maven ignoring mirror-settings in ~/.m2/settings.xml

  • Open
  • quality assurance status badge
Details
2 participants
  • Arne Babenhauserheide
  • Julien Lepiller
Owner
unassigned
Submitted by
Arne Babenhauserheide
Severity
normal
A
A
Arne Babenhauserheide wrote on 27 Apr 2019 22:53
(address . bug-guix@gnu.org)
874l6jkw4u.fsf@web.de
Hi,

When I set a mirror in ~/.m2/settings.xml, that mirror is not used by
the maven in Guix.

To reproduce:

mkdir -p ~/.m2/
echo '
<settings>
<servers>
<server>
<id>internal</id>
<username>foo</username>
<password>bar</password>
</server>
</servers>
<mirrors>
<mirror>
<id>nexus</id>
<name>nexus</name>
<mirrorOf>*</mirrorOf>
</mirror>
</mirrors>
</settings>
' > ~/.m2/settings.xml
# run maven somewhere

With this setting, maven should run every request through the configured
nexus (which in this case means that any try to download should fail).

In my setup, maven just ignores this setting and keeps downloading from
repo.maven.apache.org which (a) could leak internal information and (b)
does not get our internal packages.

Best wishes,
Arne
--
Unpolitisch sein
heißt politisch sein
ohne es zu merken
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE801qEjXQSQPNItXAE++NRSQDw+sFAlzEwVEACgkQE++NRSQD
w+utXhAAj5nTG6tzYdHvrJFypf/DIUrFFR44ulT3l4AN9//T45JBfojPevXKML4v
uC67t9Bq4fsW2bKz2wpbCxlafk9vRYtOPpAzQ3A8IPXviBvNX7PaVwTs+XY5lfUs
c85SoIODcERPc3NRfcyqXZ8pt2EEGf6joCxhzx7YYYZbZXSQLvAJttJ0jGW5REsg
K4Fhgdvrbgp+/Jvqkm6fTRUXx1FxPN92dEQVMHJoiRkbdziVzcyOuk91I4v5N+El
ZfZ4zRuq13Qy9MPH8u4/0Hvt8YE92yPtx33fnchg/u/PVeJNh0ZuA766+Qbu5hfa
ZrhtAAK7KKKSKroG4AK5gvzX5WJSrR+iyHGVM/u370pAyKorQDfthmyLsUPa80Z7
tRkad667WDQhk3dI7kHetX0WGcgeCehZ8GbTAe5zSNkVs3VZaFQtKbmtIukqB6KP
U2GAvGPOGQSmKItlaHEirK0Om+5dyEZmwKYfMu1OK3wglZ12OuBDEjEuZAl9mQW7
LofoL4xgcSoydwhf48d3f5L3YmguRO3ypE3alu4B+QlNdGGqA7mvhQH8YnSz+Ft9
LpouYX6fgRAbSw1+xsH/oocHYXUmSvHvb3K/91JzreXQaY4Km4TvlMLyBslTmCGO
bdX9a/ulS3wCcI+bB83oA2Gv1W7BMOG6G8kA2j38zDbzLOTXR1SIswQBAQgAHRYh
BN0ovebZh1yrzkqLHdzPDbMLwQVIBQJcxMFUAAoJENzPDbMLwQVI3AAEAJnLzdt4
dsvt0siVDtSTsWFY7wofAW/4xl8ds2ghF+icfMVUI4kboTgPqC9xlkM4OJCc5QPX
YVvz1/MYlDoqX1RNjpv95nv6M6rsd20Wj/0Ne1/DEziwsq4zlqKXj/9wKa0vWCc2
dxJ4m0ua5QIrXr7zKv/yTDcAWe9SGrTwf8j0
=1JI6
-----END PGP SIGNATURE-----

J
J
Julien Lepiller wrote on 30 Apr 2019 12:57
(name . Arne Babenhauserheide)(address . arne_bab@web.de)(address . 35462@debbugs.gnu.org)
20190430125649.1c82f00b@sybil.lepiller.eu
Le Sat, 27 Apr 2019 22:53:37 +0200,
Arne Babenhauserheide <arne_bab@web.de> a écrit :

