Brett Would this be something like Nexus?
Thanks Regards On Tue, 2009-09-22 at 18:32 +1000, Brett Porter wrote: > ServiceMix need to update their examples since they are pointing to an > old domain name they apparently no longer own - you're going to need > to ask them. > > BTW, a more robust set up you can work with is to put a repository > manager in place - you can direct all your maven requests to it and > then filter out bad repositories such as this (since commons-pool can > easily be found on the existing Maven repositories). > > - Brett > > On 22/09/2009, at 6:19 PM, Richard Taylor wrote: > > > Nick > > > > I have followed the tutorials on the ServiceMix site to the letter. > > > > The repositories in the pom.xml file are: > > > > <repositories> > > <repository> > > <releases /> > > <snapshots> > > <enabled>false</enabled> > > </snapshots> > > <id>apache</id> > > <name>Apache Repository</name> > > > > <url>http://people.apache.org/repo/m2-ibiblio-rsync-repository</url> > > </repository> > > <repository> > > <releases> > > <enabled>false</enabled> > > </releases> > > <snapshots /> > > <id>apache.snapshots</id> > > <name>Apache Snapshots Repository</name> > > <url>http://people.apache.org/repo/m2-snapshot-repository</url> > > </repository> > > </repositories> > > <pluginRepositories> > > <pluginRepository> > > <releases /> > > <snapshots> > > <enabled>false</enabled> > > </snapshots> > > <id>apache</id> > > <name>Apache Repository</name> > > > > <url>http://people.apache.org/repo/m2-ibiblio-rsync-repository</url> > > </pluginRepository> > > <pluginRepository> > > <releases> > > <enabled>false</enabled> > > </releases> > > <snapshots /> > > <id>apache.snapshots</id> > > <name>Apache Snapshots Repository</name> > > <url>http://people.apache.org/repo/m2-snapshot-repository</url> > > </pluginRepository> > > </pluginRepositories> > > > > these were generated by > > > > mvn archetype:create > > -DarchetypeArtifactId=servicemix-service-unit > > -DarchetypeGroupId=org.apache.servicemix.tooling > > -DartifactId=tutorial-file-su > > > > Hunting through the build logs I find this: > > > > Downloading: > > http://people.apache.org/repo/m2-ibiblio-rsync-repository/commons-pool/commons-pool/1.3/commons-pool-1.3.pom > > [INFO] Unable to find resource 'commons-pool:commons-pool:pom:1.3' in > > repository apache > > (http://people.apache.org/repo/m2-ibiblio-rsync-repository) > > Downloading: > > http://svn.apache.org/repos/asf/servicemix/m2-repo/commons-pool/commons-pool/1.3/commons-pool-1.3.pom > > [INFO] Unable to find resource 'commons-pool:commons-pool:pom:1.3' in > > repository servicemix-m2-repo > > (http://svn.apache.org/repos/asf/servicemix/m2-repo) > > Downloading: > > http://people.apache.org/repo/m2-incubating-repository/commons-pool/commons-pool/1.3/commons-pool-1.3.pom > > [INFO] Unable to find resource 'commons-pool:commons-pool:pom:1.3' in > > repository apache-incubating > > (http://people.apache.org/repo/m2-incubating-repository) > > Downloading: > > http://repository.codehaus.org/commons-pool/commons-pool/1.3/commons-pool-1.3.pom > > [INFO] Unable to find resource 'commons-pool:commons-pool:pom:1.3' in > > repository codehaus (http://repository.codehaus.org) > > Downloading: > > http://download.java.net/maven/1/commons-pool/poms/commons- > > pool-1.3.pom > > [INFO] Unable to find resource 'commons-pool:commons-pool:pom:1.3' in > > repository java.net (http://download.java.net/maven/1) > > Downloading: > > http://servicemix.org/m2-repo/commons-pool/commons-pool/1.3/commons-pool-1.3.pom > > [WARNING] *** CHECKSUM FAILED - Checksum failed on download: local = > > '1559863a375499e55c9adee606c51a69e546b69a'; remote = '<!DOCTYPE' - > > RETRYING > > Downloading: > > http://servicemix.org/m2-repo/commons-pool/commons-pool/1.3/commons-pool-1.3.pom > > 8K downloaded (commons-pool-1.3.pom) > > [WARNING] *** CHECKSUM FAILED - Checksum failed on download: local = > > '1559863a375499e55c9adee606c51a69e546b69a'; remote = '<!DOCTYPE' - > > IGNORING > > [WARNING] POM for 'commons-pool:commons-pool:pom:1.3:provided' is > > invalid. > > > > The project pom.xml file has a <url>http://servicemix.org/</url>. This > > site resolves to a site for a car performance chip company. Their web > > site always returns the home page regardless of the page requested, > > rather than a 404. > > > > Does maven's repository resolution fallback to the project pom.xml URL > > as a last resort if a file can't be found in one of the other > > repositories? > > > > Why would it keep the file that failed the checksum anyway? > > > > Thanks for the quick response. > > > > Regards > > > > Richard > > > > > > > > On Tue, 2009-09-22 at 10:09 +0200, Nick Stolwijk wrote: > >> As you are the first one to notice this, I would think it would be or > >> your local computer or your company repository. Which repositories > >> are > >> you using for your project? > >> > >> With regards, > >> > >> Nick Stolwijk > >> ~Java Developer~ > >> > >> IPROFS BV. > >> Claus Sluterweg 125 > >> 2012 WS Haarlem > >> http://www.iprofs.nl > >> > >> > >> > >> On Tue, Sep 22, 2009 at 