I've inherited a badly written Java/Spring project. I'm using Eclipse STS as an IDE. Every time I'm trying to set up another computer for development, I'm entering a world of pain. After a lot of tinkering and fighthing, I've narrowed the problem down to one reoccurring issue - Maven's Repository.
I've opened the project in STS on a new computer. The project won't build, because it claims some Spring jar is missing or invalid. The file is there ( in the .m2) directory. Deleting it an updating the Maven dependencies downloads a correct version of the file, and the error disappears. Only to be replaced with another error, about another jar file.
After repeating the process several times, I no longer get the invalid jar file error. Instead I got a strange error saying assembly is an invalid XML element.
I delete the .m2 folder entirely and let Maven repopulate it, the error has not disappeared. Only after I copied the .m2 folder from another computer (where the project does compile and work) did the problem disappear.
There are no Maven related errors in the Eclipse error log. All I see are compilation errors in the Problems pane.
Why does Maven keep downloading corrupted JAR files? And how can I avoid this problem every time?
CLARIFICATION: We're not using a proxy, and we do not experience any networking issues downloading any other file. Python's pip, Node's npm, Microsoft's nuget and even bower all work flawlessly, several times a day, sometimes on projects just as big. This is a Maven only issue, and numerous machines.
ADDITIONAL INFO:
I'm using STS 3.9.0.RELEASE (which is based on Eclipse 4.6.3). I'm using the STS embedded Maven, which is version 3.3.9/1.7.0.20160603-1931 (that's a very elaborate version number, I'm not sure exactly what it means...).
I do not have a ~/.m2/settings.xml file (I deleted the entire .m2 directory)
Here is the repositories section from pom.xml:
<repositories>
<!-- For main Spring releases -->
<repository>
<id>org.springframework.maven.release</id>
<name>Spring Maven Release Repository</name>
<url>http://maven.springframework.org/release</url>
<releases>
<enabled>true</enabled>
</releases>
<snapshots>
<enabled>false</enabled>
</snapshots>
</repository>
<!-- For testing against latest Spring snapshots -->
<repository>
<id>org.springframework.maven.snapshot</id>
<name>Spring Maven Snapshot Repository</name>
<url>http://maven.springframework.org/snapshot</url>
<releases>
<enabled>false</enabled>
</releases>
<snapshots>
<enabled>true</enabled>
</snapshots>
</repository>
<!-- For developing against latest Spring milestones -->
<repository>
<id>org.springframework.maven.milestone</id>
<name>Spring Maven Milestone Repository</name>
<url>http://maven.springframework.org/milestone</url>
<snapshots>
<enabled>false</enabled>
</snapshots>
</repository>
<repository>
<id>jboss</id>
<name>JBoss repository</name>
<url>https://repository.jboss.org/nexus/content/repositories/releases</url>
</repository>
<repository>
<id>Servlet-api</id>
<name>Servlet-api repository</name>
<!-- <url>http://repo1.maven.org/maven2/javax/servlet/javax.servlet-api/3.0.1/</url> -->
<url>http://search.maven.org/</url>
</repository>
</repositories>
I have installed Maven 3.5.0 and told Eclipse to use it. For now it seems to be working.
Perhaps one thing you could do is to prevent maven from downloading snaphots, or explicitly define versions in your pom file for jar files which you are confident work. Within the repository tag you could add the snapshot tag. Maybe releases will be more stable.
<repository>
<snapshots>
<enabled>false</enabled>
</snapshots>
</repository>
Related
I recently faced issues building my project due to "HTTPS Required" error. This issue was solved by modifying my pom.xml as described here, adding the following:
<pluginRepositories>
<pluginRepository>
<id>central</id>
<name>Central Repository</name>
<url>https://repo.maven.apache.org/maven2</url>
<layout>default</layout>
<snapshots>
<enabled>false</enabled>
</snapshots>
<releases>
<updatePolicy>never</updatePolicy>
</releases>
</pluginRepository>
</pluginRepositories>
<repositories>
<repository>
<id>central</id>
<name>Central Repository</name>
<url>https://repo.maven.apache.org/maven2</url>
<layout>default</layout>
<snapshots>
<enabled>false</enabled>
</snapshots>
</repository>
</repositories>
However, it is a hassle to update every pom.xml, for every project I have.
