java/JavaVirtualMachines/jdk1.8.0_231.jdk/Contents/Home/jre
>
> Default locale: en_US, platform encoding: UTF-8
>
> OS name: "mac os x", version: "10.14.6", arch: "x86_64", family: "mac"
>
> On Tue, Jan 7, 2020 at 12:23 PM Tomo Suzuki 
> wrote:
>
> > (I feel users@maven.apache.org is suitable place)
> > What's command to get the error?
> > What does "mvn -version" say?
> >
> > On Tue, Jan 7, 2020 at 12:15 PM sireindera...@gmail.com
> >  wrote:
> > >
> > > Team,
> > >
> > > I am facing the below issue. I am attaching the pom file here for your
> > reference….
> > >
> > > I am facing the same issue even when I change the version. To 1.7 and
> > change target to tasks
> > >
> > >
> > > ==
> > > [ERROR] Unknown lifecycle phase " ". You must specify a valid lifecycle
> > phase or a goal in the format : or
> > :[:]:. Available
> > lifecycle phases are: validate, initialize, generate-sources,
> > process-sources, generate-resources, process-resources, compile,
> > process-classes, generate-test-sources, process-test-sources,
> > generate-test-resources, process-test-resources, test-compile,
> > process-test-classes, test, prepare-package, package, pre-integration-test,
> > integration-test, post-integration-test, verify, install, deploy,
> > pre-clean, clean, post-clean, pre-site, site, post-site, site-deploy. ->
> > [Help 1]
> > > org.apache.maven.lifecycle.LifecyclePhaseNotFoundException: Unknown
> > lifecycle phase " ". You must specify a valid lifecycle phase or a goal in
> > the format : or
> > :[:]:. Available
> > lifecycle phases are: validate, initialize, generate-sources,
> > process-sources, generate-resources, process-resources, compile,
> > process-classes, generate-test-sources, process-test-sources,
> > generate-test-resources, process-test-resources, test-compile,
> > process-test-classes, test, prepare-package, package, pre-integration-test,
> > integration-test, post-integration-test, verify, install, deploy,
> > pre-clean, clean, post-clean, pre-site, site, post-site, site-deploy.
> > > ==
> > >
> > > Thanks in advance for your help.
> > >
> > >
> > > -
> > > To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org
> > > For additional commands, e-mail: dev-h...@maven.apache.org
> >
> >
> >
> > --
> > Regards,
> > Tomo
> >
> > -
> > To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org
> > For additional commands, e-mail: dev-h...@maven.apache.org
> >
> >



-- 
Regards,
Tomo

-
To unsubscribe, e-mail: users-unsubscr...@maven.apache.org
For additional commands, e-mail: users-h...@maven.apache.org

Re: 2 issues with maven version range

[Tomo Suzuki]

> thoughts?

(I don't design or use Maven version ranges)
I agree that the behavior below, such as "5.0.0-SNAPSHOT" < "5", is not
intuitive for users.
Our team in Google recently articulated good practices of maintaining
dependencies. One of the topics is "not to use version range":
https://jlbp.dev/JLBP-14.html .


On Tue, Nov 26, 2019 at 7:09 AM Maarten Mulders  wrote:

