1 2 Previous Next 25 Replies Latest reply on Jul 11, 2007 11:07 AM by pgier Go to original post
      • 15. Re: MAVEN: activation-1.0.2.jar not being fetched
        pgier

         

        "adrian@jboss.org" wrote:
        "scott.stark@jboss.org" wrote:

        Your checkin included a number of invalid references to C:/Java/jdk/jdk1.5.0_10/lib/tools.jar. Why is this needed? I removed its use so that the eclipse projects would build for me.


        It's coming from a dependency in the javassist pom.
        God knows why? Javassist has its compiler. It shouldn't need tools.jar? :-)


        Javassist has a class called HotSwapper.java that uses the "com.sun.jdi" packages. That's why I included tools.jar in its build. Maybe there is a different way to do this?

        • 16. Re: MAVEN: activation-1.0.2.jar not being fetched

           

          "pgier" wrote:

          If you try to download from the old location, it should give you a message that you need to point to the new location.


          What do you mean "give you a message"?
          Why didn't Kabir's build pick up the same thirdparty dependencies that my build does?

          This is the key issue that needs to be resolved. How do we know this build is
          reproducable given we're likely to have any old rubbish in our local repositories
          from other maven builds?

          i.e. How can we be sure that we can checkout the JBossMC-2.0.0.GA tag from SVN
          and rebuild the same binaries as we had when it was released 6 months earlier?

          Even if the current Maven build gave me the confidence that this works,
          I'm not convinced we have the procedures to lockdown repository.jboss.com
          to avoid tampering with old releases/dependencies (however unintentional).

          • 17. Re: MAVEN: activation-1.0.2.jar not being fetched
            kconner

             

            "adrian@jboss.org" wrote:
            Why didn't Kabir's build pick up the same thirdparty dependencies that my build does?

            This may be a consequence of the transitive dependency resolution that I have been chasing down today. I want to centralise the versions in the parent pom so that this is tidied up.

            "adrian@jboss.org" wrote:
            This is the key issue that needs to be resolved. How do we know this build is
            reproducable given we're likely to have any old rubbish in our local repositories
            from other maven builds?

            Can you follow up on my posting then ;)

            http://www.jboss.com/index.html?module=bb&op=viewtopic&t=113228

            • 18. Re: MAVEN: activation-1.0.2.jar not being fetched

               

              "pgier" wrote:

              Javassist has a class called HotSwapper.java that uses the "com.sun.jdi" packages. That's why I included tools.jar in its build. Maybe there is a different way to do this?


              That's an optional add-on. It will only work on Sun's JDK.

              It shouldn't be introducing dependencies into projects that use javassist.

              Also there's a better (more portable) api from JDK5 anyway
              http://java.sun.com/j2se/1.5.0/docs/api/java/lang/instrument/Instrumentation.html

              But these are really issues that need to be taken up with Chiba in the javassist forum.

              • 19. Re: MAVEN: activation-1.0.2.jar not being fetched
                pgier

                 

                "adrian@jboss.org" wrote:
                "pgier" wrote:

                If you try to download from the old location, it should give you a message that you need to point to the new location.


                What do you mean "give you a message"?
                Why didn't Kabir's build pick up the same thirdparty dependencies that my build does?

                This is the key issue that needs to be resolved. How do we know this build is
                reproducable given we're likely to have any old rubbish in our local repositories
                from other maven builds?

                i.e. How can we be sure that we can checkout the JBossMC-2.0.0.GA tag from SVN
                and rebuild the same binaries as we had when it was released 6 months earlier?


                It should display a warning similar to this if you use the old location (sun-jaf):

                [WARNING] While downloading sun-jaf:activation:1.0.2
                 This artifact has been relocated to javax.activation:activation:1.0.2.
                 This file has been relocated based on maven recommendations: http://maven.apache.org/guides/mini/guide-coping-with-sun-jars.html
                

                I'm thinking that the best way to handle reproducing old builds is to keep a copy of the contents of the local repo when doing a release. That way if an old release needs to be rebuilt, the local repository can be refreshed, and the build can be done off-line.

                I think the amount of "old rubbish" in our repository will be increased if we can never make any changes to files or directory locations. If we keep our release builds off-line without using any remote repository and we save the build environment, then we can be sure that we can redo the build. None of this is set up yet, but it is probably what needs to be done.
                Does this sound like a better solution?