I have tried adding that same code snippet to my settings.xml, to no avail.
I am aware newer versions of Maven resolve this issue. However, due to work constraints, I'm unable to update my environment.
I have currently installed Java 8, and Maven, as bundled by Netbeans 8.2 Installer.
Is there something I can add to my settings.xml to avoid modifying every pom.xml I work on?
If absolutely necessary, is there a way I can update just my maven version, knowing I have whatever is installed along with Netbeans?
Hope this isn't a duplicate, I have searched several entries, all to no avail.
If you are using NetBeans 8.0 (8.1,8.2) with bundled maven also you could edit settings.xml. For example, for bundled maven with NetBeans 8.1, the file should be in directory C:\Program Files (x86)\NetBeans 8.1\java\maven\conf.
Just add another mirror with https protocol like that.
<mirrors>
<mirror>
<id>mirrorId</id>
<mirrorOf>central</mirrorOf>
<name>Central Repository</name>
<url>https://repo.maven.apache.org/maven2</url>
</mirror>
</mirrors>
If you have many pom.xml files editing repository settings in one place is better.
Also, consider updating to NetBeans 11.0 LTS or latest Maven.
My nexus repository are defined as following
maven-release - which contains my customer jars
maven-snapshots - which contains my project jars
and my settings xml file as bellows:
<repository>
<id>nexus</id>
<name>nexus-repo-snapshots</name>
<snapshots>
<enabled>true</enabled>
<updatePolicy>always</updatePolicy>
<checksumPolicy>fail</checksumPolicy>
</snapshots>
<url>https://nx0.my.biz/repository/maven-snapshots</url>
<layout>default</layout>
</repository>
<repository>
<id>nexus</id>
<name>nexus-repo-release</name>
<releases>
<enabled>true</enabled>
<checksumPolicy>warn</checksumPolicy>
</releases>
<url>https://nx0.my.biz/repository/maven-releases</url>
<layout>default</layout>
</repository>
and my distributed management is as bellows:
<distributionManagement>
<repository>
<id>nexus</id>
<name>Releases</name>
<url>${nexus.url}/repository/maven-releases</url>
</repository>
<snapshotRepository>
<id>nexus</id>
<name>Snapshot</name>
<url>${nexus.url}/repository/maven-snapshots</url>
</snapshotRepository>
</distributionManagement>
I have uploaded my custom jars in maven releases
now what is happening that It is downloading jars from maven-snapshots only like
Downloading from nexus: https://nx0.my.biz/repository/maven-snapshots/com/my/custom/2.4.0/custom-2.4.0.jar
and giving error while building that
Could not find artifact com.my:custom:jar:2.4.0 in nexus (https://nx0.my.biz/repository/maven-snapshots)
Please let me know if I am doing anything wrong.
check your maven settings.xml.
if you set two mirror and both of them mirrorOf attribute been set to *,then maven will use the first mirror to download all the dependencies.
that almost killed my whole day.
The distributionManagement section of your pom is only used for uploading artifacts with either the deploy goal to the snapshot repository or the maven release plugin to the release repository.
The repositories section of your settings.xml will be used to download artifacts to your local repository (usually ~/.m2).
The repositories will be looked at in the order they are given in the settings.xml.
I have a project hosted on GitHub, with a branch I'm using for developing a new version: https://github.com/jrtom/jung/tree/common.graph
The master branch (v2.1.1) builds fine.
The common.graph branch differs from master in only two ways:
I've bumped the version in the pom.xml files from 2.2-SNAPSHOT to 3.0-SNAPSHOT. This is effectively cosmetic.
