Pom/Bom dependency issue
by Max Magee
Hi All,
I'm attempting to upgrade from an older version of resteasy-jaxb-provider
(3.0.6) to 4.0.0.Final due to some dependency conflicts on a larger project
that got resteasy-jackson2-provider, several com.fasterxml.jackson.core
dependency version bumps and jackson-databind version bumps for unrelated
reasons.
My question is about the maven packaging/pom configuration. I am using a
the maven-ant-tasks plugin from Apache (but I see the same issue/warning
messages resolving dependencies from maven central through the mvn command
line directly). The problem with the ant task may be three-fold: The
ant-maven task errors out when it can't read the poms (this is probably
mostly a *me/us *problem with our tooling). Secondly, it looks like some of
the pom configuration in the resteasy/jboss projects is possibly too
complicated for it or possibly even misconfigured (the errors I see in both
maven and ant tasks are related to not finding the parent-pom for the
project). Finally, the third issue I noticed may be a regression in maven
3.6.1 that causes it not to follow redirects.
That's a lot to parse, but let me break it down into pieces to see if
somebody may have an idea for a better way to resolve this issue.
1.) When upgrading to 4.0.0.Final (after fixing two or three differences
due to functionality changes, getting everything compiling), I am getting
the following errors when pulling it from the repo:
[artifact:dependencies] Downloading:
org/glassfish/jaxb/jaxb-runtime/2.3.1/jaxb-runtime-2.3.1.pom from
repository singlewire.public at
http://nexus.singlewire.lan:8081/nexus/content/groups/public/
[artifact:dependencies] Transferring 8K from singlewire.public
[artifact:dependencies] Downloading:
com/sun/xml/bind/jaxb-bom-ext/2.3.1/jaxb-bom-ext-2.3.1.pom from repository
releases.java.net at http://maven.java.net/content/repositories/releases/
[artifact:dependencies] Transferring 0K from releases.java.net
[artifact:dependencies] [WARNING] *** CHECKSUM FAILED - Checksum failed on
download: local = '073af964da9bb8a3b83c9c9dfc3568f1e12a9479'; remote =
'<html>
[artifact:dependencies] <head><title>301' - RETRYING
[artifact:dependencies] Downloading:
com/sun/xml/bind/jaxb-bom-ext/2.3.1/jaxb-bom-ext-2.3.1.pom from repository
releases.java.net at http://maven.java.net/content/repositories/releases/
[artifact:dependencies] Transferring 0K from releases.java.net
[artifact:dependencies] [WARNING] *** CHECKSUM FAILED - Checksum failed on
download: local = '073af964da9bb8a3b83c9c9dfc3568f1e12a9479'; remote =
'<html>
[artifact:dependencies] <head><title>301' - IGNORING
*[artifact:dependencies] An error has occurred while processing the Maven
artifact tasks.*
*[artifact:dependencies] Diagnosis:*
*[artifact:dependencies]*
*[artifact:dependencies] Unable to resolve artifact: Unable to get
dependency information: Unable to read the metadata file for artifact
'org.glassfish.jaxb:jaxb-runtime:jar': Cannot find parent:
com.sun.xml.bind:jaxb-bom-ext for project:
com.sun.xml.bind.mvn:jaxb-parent:pom:null for project
com.sun.xml.bind.mvn:jaxb-parent:pom:null*
*[artifact:dependencies] org.glassfish.jaxb:jaxb-runtime:jar:2.3.1*
[artifact:dependencies]
[artifact:dependencies] from the specified remote repositories:
[artifact:dependencies] singlewire.mirror (
http://nexus:8081/nexus/content/groups/public/),
[artifact:dependencies] central (http://repo1.maven.org/maven2),
[artifact:dependencies] singlewire.public (
http://nexus.singlewire.lan:8081/nexus/content/groups/public/)
[artifact:dependencies]
[artifact:dependencies] Path to dependency:
[artifact:dependencies] 1) my.project:war:12.9.1-SNAPSHOT
[artifact:dependencies] 2)
org.jboss.resteasy:resteasy-jaxb-provider:jar:4.0.0.Final
2.) When I inspect the contents of the repo it's crashing on, jaxb-bom-ext,
this is the content of
~/.m2/repository/com/sun/xml/bind/jaxb-bom-ext/2.3.1/jaxb-bom-ext-2.3.1.pom:
<html>
<head><title>301 Moved Permanently</title></head>
<body bgcolor="white">
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx/1.12.1</center>
</body>
</html>
3.) When I investigate our nexus repo and directly download the file, it
seems to contain the appropriate content, as does the repo at maven.java.net
:
https://maven.java.net/content/repositories/releases/com/sun/xml/bind/jax...