9:47 AM, Richard Taylor > >> <[email protected]> wrote: > >>> Hi > >>> > >>> I am completely new to maven, just running through some ServiceMix > >>> tutorials (completely new to that too). > >>> > >>> Tracking down a 'mvn install' failure that said: > >>> > >>> [INFO] > >>> ------------------------------------------------------------------------ > >>> [ERROR] BUILD FAILURE > >>> [INFO] > >>> ------------------------------------------------------------------------ > >>> [INFO] Compilation failure > >>> > >>> error: error > >>> reading /home/rjt/.m2/repository/org/springframework/spring-dao/ > >>> 2.0.6/spring-dao-2.0.6.jar; error in opening zip file > >>> error: error > >>> reading /home/rjt/.m2/repository/org/springframework/spring- > >>> support/2.0.6/spring-support-2.0.6.jar; error in opening zip file > >>> error: error > >>> reading /home/rjt/.m2/repository/xerces/xerces/2.0.2/ > >>> xerces-2.0.2.jar; > >>> error in opening zip file > >>> > >>> I discover that the contents of these files are all spam web pages > >>> with > >>> the title: "Truck Performance Chips". I then searched my local > >>> repository for the same string and I get: > >>> > >>> grep -r Truck\ Performance\ Chips * > >>> commons-collections/commons-collections/2.1/commons- > >>> collections-2.1.pom:<title>Car & Truck Performance Chips</title> > >>> commons-pool/commons-pool/1.2/commons-pool-1.2.pom:<title>Car & > >>> Truck Performance Chips</title> > >>> commons-pool/commons-pool/1.3/commons-pool-1.3.pom:<title>Car & > >>> Truck Performance Chips</title> > >>> org/springframework/spring-beans/2.0.6/spring- > >>> beans-2.0.6.pom:<title>Car > >>> & Truck Performance Chips</title> > >>> org/springframework/spring-core/2.0.6/spring- > >>> core-2.0.6.pom:<title>Car > >>> & Truck Performance Chips</title> > >>> org/springframework/spring-dao/2.0.6/spring-dao-2.0.6.pom:<title>Car > >>> & Truck Performance Chips</title> > >>> org/springframework/spring-dao/2.0.6/spring-dao-2.0.6.jar:<title>Car > >>> & Truck Performance Chips</title> > >>> org/springframework/spring-context/2.0.6/spring- > >>> context-2.0.6.pom:<title>Car & Truck Performance Chips</title> > >>> org/springframework/spring-support/2.0.6/spring- > >>> support-2.0.6.jar:<title>Car & Truck Performance Chips</title> > >>> org/springframework/spring-support/2.0.6/spring- > >>> support-2.0.6.pom:<title>Car & Truck Performance Chips</title> > >>> xerces/xerces/2.0.2/xerces-2.0.2.jar:<title>Car & Truck > >>> Performance > >>> Chips</title> > >>> xerces/xerces/2.0.2/xerces-2.0.2.pom:<title>Car & Truck > >>> Performance > >>> Chips</title> > >>> > >>> This all looks very worrying. It suggests that one of the online > >>> repositories has been infiltrated. > >>> > >>> Is there anyway to discover which repository these files came from? > >>> > >>> I am beginning to worry about safety of using all this code pulled > >>> automatically from online repositories :-( > >>> > >>> Regards > >>> > >>> Richard > >>> > >>> > >>> > >>> The information contained in this E-Mail and any subsequent > >>> correspondence is private and is intended solely for the intended > >>> recipient(s). The information in this communication may be > >>> confidential and/or legally privileged. Nothing in this e-mail is > >>> intended to conclude a contract on behalf of QinetiQ or make QinetiQ > >>> subject to any other legally binding commitments, unless the e-mail > >>> contains an express statement to the contrary or incorporates a > >>> formal Purchase Order. > >>> > >>> For those other than the recipient any disclosure, copying, > >>> distribution, or any action taken or omitted to be taken in reliance > >>> on such information is prohibited and may be unlawful. > >>> > >>> Emails and other electronic communication with QinetiQ may be > >>> monitored and recorded for business purposes including security, > >>> audit > >>> and archival purposes. Any response to this email indicates consent > >>> to this. > >>> > >>> Telephone calls to QinetiQ may be monitored or recorded for quality > >>> control, security and other business purposes. > >>> > >>> QinetiQ Limited > >>> Registered in England & Wales: Company Number:3796233 > >>> Registered office: 85 Buckingham Gate, London SW1E 6PD, United > >>> Kingdom > >>> Trading address: Cody Technology Park, Cody Building, Ively Road, > >>> Farnborough, Hampshire, GU14 0LX, United Kingdom > >>> http://www.qinetiq.com/home/notices/legal.html > >>> > >>> --------------------------------------------------------------------- > >>> To unsubscribe, e-mail: [email protected] > >>> For additional commands, e-mail: [email protected] > >>> > >>> > > > > > > The QinetiQ e-mail privacy policy and company information is > > detailed elsewhere in the body of this email. > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [email protected] > > For additional commands, e-mail: [email protected] > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > The QinetiQ e-mail privacy policy and company information is detailed elsewhere in the body of this email. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
