Re: [VOTE] Release Apache Maven Resolver version 1.4.1

2019-08-16 Thread Sylwester Lachiewicz
+1

czw., 15 sie 2019, 14:02 u┼╝ytkownik Tibor Digana 
napisał:

> Here is mine +1.
>
> On Thu, Aug 15, 2019 at 1:53 PM Tibor Digana 
> wrote:
>
> > Hi,
> >
> > We solved 1 issue:
> >
> >
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12320628=12345950
> >
> > There are still a couple of issues left in JIRA:
> >
> >
> https://issues.apache.org/jira/i#issues/?jql=project+%3D+MRESOLVER+AND+status+%3D+Open+ORDER+BY+priority+DESC
> >
> > Staging repo:
> > https://repository.apache.org/content/repositories/maven-1526
> >
> >
> https://repository.apache.org/content/repositories/maven-1526/org/apache/maven/resolver/maven-resolver/1.4.1/maven-resolver-1.4.1-source-release.zip
> >
> > Source release checksum(s):
> > maven-resolver-1.4.1-source-release.zip sha512:
> >
> e90430f551513603b40de8401fec66998959c5e1744ccd1241228dec062334f51eb4395ef2c0afd9550d092017bf5431cc69985e8c410bd7e1d46c77fb50ffb0
> >
> > Staging site:
> >
> >
> https://svn.apache.org/repos/asf/maven/website/components/resolver-archives/resolver-LATEST
> >
> > Guide to testing staged releases:
> > http://maven.apache.org/guides/development/guide-testing-releases.html
> >
> > Vote open for 72 hours.
> >
> > [ ] +1
> > [ ] +0
> > [ ] -1
> >
>


plugins share common repository on one Jenkins node

2019-08-16 Thread Tibor Digana
The builds on a Jenkins node should be isolated. The paths of local
repository should be distinct. Therefore we used the trick with
EXECUTOR_NUMBER:

https://gitbox.apache.org/repos/asf?p=maven-jenkins-lib.git;a=blob;f=vars/asfMavenTlpPlgnBuild.groovy;h=e4576ac12e9dec73aee0540fa9aab37fd507d614;hb=HEAD#l150

This is the path and wrong because it is not distinct!
Local Repo (linux-jdk11-m3.6.x_build): ../.maven_repositories/null

The problem is that the code is not serialized on the particular Jenkins
node and executor.
Thus we observed errors in Archetype builds when running integration tests
via maven-invoker-plugin:

[INFO] Building: build-and-run-its\pom.xml
[INFO] run post-build script verify.groovy
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by
org.codehaus.groovy.reflection.CachedClass
(file:/F:/short/.maven_repositories/null/org/codehaus/groovy/groovy-all/2.4.8/groovy-all-2.4.8.jar)
to method java.lang.Object.finalize()

So I moved the code into the targeting execution block:

https://gitbox.apache.org/repos/asf?p=maven-jenkins-lib.git;a=commitdiff;h=aee445426dac012af4326c0b80c93422200c2a56

and the logs look promissing now:

Local Repo (windows-jdk11-m3.6.x_build): ../.maven_repositories/0
Local Repo (windows-jdk12-m3.6.x_build): ../.maven_repositories/1
Local Repo (windows-jdk13-m3.6.x_build): ../.maven_repositories/2

-- 
Cheers
Tibor


Re: [maven-core] Feedback wanted: MNG-6732 DefaultArtifactDescriptorReader.loadPom to check IGNORE_MISSING policy upon ArtifactTransferException

2019-08-16 Thread Tomo Suzuki
Hi Enrico,

Thank you. I responded to your comment; I don't think of a newly
introduced unpredictable behavior.

