maven .pom and . pom.shal1 files not getting updated - maven

I am trying to install maven for the 1st time and seeing below issues when trying to do a maven force update to get the jars to my local repository. I am able to see the property file, jar and jar.sha1 but the .pom and .pom.sha1 is not getting updated. When i go to the specific folder i see this file instead
maven-clean-plugin-3.0.0.pom.lastUpdated
This is happening to all the folders in my repository. The content inside this .lastUpdated file is
#NOTE: This is an Aether internal implementation file, its format can be changed without prior notice.
#Sat Nov 04 22:38:58 EDT 2017
https\://artifactory.cen.gov/artifactory/repo/.error=Could not transfer artifact org.apache.maven.plugins\:maven-clean-plugin\:pom\:3.0.0 from/to repo (https\://artifactory.cen.gov/artifactory/repo)\: com.ibm.jsse2.util.h\: PKIX path building failed\: java.security.cert.CertPathBuilderException\: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is\: \n\tjava.security.cert.CertPathValidatorException\: The certificate issued by CN\=CENInternalRootCA, OU\=cen Service, O\=U.S. Government, C\=US is not trusted; internal cause is\: \n\tjava.security.cert.CertPathValidatorException\: Certificate chaining error
#proxy.cen.gov\:8080>#default-repo-https\://artifactory.cen.gov/artifactory/repo/.lastUpdated=1509849538349
I had this certificate chaining exception earlier but got rid after adding proper certificate and creating keystore and adding them to env variables.
Because of this error i am not able to do a maven clean or run as maven install.
Any suggestions please?

When you already got rid of your certificate problem, you can force an update by using
mvn clean install -U
-U,--update-snapshots Forces a check for missing
releases and updated snapshots on
remote repositories
Otherwise you can delete your local repository. This is a very effective way to force Maven to re-download all dependencies, but the next build may take a substantial ammount of time, depending on the number of dependencies.
The repository is located in ~/.m2/repository by default. Otherwise its location is configured by the <localRepository> setting in settings.xml.
See also Force maven update
If the problem with your certificate chain still exists, Maven will not be able to download the dependencies and you will get the same .lastUpdated files again

Related

I have a problem with Maven 3.8.4 that not allowed to authorize our private repo on Apache Archiva

I have installed Maven 3.8.4 with homebrew on Macbook M1 CPU recently and I have ~/.m2/settings.xml properly containing the Apache Archiva user name and password.
when I executed mvn help:effective-settings -DshowPasswords=true command I can see the correct xml content. But when I run mvn clean package I get something like that
Failed to read artifact descriptor for company.webshop:webshop-common:jar:21.11.12:
Could not transfer artifact company.webshop:webshop-common:pom:21.11.12
from/to company (https://repo.company.com/repository/internal/):
authorization failed for https://repo.company.com/repository/internal/company/webshop/webshop-
common/21.11.12/webshop-common-21.11.12.pom,
status: 403 Forbidden -> [Help 1]
when I try to access https://repo.company.com/repository/internal/ address from my browser I can login and see the artifacts properly as well. More than that other team members don't live any problem.
I also removed maven and reinstalled but nothing changed.
any idea?
I noticed that after removing the folders (under the .m2 folder) related to our private repo, and re-run the maven after a fresh instalment it's working properly.
Maven was not downloading the artifacts I guess, since there is a folder of that version number and only showing the content of old files which says something like "not authorized to the repo." and was miss leading

Force download of same named artifact from alternative Nexus repository

I have a problem with a Maven artifact from a predecessor.
He modified an external maven library and uploaded it under the same version name to the Nexus releases repo.
When I build my project I obviously get the official version and not the intended.
Locally I just overwrite my local .m2 repo with it.
But for our cicd server this is not an outcome, because I have no file system access, and because the situation might repeat itself.
There is no source code so rebuilding and reversioning would be cumbersome.
My question is: how can I force to get the artifact downloaded from the releases and not the default central repo, meanwhile getting all other dependencies come from the latter?