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="
http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="
http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<link type="text/css" id="dark-mode" rel="stylesheet" href=""/>
<style type="text/css" id="dark-mode-custom-style"/>
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.glassfish.jaxb</groupId>
<artifactId>jaxb-bom</artifactId>
<relativePath>../bom/pom.xml</relativePath>
<version>2.3.1</version>
</parent>
<groupId>com.sun.xml.bind</groupId>
<artifactId>jaxb-bom-ext</artifactId>
<packaging>pom</packaging>
<name>JAXB BOM with ALL dependencies</name>
<description>
JAXB Bill of Materials (BOM) with all dependencies. If you are not sure -
DON'T USE THIS BOM. Use com.sun.xml.bind:jaxb-bom instead.
</description>
...
That description isn't super-reassuring, but I assume the packager knows
what s/he *is *sure. I noticed, too, that although our repo is trying to
grab the dependency from *http://*maven.java.net
Downloading: com/sun/xml/bind/jaxb-bom-ext/2.3.1/jaxb-bom-ext-2.3.1.pom
from repository releases.java.net at
http://maven.java.net/content/repositories/releases/
Visiting the actual site redirects to *https*, so that may be the initial
cause for the 301- mvn is downloading the 301 error page into the "pom"
location, which is really strange behavior. The only thing I found from
googling around for this issue is a decade-old bug report of this happening
in 2010 <https://issues.apache.org/jira/browse/MNG-4734> that has long
since been closed/fixed/merged. ¯\_(ツ)_/¯
When I visited the maven central repo and grabbed the
jaxb-bom-ext-2.3.1.pom then manually shoved it into my local m2 repo, I got
slightly further-
[artifact:dependencies] Unable to resolve artifact: Unable to get
dependency information: Unable to read the metadata file for artifact
'org.glassfish.jaxb:jaxb-runtime:jar': Cannot find parent:
*org.glassfish.jaxb:jaxb-bom* for project:
com.sun.xml.bind:jaxb-bom-ext:pom:null for project
com.sun.xml.bind:jaxb-bom-ext:pom:null
[artifact:dependencies] org.glassfish.jaxb:jaxb-runtime:jar:2.3.1
My local m2 version of the pom for the jaxb-bom dependency looks like this:
<html>
<head><title>301 Moved Permanently</title></head>
<body bgcolor="white">
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx/1.12.1</center>
</body>
</html>
When I do the same manual installation procedure for jaxb-bom as for
jaxb-bom-ext above, everything is happy:
[artifact:dependencies] Downloading:
org/glassfish/jaxb/txw2/2.3.1/txw2-2.3.1.pom from repository
singlewire.public at
http://nexus.singlewire.lan:8081/nexus/content/groups/public/
[artifact:dependencies] Transferring 4K from singlewire.public
[artifact:dependencies] Downloading:
org/glassfish/jaxb/txw2/2.3.1/txw2-2.3.1.jar from repository
singlewire.public at
http://nexus.singlewire.lan:8081/nexus/content/groups/public/
[artifact:dependencies] Transferring 69K from singlewire.public
I get two additional artifacts form jaxb and I'm off to the races.
Super strange behavior, but after struggling with this and our build tools
for a couple of days, I decided to just revert back from 4.0.0.Final to
3.0.6.Final, manually exclude and pull versions are compatible across those
versions (jackson-module-jaxb-annotations and jaxrs-api, specifically) some
conflicts and I have no issues pulling dependencies. I'd like to pull in
the latest dependencies, since I'm sure there are performance and security
tweaks here and there that would be nice to pick up, and it seems really
strange that maven's behavior is blocking this.
Any thoughts or theories?
--
Max Magee
5 years, 7 months
- 2
- 2
- ← Newer
- 1
- Older →