> I've recently had the same line of thought...
>
> Many projects publishing "release candidates" or "milestone releases". I
> understand
> this is great for having feedback from their user base, but sometimes
> I'd rather use
> a "stable" version. Although this brings a new question to the table:
> who determines
> what is stable? In the end, it's the author(s) of those projects who
> decide that.
>
> Unfortunately, there seems not to be a default for releasing "release
> candidates"
> or "milestone releases".
>
> Cheers,
>
> Maarten
>
> On November 26, 2019 at 12:57, John Patrick wrote:
>
> > cheers for the information.
> >
> > I expect this might be asking space vs tabs, but do others feel the
> > version range of "[4,5)" should exclude anything starting 5, include
> > 5-SNAPSHOT and any 5...-RC* or 5...-alpha
> >
> > It seams wrong to have to use "[4,4.999)".
> >
> > I understand from a maths point of view and from a order point of view
> > the ordering is correct but from an ease of use, end developers point
> > of view, i should just be able to use "[4,5)"
> >
> > thoughts?
> >
> > On Mon, 25 Nov 2019 at 20:40, Tomo Suzuki 
> > wrote:
> > I believe your cases do not work with version ranges. Version ranges
> > depend
> > on the order of the versions, and thus you cannot filter "-guava".
> >
> > The ordering of version is defined in
> > org.eclipse.aether.util.version.GenericVersion in maven-resolver-util.
> >
> > Example code to check:
> >
> > // GenericVersionScheme is in
> > org.apache.maven.resolver:maven-resolver-util:1.3.3
> > GenericVersionScheme scheme = new GenericVersionScheme();
> > List list = new ArrayList<>();
> > list.add(scheme.parseVersion("4.7.0"));
> > list.add(scheme.parseVersion("4.9.0"));
> > list.add(scheme.parseVersion("5"));
> > list.add(scheme.parseVersion("5.0.0"));
> > list.add(scheme.parseVersion("5.0.0-RC1"));
> > list.add(scheme.parseVersion("5.0.0-SNAPSHOT"));
> > Collections.sort(list);
> > System.out.println(list); // [4.7.0, 4.9.0, 5.0.0-RC1,
> > 5.0.0-SNAPSHOT, 5, 5.0.0]
> >
> > So version "5.0.0-RC1" is smaller than version "5"; you can use [4.7.0,
> > 4.999]".
> >
> > Regards,
> > Tomo
> >
> > On Sun, Nov 24, 2019 at 2:46 PM John Patrick 
> > wrote:
> >
> > i'm trying to start using maven version range more but having issues
> > with things like guava and also it not excluding version i believe
> > should be excluded.
> >
> > 1) i don't think this is possible but it might be, take a look a
> > google guava, it has a jre and a android version. using maven version
> > range how can i say any newer jre version, or any newer android
> > version?
> >
> > https://search.maven.org/artifact/com.google.guava/guava
> >
> > something like [25,) but only the jre maybe [25*-jre,)
> >
> > 2) i'm trying to use the version range "[4.7.0,5) "for
> > io.cucumber:cucumber-core. So i'm expecting it to use 4.8.0, not
> > 5.0.0-RC1 which is being picked up, i.e. mvn dependency:tree -Dverbose
> > -Dincludes=io.cucumber
> >
> > https://search.maven.org/artifact/io.cucumber/cucumber-core
> >
> > what do i need to change "[4.7.0,5)" to do it excludes anything
> > starting 5?
> >
> > or are other people having similar issue so gave using trying to use
> > maven version ranges when declaring dependencies?
> >
> > John
> >
> > -
> > To unsubscribe, e-mail: users-unsubscr...@maven.apache.org
> > For additional commands, e-mail: users-h...@maven.apache.org
> >
> > --
> > Regards,
> > Tomo
>
> -
> To unsubscribe, e-mail: users-unsubscr...@maven.apache.org
> For additional commands, e-mail: users-h...@maven.apache.org
>
> -
> To unsubscribe, e-mail: users-unsubscr...@maven.apache.org
> For additional commands, e-mail: users-h...@maven.apache.org
>
>

-- 
Regards,
Tomo

Re: 2 issues with maven version range

[Tomo Suzuki]

I believe your cases do not work with version ranges. Version ranges depend
on the order of the versions, and thus you cannot filter "-guava".

The ordering of version is defined in
org.eclipse.aether.util.version.GenericVersion in maven-resolver-util.

Example code to check:

// GenericVersionScheme is in
org.apache.maven.resolver:maven-resolver-util:1.3.3
GenericVersionScheme scheme = new GenericVersionScheme();
List list = new ArrayList<>();
list.add(scheme.parseVersion("4.7.0"));
list.add(scheme.parseVersion("4.9.0"));
list.add(scheme.parseVersion("5"));
list.add(scheme.parseVersion("5.0.0"));
list.add(scheme.parseVersion("5.0.0-RC1"));
list.add(scheme.parseVersion("5.0.0-SNAPSHOT"));
Collections.sort(list);
System.out.println(list); // [4.7.0, 4.9.0, 5.0.0-RC1,
5.0.0-SNAPSHOT, 5, 5.0.0]

So version "5.0.0-RC1" is smaller than version "5"; you can use [4.7.0,
4.999]".

Regards,
Tomo

On Sun, Nov 24, 2019 at 2:46 PM John Patrick  wrote:

> i'm trying to start using maven version range more but having issues
> with things like guava and also it not excluding version i believe
> should be excluded.
>
> 1) i don't think this is possible but it might be, take a look a
> google guava, it has a jre and a android version. using maven version
> range how can i say any newer jre version, or any newer android
> version?
>
> https://search.maven.org/artifact/com.google.guava/guava
>
> something like [25,) but only the jre maybe [25*-jre,)
>
> 2) i'm trying to use the version range "[4.7.0,5) "for
> io.cucumber:cucumber-core. So i'm expecting it to use 4.8.0, not
> 5.0.0-RC1 which is being picked up, i.e. mvn dependency:tree -Dverbose
> -Dincludes=io.cucumber
>
> https://search.maven.org/artifact/io.cucumber/cucumber-core
>
> what do i need to change "[4.7.0,5)" to do it excludes anything starting 5?
>
> or are other people having similar issue so gave using trying to use
> maven version ranges when declaring dependencies?
>
> John
>
> -
> To unsubscribe, e-mail: users-unsubscr...@maven.apache.org
> For additional commands, e-mail: users-h...@maven.apache.org
>
>