On Thu, Aug 15, 2019 at 1:10 PM Enrico Olivelli  wrote:

> Tomo,
> I left a comment on github
>
> Cheers
> Enrico
>
> Il gio 15 ago 2019, 18:05 Tomo Suzuki  ha
> scritto:
>
> > Hi Maven developers,
> >
> > I appreciate if somebody can give feedback on my raised issue and pull
> > request.
> >
> > [MNG-6732] - DefaultArtifactDescriptorReader.loadPom to check
> > IGNORE_MISSING policy upon ArtifactTransferException
> > https://issues.apache.org/jira/browse/MNG-6732
> > https://github.com/apache/maven/pull/277
> >
> > --
> > Regards,
> > Tomo
> >
>


-- 
Regards,
Tomo


Re: [VOTE] Release Apache Maven Resolver version 1.4.1

2019-08-16 Thread Michael Osipov

Am 2019-08-15 um 13:53 schrieb Tibor Digana:

Hi,

We solved 1 issue:
https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12320628=12345950

There are still a couple of issues left in JIRA:
https://issues.apache.org/jira/i#issues/?jql=project+%3D+MRESOLVER+AND+status+%3D+Open+ORDER+BY+priority+DESC

Staging repo:
https://repository.apache.org/content/repositories/maven-1526
https://repository.apache.org/content/repositories/maven-1526/org/apache/maven/resolver/maven-resolver/1.4.1/maven-resolver-1.4.1-source-release.zip

Source release checksum(s):
maven-resolver-1.4.1-source-release.zip sha512:
e90430f551513603b40de8401fec66998959c5e1744ccd1241228dec062334f51eb4395ef2c0afd9550d092017bf5431cc69985e8c410bd7e1d46c77fb50ffb0

Staging site:
https://svn.apache.org/repos/asf/maven/website/components/resolver-archives/resolver-LATEST

Guide to testing staged releases:
http://maven.apache.org/guides/development/guide-testing-releases.html

Vote open for 72 hours.


+1

-
To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org
For additional commands, e-mail: dev-h...@maven.apache.org



RE: MASSEMBLY-918 proposal

2019-08-16 Thread abrarov
Hi Enrico,

Yes, I need just root:root for the task I described, but it doesn't look like 
correct (generic) solution to add just flag for the "root ownership", because 
its implementation looks as hard (easy for smbd) as adding possibility to 
specify both user and group.

Marat.


-
To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org
For additional commands, e-mail: dev-h...@maven.apache.org



Re: MASSEMBLY-918 proposal

2019-08-16 Thread Enrico Olivelli
Marat,
Sorry for late reply.

Il lun 29 lug 2019, 19:00  ha scritto:

> Hi community.
>
> I use Maven with Maven Resources plugin and Dockerfile Maven plugin
> (https://github.com/spotify/dockerfile-maven) for building my Docker
> images
> and this approach works fine (much better than shell scripts) except one
> issue - refer to "The backlash of chmod/chown/mv in your Dockerfile"
> article
> (
> https://medium.com/@lmakarov/the-backlash-of-chmod-chown-mv-in-your-dockerf
> ile-f12fe08c0b55
> ).
> I was able to solve this issue in terms of location and
> file / directory permissions with Maven Assembly plugin and TAR format but
> ownership of files and directories is still an issue - refer to
> https://issues.apache.org/jira/browse/MASSEMBLY-918 for details.
>


So you need to create tar files with root:root as owner of files?

Enrico

>
> This issue with ownership is important for the business project I work in
> because this issue becomes security issue (well, it's **minor** security
> issue to be honest, but I'd prefer to not prove that for software security
> team but just fix the issue) when Red Hat OpenShift and RHEL 7 are used,
> i.e. the same issue may be important for other business projects
> ("corporates") utilizing the same (popular) stack.
>
> I implemented PoC which demonstrates that MASSEMBLY-918 can be easily
> solved
> (refer to issue description). It's still PoC because it doesn't follow all
> the rules required for official pull requests and contains no unit tests
> for
> the new feature I implemented.
>
> I'd like to understand:
>
> 1. If MASSEMBLY-918 is actual for other developers? Does anybody else use
> Maven for building of Docker images and have the same limits because of
> RHEL
> and OpenShift?
> 2. Does it make sense to invest into official pull requests for further
> promotion of changes (these changes may be helpful not only for building of
> Docker images)?
>
> Thank you.
>
> Regards,
> Marat Abrarov.
>
>
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org
> For additional commands, e-mail: dev-h...@maven.apache.org
>
>