I've bumped the Guava dependency version from 19.0 to 20.0-SNAPSHOT, so that I can start developing against the new features.
This is the correct dependency per the Guava documentation: https://github.com/google/guava#snapshots
A pull request of the common.graph branch successfully builds via Travis: https://github.com/jrtom/jung/pull/65
However, when I clone this branch:
git clone --branch common.graph --single-branch git#github.com:jrtom/jung.git jung_3.0
and then run mvn install, I get this error:
Failed to execute goal on project jung-api:
Could not resolve dependencies for project net.sf.jung:jung-api:jar:3.0-SNAPSHOT:
Could not find artifact com.google.guava:guava:jar:20.0-SNAPSHOT
Blowing away the local repository under ~/.m2/repository has no effect.
As far as I can tell--from reading Maven documentation, from looking at other pom.xml files that reference Guava's snapshot of v20--this change should Just Work, but it doesn't.
Changing the Guava dependency to 18.0 does work. So it seems like something wacky with the -SNAPSHOT specification, but I don't see how.
Any advice/pointers would be appreciated.
UPDATE:
#RC.'s response below pointed me in the correct direction, although I still needed to figure out the right repository spec for Google snapshots. For future reference, here's the spec:
<repositories>
<repository>
<id>google-snapshots</id>
<url>https://oss.sonatype.org/content/repositories/snapshots/</url>
<releases>
<enabled>false</enabled>
</releases>
<snapshots>
<enabled>true</enabled>
</snapshots>
</repository>
</repositories>
Snapshots are not pushed in maven central for obvious reasons.
If you really want guava snapshots, it seems they are pushed in this repository
To add a custom repository to your pom, use something like (adapted from the doc):
<repositories>
<repository>
<releases>
<enabled>false</enabled>
<updatePolicy>always</updatePolicy>
<checksumPolicy>warn</checksumPolicy>
</releases>
<snapshots>
<enabled>true</enabled>
<updatePolicy>never</updatePolicy>
<checksumPolicy>fail</checksumPolicy>
</snapshots>
<id>sonatype-OSS-snaphots</id>
<name>Sonatype OSS Snapshots</name>
<url>https://oss.sonatype.org/content/repositories/snapshots/</url>
<layout>default</layout>
</repository>
</repositories>
I had set up a Nexus Repository to link-up two separate projects. I am building and deploying the RELEASE and SNAPSHOT versions on Nexus successfully but when i am trying to use the changes in other project using maven update this changes are not getting updated.
So what I did in A_Project.jar in one Project which is got updated in nexus repository.
But when I am trying to get this updated jar at B_Project, I am getting the old jar which was there in maven's local repository. Now, if I manually delete the A_Project.jar, i apparently gets the updated code.
For achieving the updated version of SNAPSHOT and RELEASED version i had tried following ways.
I had used -U with mvn clean build.
I have changed the update policy in setting.xml and pom.xml as follows.
In settings.xml
<pluginRepository>
<id>deployment</id>
<name>Internal Nexus Repository</name>
<url>http://server/nexus/content/groups/public/</url>
<layout>default</layout>
<snapshots>
<enabled>true</enabled>
</snapshots>
<releases>
<updatePolicy>always</updatePolicy>
</releases>
</pluginRepository>
In pom.xml
<repositories>
<repository>
<id>snapshots</id>
<url>http://server/nexus/content/repositories/snapshots</url>
<snapshots>
<updatePolicy>always</updatePolicy>
</snapshots>
<releases>
<updatePolicy>always</updatePolicy>
</releases>
</repository>
</repositories>
Please help as this become a repeated process in getting the latest jar for me.
I can't see enough of your settings.xml to say what is going on. What you have shown is just the pluginRepository section, which is used for resolution of Maven plugins, not artifacts.