-- 
Regards,
Tomo

Re: POM parent/import relationship visualization

[Tomo Suzuki]

Hi Mark,

Thank you for response. I tried "Graph" button with NetBeans 11.0, but it
didn't help my case:
[image: image.png]

On Tue, Oct 29, 2019 at 1:51 PM Mark Eggers 
wrote:

>
> On 10/29/2019 9:01 AM, Tomo Suzuki wrote:
> > Hi Marco,
> >
> > Thank you for response. NetBeans' "Effective" almost worked. It showed
> the
> > problematic artifact "grpc-api:1.24.0", which I was looking for, and
> showed
> > it's from "grpc-bom". Great. But I also want to see where this grpc-bom
> > coming from.
> >
> > [image: image.png]
> >
> > Regards,
> > Tomo
> >
>
> There is also a graph layout for poms in NetBeans as well. It shows
> parent-child relationships of dependencies, and will show if a single
> dependency has multiple parents.
>
> Unfortunately, the graph zoom functionality seems to be missing in 11.1
> of the IDE. It was there in 8.2. I haven't downloaded 11.2 yet (almost
> released) to see if the graph zoom functionality has made it back in. If
> not, I should probably open up an enhancement request.
>
> . . . just my two cents
> /mde/
>
>
>

-- 
Regards,
Tomo

Re: POM parent/import relationship visualization

[Tomo Suzuki]

Hi Andy,
"mvn dependency:tree" did not explain why I get grpc-api:1.24.0 in
"dependencyManagement" section.

Hi Thomas,
Thank you. It worked in the same way as NetBeans:

  $ mvn help:effective-pom -Dverbose
  ...
  
io.grpc  
grpc-api  
1.24.0  
  



*What I'm looking for*
Given the effective pom containing grpc-api:1.24.0, I'm looking for this
parent/import information:

com.google.cloud:google-cloud-bom:0.116.1-alpha-SNAPSHOT
  *importing* com.google.cloud:google-cloud-automl:0.114.0-beta  in
dependencyManagement section
*inheriting* com.google.cloud:google-cloud-automl-parent:0.114.0-beta
  *importing* io.grpc:grpc-bom:1.24.0  in dependencyManagement section
*containing* io.grpc:grpc-api:1.24.0 in dependencyManagement section


Is there any tool to help this?

Re: POM parent/import relationship visualization

[Tomo Suzuki]

Hi Marco,

Thank you for response. NetBeans' "Effective" almost worked. It showed the
problematic artifact "grpc-api:1.24.0", which I was looking for, and showed
it's from "grpc-bom". Great. But I also want to see where this grpc-bom
coming from.

[image: image.png]

Regards,
Tomo

POM parent/import relationship visualization

[Tomo Suzuki]

Hi Maven users,

Do you know any visualization tool to show relationship (import/parent) of
POMs?

Background:
Today, I encountered a situation where I had to dig parent/import
relationship of multiple POMs. I had to read pom.xml via search.maven.org
for each POM artifact.
Detail:
https://github.com/GoogleCloudPlatform/cloud-opensource-java/issues/1001 .
I wish I can troubleshoot in a better way next time.

Regards,
Tomo

-- 
Regards,
Tomo

Re: Company-wide pom and dependency management best practices

[Tomo Suzuki]

Hi Nick,

> I see where the different versions for a dependency are coming from?

I use "mvn dependency:tree -Dverbose=true" to get the detail of tree. It
shows unselected nodes.

> how can I make sure that the dependencies in the Spring Boot import take
preference over the other dependency imports

I would also take your approach of "a dependency management pom" (BOM, bill
of materials) to control transitive dependencies.
https://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html#Dependency_Management


On Tue, Aug 6, 2019 at 10:31 AM Nick Stolwijk 
wrote:

> Hi all,
>
> We have a company-wide pom for specific applications. In our case for
> Spring Boot applications. In this pom some of the stuff is for the build
> (plugin management, deployment management) and some for the dependencies
> (scope import for dependencyManagement).
>
> We had a buildproblem where one of the Spring Boot dependencies had the
> wrong version. It turned out the version of one of the dependencies for
> Spring Boot was overridden by another dependencyManagement import.
>
> The first question is, how can I see where the different versions for a
> dependency are coming from? I know of the dependency:tree, but that only
> shows the resolved version and not all the version options.
>
> The second question is, how can I make sure that the dependencies in the
> Spring Boot import take preference over the other dependency imports. My
> idea is to break apart the Spring Boot parent we have into a build pom and
> a dependency management pom and require that every application import the
> dependency import pom as first dependency under dependency management.
> Would this work or am I missing something?
>
> Is there any documentation about the best practices for inheriting build
> configuration and dependency management?
>
> With regards,
>
> Nick Stolwijk
>
> ~~~ Try to leave this world a little better than you found it and, when
> your turn comes to die, you can die happy in feeling that at any rate you
> have not wasted your time but have done your best ~~~
>
> Lord Baden-Powell
>