                • 20. Re: MAVEN: activation-1.0.2.jar not being fetched

                   

                  "pgier" wrote:

                  I'm thinking that the best way to handle reproducing old builds is to keep a copy of the contents of the local repo when doing a release. That way if an old release needs to be rebuilt, the local repository can be refreshed, and the build can be done off-line.

                  I think the amount of "old rubbish" in our repository will be increased if we can never make any changes to files or directory locations. If we keep our release builds off-line without using any remote repository and we save the build environment, then we can be sure that we can redo the build. None of this is set up yet, but it is probably what needs to be done.
                  Does this sound like a better solution?


                  Is the local repo tagged in SVN when there is a release?
                  Is that part of repository.jboss.com "write protected" once a release has been confirmed?

                  • 21. Re: MAVEN: activation-1.0.2.jar not being fetched

                     

                    "pgier" wrote:

                    It should display a warning similar to this if you use the old location (sun-jaf):

                    
                    [WARNING] While downloading sun-jaf:activation:1.0.2
                     This artifact has been relocated to javax.activation:activation:1.0.2.
                     This file has been relocated based on maven recommendations: http://maven.apache.org/guides/mini/guide-coping-with-sun-jars.html
                    



                    Why doesn't it just fix it itself? i.e. download javax.activation such that Kabir's build works?

                    This WARNING is pretty useless. Given the amount of output about
                    1) Deprecated code use
                    2) Missing/invalid checksums
                    3) Junk that only a Maven developer would understand
                    4) All the output from the tests wizzing past
                    5) etc.

                    You're unlikely to spot it, even if you know what to look for.
                    Kabir only noticed he was using the incorrect jars because he is using eclipse
                    and his classpath was wrong.

                    • 22. Re: MAVEN: activation-1.0.2.jar not being fetched
                      pgier

                       

                      "adrian@jboss.org" wrote:

                      Is the local repo tagged in SVN when there is a release?
                      Is that part of repository.jboss.com "write protected" once a release has been confirmed?


                      None of this is set up currently. But yes, the idea would be that the entire local repo is committed along with the tag. Then when the old release is checked out, the local repo is also checked out into the local build environment, and the build is done offline.
                      I'm not sure where in svn the local repo should be checked in. Either repository.jboss.org, or with the project tag, or in it's own location.

                      • 23. Re: MAVEN: activation-1.0.2.jar not being fetched
                        pgier

                         

                        "adrian@jboss.org" wrote:
                        "pgier" wrote:

                        It should display a warning similar to this if you use the old location (sun-jaf):

                        
                        [WARNING] While downloading sun-jaf:activation:1.0.2
                         This artifact has been relocated to javax.activation:activation:1.0.2.
                         This file has been relocated based on maven recommendations: http://maven.apache.org/guides/mini/guide-coping-with-sun-jars.html
                        



                        Why doesn't it just fix it itself? i.e. download javax.activation such that Kabir's build works?



                        It does download it from the new location after displaying the warning message. At least for me using maven 2.0.6. I'm not sure why it didn't work for Kabir.


                        • 24. Re: MAVEN: activation-1.0.2.jar not being fetched
                          brian.stansberry

                          Are you in contact with John Flanagan and the Release Engineering people about all this? They gave us a presentation when the EAP team was meeting in Westford, and what you describe sounds very much like what they are working on expanding Red Hat's existing Brew and Koji systems to handle. They're working to expand the system to handle ant- and maven-based builds.

                          The binaries for anything that goes into a Red Hat supported product have to be built through that system. Reason is the build reproducibility issue Adrian mentions, along with auditability. They talked less about Koji, but my understanding is it's a community-oriented tool that does a similar thing.

                          • 25. Re: MAVEN: activation-1.0.2.jar not being fetched
                            pgier

                             

                            "bstansberry@jboss.com" wrote:
                            Are you in contact with John Flanagan and the Release Engineering people about all this? They gave us a presentation when the EAP team was meeting in Westford, and what you describe sounds very much like what they are working on expanding Red Hat's existing Brew and Koji systems to handle. They're working to expand the system to handle ant- and maven-based builds.

                            Yes, we have regular meetings about this stuff, and we're slowly making progress.

                            1 2 Previous Next