test viagra rezeptfrei vendita on line del viagra e similari cialis low price , viagra des indes viagra suisse pharmacie viagra moins cher pharmacie farmacia online cialis achat de viagra en pharmacie comprar cialis generico cialis marca cialis achat internet viagra eller cialis viagra france livraison rapide diff c arence viagra cialis levitra kamagra levitra pastilla
viagra vert 
acheter viagra belgique 
viagra ne marche pas 
cialis generique forum 
viagra americain 
generique cialis pas cher 
cialis moins cher en pharmacie 
livraison viagra rapide 
pharmacie express vente de viagra 
commander du cialis 
ordonnance levitra 
viagra en parapharmacie 
levitra generique français 
viagra en ligne site fiable 
viagra pas cher en europe 
finasteride mg levitra visa discount viagra online buy wellbutrin india buy levitra generic viagra naturel indian pharmacy viagra kamagra oral jelly order kamagra online kamagra cost per pill buy generic levitra kamagra price cheapest viagra online viagra mastercard purchase kamagra

Maven mirrorOf * in settings.xml breaks the build

In our maven3 pom.xml files for a particular project, we have defined a reference to an internal Nexus repository. Since we are behind a firewall, the Nexus repository also has to be mirror of the outside world. I discovered that this generic <mirrorOf> from my settings.xml is actually evil:

<!-- settings.xml -->
<mirrors>
  <mirror>
    <id>insideFirewallRepo</id>
    <mirrorOf>*</mirrorOf>
    <name>Mirror of the world outside.</name>
    <url>http://nexus_url/nexus/content/groups/public/</url>
  </mirror>
</mirrors>

The reason for this being evil was our project pom files which had the following references

<properties>
  <nexus.url>http://nexus_url/nexus</nexus.url>
  <subversion.url>http://svn_url/svn</subversion.url>
</properties>

  <scm>
    <connection>scm:svn:${subversion.url}/common-gwt-gui/trunk</connection>
</scm>

<repositories>
    <repository>
        <id>nexus-repo-releases</id>
        <name>Nexus Repo</name>
        <url>${nexus.url}/content/groups/public/</url>
        <releases> <enabled>true</enabled> </releases>
        <snapshots> <enabled>false</enabled> </snapshots>
    </repository>
    <repository>
        <id>nexus-repo-snapshots</id>
        <name>Nexus Repo</name>
        <url>${nexus.url}/content/groups/public-snapshots/</url>
        <releases> <enabled>false</enabled> </releases>
        <snapshots> <enabled>true</enabled> </snapshots>
    </repository>
 </repositories>
[repeat the <repositories> section for <pluginRepositories>]
And the same pom file contains the following <distributionManagement> section:
<distributionManagement>
    <repository>
        <id>company.releases</id>
        <url>${nexus.url}/content/repositories/company/</url>
    </repository>
    <snapshotRepository>
        <id>company.snapshots</id>
        <url>${nexus.url}/content/repositories/company-snapshots/</url>
    </snapshotRepository>
</distributionManagement>

Finally we have the maven release-plugin, but this irrelevant for now:

<build>
    <plugins>
        <plugin>
            <artifactId>maven-release-plugin</artifactId>
            <configuration>
                <tagBase>${subversion.url}/project_name/releases</tagBase>
            </configuration>
        </plugin>
    </plugins>
 </build>

Error message: Using the wrong repository for snapshots

Now, the generic mirrorOf * in settings.xml actually overrides the specific repository information we set in the pom.xml. Because of that setting, the pom.xml <repository> is not used. And the result is an error message like this. (error message enhanced in bold)

Downloading: http://nexus_url/nexus/content/groups/public/com/company/dependency_project/1.18-SNAPSHOT/maven-metadata
.xml
Downloading: http://nexus_url/nexus/content/groups/public/com/company/dependency_project/1.18-SNAPSHOT/maven-metadata
.xml
Downloading: http://nexus_url/nexus/content/groups/public/com/company/dependency_project/1.18-SNAPSHOT/dependency_project
-1.18-SNAPSHOT.pom
[WARNING] The POM for com.company:dependency_project:jar:1.18-SNAPSHOT is missing, no dependency information available
Downloading: http://nexus_url/nexus/content/groups/public/com/company/dependency_project/1.18-SNAPSHOT/dependency_project
-1.18-SNAPSHOT.jar
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO]
[INFO] project_name ...................................... FAILURE [1.108s]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 1.364s
[INFO] Finished at: Fri Jan 20 12:28:04 CET 2012
[INFO] Final Memory: 5M/15M
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal on project project_name: Could not resolve dependencies for project com.company:project_name:jar:2.1.1
3-SNAPSHOT: Could not find artifact com.company:dependency_project:jar:1.18-SNAPSHOT in insideFirewallRepo (http://nexus_url
/nexus/content/groups/public/) -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/DependencyResolutionException
[ERROR]
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR]   mvn <goals> -rf :project_name
Notice that the errormessage actually gave the ID of our <mirror> from settings.xml:
<!-- settings.xml -->
 <mirrors>
   <mirror>
     <id>insideFirewallRepo</id>
So problem is that maven actually does not use the pom.xml settings, but we can easily fix this.
Solution: Exclude local repositories from mirrorOf *
We need to force Maven to use the <repository> values from the project pom.xml. And  maven can do just that, since we need to take the <repository> ids and exclude them from mirrorOf *.
Take the repository ids from the pom file:
<repositories>
<repository><id>nexus-repo-releases</id><repository>
<repository><id>nexus-repo-snapshots</id><repository>
And exclude them to mirrorOf in settings.xml (add an exclamation mark in front of them). Line added enhanced in bold:
<!-- settings.xml -->
<mirrors>
  <mirror>
    <id>insideFirewallRepo</id>
    <mirrorOf>!nexus-repo-releases,!nexus-repo-snapshots,*</mirrorOf>
    <name>Mirror of the world outside.</name>
    <url>http://nexus_url/nexus/content/groups/public/</url>
  </mirror>
</mirrors>

Most users could probably just remove the <mirrors> block from settings.xml, but in this particular project, that is not possible since firewall blocks for access to maven central. So, in order for us to use external dependencies, we must use the <mirror> in settings.xml

Then, you could argue, to use <proxy> instead of <mirrors> in settings.xml. This may be a decent solution as well, but in my case i wanted to avoid that, since the company proxy required user/password. Our jenkins build machines would then have my username/password, and it would lock my account whenever my password expires.

Within those constraints, the <mirror> block with excluded internal repositories seems like a decent fit.

For the issues described in this article, I have been using Maven 3.0.3 and Sonatype Nexus 1.9.2

Comments are closed.