** Description changed: == Begin SRU Template == [Impact] - * The Tomcat7 package specifies an incorrect version of the javax.servlet api. If users attempt to use the version specified, 2.2, it will fail trying to find that version as it does not exist at all. - * Currently the version is auto filled in by @MAVEN.DEPLOY.VERSION@, which is used to fill in other fields as well. However, the API versions are not all the same and should not be specified like this. - * The official servlet version for Tomcat 7, 3.0, was specified here: https://jcp.org/en/jsr/detail?id=315 + * The Tomcat7 package specifies an incorrect version of the javax.servlet api. If users attempt to use the version specified, 2.2, it will fail trying to find that version as it does not exist at all. + * Currently the version is auto filled in by @MAVEN.DEPLOY.VERSION@, which is used to fill in other fields as well. However, the API versions are not all the same and should not be specified like this. + * The official servlet version for Tomcat 7, 3.0, was specified here: https://jcp.org/en/jsr/detail?id=315 [Test Case] An example to test Tomcat7 on Trusty. The same instructions can apply to other releases. Overview: Install tomcat7 and attempt to build the pom. It will fail as the built in library specifies a non-existent version of 2.2. - * lxc launch ubuntu-daily:trusty trusty - * lxc exec trusty bash - * apt install tomcat7 maven-debian-helper libmaven-dependency-plugin-java libservlet3.0-java - * wget https://bugs.launchpad.net/ubuntu/+source/tomcat7/+bug/1664179/+attachment/4818104/+files/pom.xml - * mvn-deiban -q generate-sources -X + * lxc launch ubuntu-daily:trusty trusty + * lxc exec trusty bash + * apt install tomcat7 maven-debian-helper libmaven-dependency-plugin-java libservlet3.0-java + * wget https://bugs.launchpad.net/ubuntu/+source/tomcat7/+bug/1664179/+attachment/4818104/+files/pom.xml + * mvn-debian -q generate-sources -X [Regression Potential] - * Users currently experiencing this issue would be expecting a SRU fix to come from us. Working around it would require changing the /usr/share/maven-repo/javax/servlet/jsp/jsp-api/2.2/jsp-api-2.2.pom to use the 3.0 version. This fix does the same thing. - * There is the slight, albeit incredibly low chance, that someone actually has scripted something to modify the package itself and swap out @MAVEN.DEPLOY.VERSION@ to the correct value. - * The tomcat8 package has gone away from using @MAVEN.DEPLOY.VERSION@ in favor of specifying the exact version as well to avoid this type of mismatch. + * Users currently experiencing this issue would be expecting a SRU fix to come from us. Working around it would require changing the /usr/share/maven-repo/javax/servlet/jsp/jsp-api/2.2/jsp-api-2.2.pom to use the 3.0 version. This fix does the same thing. + * There is the slight, albeit incredibly low chance, that someone actually has scripted something to modify the package itself and swap out @MAVEN.DEPLOY.VERSION@ to the correct value. + * The tomcat8 package has gone away from using @MAVEN.DEPLOY.VERSION@ in favor of specifying the exact version as well to avoid this type of mismatch. [Other Info] Hi, Ubuntu 16.04.1 LTS, libservlet3.0-java=7.0.68-1ubuntu0.1 In /usr/share/maven-repo/javax/servlet/jsp/jsp-api/2.2/jsp-api-2.2.pom file that belongs to libservlet3.0-java there is the following dependency: <dependency> <groupId>javax.servlet</groupId> <artifactId>servlet-api</artifactId> <version>2.2</version> <scope>compile</scope> </dependency> But there is no corresponding javax.servlet:servlet-api:2.2 in /usr/share/maven-repo. So if I try to build some Java library that depends on javax.servlet.jsp:jsp-api:2.2 with mvn-debian, I cannot do it due to wrong transitive dependency. I've attached a test pom.xml to reproduce the bug: ubuntu@build:~$ ls -la pom.xml -rw-rw-r-- 1 ubuntu ubuntu 1185 Feb 13 10:12 pom.xml ubuntu@build:~$ ubuntu@build:~$ mvn-debian -q generate-sources find: ‘/usr/share/maven-repo/org/codehaus/plexus/plexus-compiler/*/*.jar’: No such file or directory find: ‘/usr/share/maven-repo/org/codehaus/plexus/plexus-compilers/*/*.jar’: No such file or directory find: ‘/usr/share/maven-repo/org/codehaus/plexus/plexus-containers/*/*.jar’: No such file or directory [ERROR] Failed to execute goal on project yyy: Could not resolve dependencies for project xxx:yyy:pom:debian: Cannot access central (https://repo.maven.apache.org/maven2) in offline mode and the artifact javax.servlet:servlet-api:jar:2.2 has not been downloaded from it before. -> [Help 1] [ERROR] [ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch. [ERROR] Re-run Maven using the -X switch to enable full debug logging. [ERROR] [ERROR] For more information about the errors and possible solutions, please read the following articles: [ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/DependencyResolutionException ubuntu@build:~$ I believe that javax.servlet.jsp:jsp-api:2.2 should list javax.servlet :servlet-api:3.0 as dependency, not 2.2 == End SRU Template ==
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1664179 Title: Wrong POM dependency in javax.servlet.jsp:jsp-api:2.2 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tomcat7/+bug/1664179/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