I'd suggest starting with a standard settings.xml file:
http://books.sonatype.com/nexus-book/reference/maven-sect-single-group.html
You'll probably want to modify the central repository definition to always look for updates to snapshots:
<repositories>
<repository>
<id>central</id>
<url>http://central</url>
<releases><enabled>true</enabled></releases>
<snapshots>
<enabled>true</enabled>
<updatePolicy>always</updatePolicy>
</snapshots>
</repository>
</repositories>
It sounds like you are also trying to re-release the same release versions? This is a bad practice, releases should be considered immutable (and a lot of the toolchain assumes they are). Increment the version number to make a new release.
This error just started appearing, with any new maven dependencies I install. The dependency shows up in the Maven dependencies tree empty, and the project reports, for example:
Description Resource Path Location Type Archive for required library: '~/.m2/repository/com/ning/async-http-client/1.8.14/async-http-client-1.8.14.jar' in project 'LB' cannot be read or is not a valid ZIP file LB Build path Build Path Problem
I viewed the POM file for each new dependency, and they all have this in them:
<HTML>
<BODY>
This repo has moved to repo.boundlessgeo.com. Please update your settings.
</BODY>
</HTML>
So i discovered that the OpenGeo Maven Repo has moved, based on this:
<!-- <repository>
<snapshots>
<enabled>true</enabled>
</snapshots>
<id>opengeo</id>
<name>OpenGeo Maven Repo</name>
<url>http://repo.opengeo.org</url>
</repository> -->
Replaced with this:
<repository>
<snapshots>
<enabled>true</enabled>
</snapshots>
<id>boundless</id>
<name>Boundless Maven Repository</name>
<url>http://repo.boundlessgeo.com/main</url>
</repository>
Even though I fixed this issue, all other dependencies still fail to install. Any idea why the POM files for any other repo keep getting the HTML notice from OpenGeo? How can I fix?
Here's the entire repo section of my pom.xml
<repositories>
<repository>
<id>maven2-repository.dev.java.net</id>
<name>Java.net repo</name>
<url>http://download.java.net/maven/2</url>
</repository>
<repository>
<id>osgeo</id>
<name>Open Source Geospatial Foundation Repo</name>
<url>http://download.osgeo.org/webdav/geotools/</url>
</repository>
<repository>
<snapshots>
<enabled>true</enabled>
</snapshots>
<id>opengeo</id>
<name>OpenGeo Maven Repo</name>
<url>http://repo.opengeo.org</url>
</repository>
<repository>
<id>central</id>
<name>The Central Repository</name>
<url>http://repo1.maven.org/maven2/</url>
</repository>
Updated answer:
If you have a repository defined in your pom.xml which provides static content instead of a proper Maven repository (in this case http://repo.opengeo.org, which has moved to http://repo.boundlessgeo.org), Maven will download the static content as the pom, jar, etc and complain about it being corrupted later. These invalid files will remain in your local repository until you delete them, even after you fix the problem repository.
The simplest way to get rid of the invalid files would be to delete your entire ~/.m2/repository and download all artifacts fresh. However, you can also just delete the problem files (adjust the grepped message according to the static content in your invalid files):
grep -lrIZ "This repo has moved to repo.boundlessgeo.com" ~/.m2/repository \
| xargs -r0 rm
Then do a normal mvn clean install and valid artifacts should be downloaded from the corrected repository.
See the original question for details on updating http://repo.opengeo.org to http://repo.boundlessgeo.org.
Note: Maven is likely downloading the invalid static content because repo.opengeo.org is returning a status code of 200.
Original answer:
Is it possible that you've somehow configured the old OpenGeo Maven Repo to be a mirror for all respositories? Maybe in your local settings.xml, or in a Nexus artifact repository?
I ran into something similar, where our Nexus server somehow had a bunch of non-OpenGeo artifacts in our proxied OpenGeo repository. Once the OpenGeo/BoundlessGeo repo moved, I got the "This repo has moved" message until I deleted the non-OpenGeo artifacts from the proxy repository.