-- 
Regards,
Tomo

Re: Finding out what the versions plugin did

[Tomo Suzuki]

Hi Mark,

I would either

1. try display-dependency-updates and other display-* goals:

https://www.mojohaus.org/versions-maven-plugin/examples/display-dependency-updates.html

https://www.mojohaus.org/versions-maven-plugin/display-property-updates-mojo.html


2. leverage the backup file(s) created by the versions plugin
before committing.

 “diff pom.xml pom.xml.versionsBackup”

Both approaches still require parsing the output though.

Regards,
Tomo

On Sun, Jul 7, 2019 at 06:09 Mark Raynsford
 wrote:

> Hello!
>
> Is there a machine-readable way I can find out what the Versions plugin
> did after I've executed it? I'm writing a CI task that tries to
> periodically update the dependencies of a project.
>
> Essentially, the task does this:
>
> $ mvn clean verify
> $ mvn -DallowMajorUpdates=false \
>   versions:use-latest-releases \
>   versions:update-properties
> $ mvn clean verify
>
> If the second "clean verify" execution succeeds, then we assume that
> all the new dependency versions are fine. The task then goes on to
> commit the pom.xml changes.
>
> The problem: I'd like to retrieve the list of dependencies that were
> updated (their previous and current versions) so that I can produce a
> nice commit message and changelog entry. I can't seem to get this
> information out of the plugin.
>
> I've seen the documentation for the dependency-updates-report goal, so
> I tried doing this:
>
> $ mvn clean verify
> $ mvn \
>   -DallowMajorUpdates=false \
>   -DdependencyUpdatesReportFormats=xml
>   -DoutputDirectory=. \
>   versions:dependency-updates-report \
>   versions:use-latest-releases \
>   versions:update-properties
> $ mvn clean verify
>
> But this just doesn't appear to produce any output. Am I doing
> something wrong?
>
> Is there some better way to do this?
>
> --
> Mark Raynsford | http://www.io7m.com
>
> --
Regards,
Tomo

Re: Checksum validation failed, no checksums available

[Tomo Suzuki]

Hi James,

You’re using Google’s Maven repository mirror (the URL tells so). It’s
configured by your settings.xml. I would try switching back to Maven
Central by removing the mirror setting.

If switching back to Maven central solves the warnings, then it’s Google’s
mirror problem. If the warnings persist even in Maven central, it’s the
artifacts’ or Maven central’s problem.

Regards,
Tomo

On Sat, Jun 29, 2019 at 02:29 James Leigh 
wrote:

> I'm getting this error recently, never saw this before, any ideas? thanks
>
> [WARNING] Could not validate integrity of download from
>
> https://maven-central.storage-download.googleapis.com/repos/central/data/org/apache/maven/shared/maven-dependency-tree/2.2/maven-dependency-tree-2.2.pom
> :
> Checksum validation failed, no checksums availabl
> [WARNING] Checksum validation failed, no checksums available from
> google-maven-central for
>
> https://maven-central.storage-download.googleapis.com/repos/central/data/org/apache/maven/shared/maven-dependency-tree/2.2/maven-dependency-tree-2.2.po
> [WARNING] Could not validate integrity of download from
>
> https://maven-central.storage-download.googleapis.com/repos/central/data/org/apache/maven/shared/maven-dependency-tree/2.2/maven-dependency-tree-2.2.jar
> :
> Checksum validation failed, no checksums availabl
> [WARNING] Checksum validation failed, no checksums available from
> google-maven-central for
>
> https://maven-central.storage-download.googleapis.com/repos/central/data/org/apache/maven/shared/maven-dependency-tree/2.2/maven-dependency-tree-2.2.ja
>
-- 
Regards,
Tomo

[maven-resolver-api] DefaultRepositorySystemSession to Use a Mirror Repository via settings.xml

[Tomo Suzuki]

Hi Maven users,

Is it possible to configure
maven-resolver-api's DefaultRepositorySystemSession using settings.xml?

My settings.xml contains a Maven central mirror and I want
maven-resolver-api to respect it. However, DefaultRepositorySystemSession
always has NullMirrorSelector and seems to have no methods to read
settings.xml. Asking user mailing list before implementing by my own.

-- 
Regards,
Tomo