Maven snapshot dependency

There are two projects P-m and P-d. They are separate Jenkins projects that can be built separately. P-m depends on P-d and it is a snapshot version dependency.
Recently an issue occurs during building P-m. It complains of not being able to download P-d jar from the remote repository with this error: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException
Though the error suggests a possible issue with JVM certificate, it looks like not as other jars from the same remote repository can be downloaded successfully.
If manually builds P-d first (local repository has a P-d snapshot jar and remote repository has the deployed timestamped P-d jar), then builds P-m, it works OK as it does not try to download P-d jar from remote repository.
But a few days later, without any change of P-d, when P-m builds (this time P-d is not manually built), it invokes a packaging of P-d dynamically which I didn't figure out why. In this case, local repository has the P-d snapshot jar from last time, and the remote repository has a newly deployed timestamp P-d jar. It then tries to download this new timestamp P-d jar from remote repository and cannot download the jar with error: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException
Please help with the following questions (not sure if it matters: the maven version used is 3.6.3):
Is maven supposed to build the dependency on the fly or just use the latest one in the repositories? For example, P-m depends on P-d. Will P-m just uses the latest version of P-d in repository (and if P-d jar is not available, it complains cannot find P-d), or will P-m builds P-d each time when P-m builds? What decides which behavior? I observed the 2nd case (each time P-m builds, it packages a new P-d jar in remote repository without installing P-d jar to local repository) and I didn't figure out why----what makes it generate a new P-d jar (only the timestamped P-d jar deployed to remote repository without a new snapshot P-d jar in local repository) and do not use the latest P-d jar?
Why cannot the newly generated P-d jar be downloaded with an "PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException"? Any clue what could be wrong? As mentioned earlier, all other jars can be downloaded successfully from the same remote repository except this newly generated P-d jar, so it seems not a JVM certificate issue in building machine.
The error indicates problems with SSL certificates.
I guess the remote repository is accessible via https, and it may have changed it's certificate so the client does no longer trust the server and refuses to communicate. It need not even be the remote repository server. Your organization setting up a proxy server that mangles SSL connections is sufficient for this error to occur.
You describe the problem does not exist if the projects get built locally - this is when the repository server does not have to be contacted which supports above theory.
Check a tutorial like https://resources.weboffice.vertigis.com/Documentation/WebOffice102/EN/howto_install_certs_to_truststore.htm (there are many out there) how to add your repository's public certificate to your maven's truststore.
But to answer your questions:
Maven is not supposed to automatically build the dependencies unless they are subprojects of the current project (this refers to multi module projects). It will try to access the already compiled dependencies from the repository, preferring the local one (which also caches) above the remote.
Did you verify Maven still downloads other dependencies? After all they get cached, so unless you clear the cache or modify your dependencies (name/version) there is no need to do that again - and you mention this recently occurred. To clean the cache check out https://stackoverflow.com/a/22671261/4222206

Unable to find resource 'opensymphony:quartz-all:pom:1.6.3' in repository central

I inherited this project which used to build & run successfully (years ago...). Now when checked out from version control, as is, it complains:
Unable to find resource 'opensymphony:quartz-all:pom:1.6.3' in
repository central (http://repo1.maven.org/maven2)
But following that repository link (http://repo1.maven.org/maven2) leads to a browsable site that shows clearly that this resource is available: http://search.maven.org/#browse|1030701351 !
I have even been able to manually download it, and I can also find it in my local repo (C:\maven\repo\opensymphony\quartz-all\1.6.3\quartz-all-1.6.3).
So, my questions:
Why is Maven complaining at all, if it is there?
How did it get to my local repo, if Maven couldn't find it?
Your local repository is NOT in C:\maven ... it is in your users directory ~/.m2/repository
To debug what is really going on I would suggest to deactivate the ~/.m2/settings.xml (e.g. by renaming it) and do a clean build without any of the old artifacts and from a fresh local repository (just delete ~/.m2/repository)
That would tell you what is really missing.
If anything is missing that means it is not in the Centra Repository (http://search.maven.org). As a next step I would then install a repository manager in your network. I would recommend using Sonatype Nexus (open source, free book as documentation) and then add any other repositories or missing artifacts in there.

Service unavailable error while building using Maven

I am a newbie to Maven.
First time I run the mvn clean install command and it gave me the below error:
[ERROR] Non-resolvable parent POM: Could not transfer artifact
com.sybase365.mobiliser:mobiliser-parent:pom:4.6.0-RC02 from/to repo
(http://orinoco.sybase.com/nexus/content/groups/public-devel): Failed
to transfer file:
http://orinoco.sybase.com/nexus/content/groups/public-devel/com/sybase365/mobiliser/mobiliser-parent/4.6.0-RC02/mobiliser-parent-4.6.0-RC02.pom.
Return code is: 503, ReasonPhrase:Service Temporarily Unavailable. and
'parent.relativePath' points at wrong local POM # line 3, column 11 ->
How do I resolve this error?
Your remote repository is inaccessible. See explanation for error 503 in here.
I think i found the reason it gives 503. In my case this was a proxy issues inspite of excluding hosts that belong to a certain domain.
Remove the proxy from manage jenkins -> manage plugin -> advanced and try again
Could be, also I find this error happens all the time when the repo is available and downloading the file manually from the nexus GUI works. For some reason maven looks in the wrong repository location. If it happens for one jar and its pom you can down load the file by hand.
If maven ever hits a temporary HTTP problem it stores a lastUpdated file that you need to delete or it will not try to download the file again for a while.
sudo updatedb && locate lastUpdated | xargs rm
Or scrabble around in explorer in /Users/username/.m2/repository to find the files if you use windoze
Another thing that can mess with repo access is the proxy that maven uses. Check the contents of ~/.m2/settings.xml or create this file and setup what ever HTTP proxies or lack there of that you need to access the repos you have configured in poms.

Resources