Toggle quote (40 lines)
> Hi,
>
> When I set a mirror in ~/.m2/settings.xml, that mirror is not used by
> the maven in Guix.
>
> To reproduce:
>
> mkdir -p ~/.m2/
> echo '
> <settings>
> <servers>
> <server>
> <id>internal</id>
> <username>foo</username>
> <password>bar</password>
> </server>
> </servers>
> <mirrors>
> <mirror>
> <id>nexus</id>
> <name>nexus</name>
> <url>http://nexus.example.com/nexus/content/groups/public/</url>
> <mirrorOf>*</mirrorOf>
> </mirror>
> </mirrors>
> </settings>
> ' > ~/.m2/settings.xml
> # run maven somewhere
>
> With this setting, maven should run every request through the
> configured nexus (which in this case means that any try to download
> should fail).
>
> In my setup, maven just ignores this setting and keeps downloading
> from repo.maven.apache.org which (a) could leak internal information
> and (b) does not get our internal packages.
>
> Best wishes,
> Arne

Hi,

I've given a look at this bug and it seems that our maven package
totally ignores settings, even if given on the CLI:

mvn help:effective-settings --debug -s ~/.m2/settings.xml
-gs ~/.m2/settings.xml

has no effect...

strace -f mvn ... doesn't show any reference to a settings.xml either
(not even the globabl one in the store...).
A
A
Arne Babenhauserheide wrote on 30 Apr 2019 22:15
(name . Julien Lepiller)(address . julien@lepiller.eu)(address . 35462@debbugs.gnu.org)
87imuvckrm.fsf@web.de
Hi Julien,

Julien Lepiller <julien@lepiller.eu> writes:
Toggle quote (14 lines)
>> In my setup, maven just ignores this setting and keeps downloading
>> from repo.maven.apache.org which (a) could leak internal information
>> and (b) does not get our internal packages.
> I've given a look at this bug and it seems that our maven package
> totally ignores settings, even if given on the CLI:
>
> mvn help:effective-settings --debug -s ~/.m2/settings.xml
> -gs ~/.m2/settings.xml
>
> has no effect...
>
> strace -f mvn ... doesn't show any reference to a settings.xml either
> (not even the globabl one in the store...).

Thank you for checking! Do you have an idea how we can fix that?

Best wishes,
Arne
--
Unpolitisch sein
heißt politisch sein
ohne es zu merken
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE801qEjXQSQPNItXAE++NRSQDw+sFAlzIrN4ACgkQE++NRSQD
w+tmeQ/8CJzHZ4OKqrgXLEMIbUceR3aCdGWYk3oXv4ecNj5LX6FfpmPMEPWfKPBg
GZHXxm+CGqBHp3kU/r3ca2++bfwYSMko+kEFY/JMBzjv68E9zFZfRucwmZyxh0Aw
KcrUyQyHc5yCZYc+yLvw/Ews7zZylf1H4x8cPOoAp8Ws8RRvMNbhB4+WHVu5f2L9
ZrPcsj1jzzNTPrWj1N3nNP9WGuwQz4+Hu8weMlH4wOBzq2s2MSLsyQmFUDF+96z9
uVvHWcUy0s38WDX+YNObkW+qmjiWLrNoMSEbeXNC39BmL+OgsUK/98L5PN9xG0fE
LL0XJ8ATRwmk3/Q1rH59QyCdbnBz5XmWTohV5nWmyaNSw4Rdw9QHh/A93OO0PG8S
JQ3gjGA5zEyTSgxvc6ndleP+Nl+QYPwRuIyFpLOQ5+kZxcUIkGCXJJQFg8DB8uh4
1VaNO4HD+7AsEg3I3mFjY+PxZnP9bWVqpn3ohRR5H7FKpbaya6DFuhUIC2f8eANu
G5K0xQTrVbI10B2RPqSnHemJlItAD5AVRXL3Fd7yGzcd1y3Z/c8+QWTzg/nLd2LF
x9DWf++tZ52DGIK3qXvjuZNSY8PhQG3uqSYxKd+RPhlLnaR2fxJFW1UAOR2jrI2u
jDuEf08yeXtJN33DXb7eHxTc9JNAJoxtbCLpTrTF/wPBvNDL1YiIswQBAQgAHRYh
BN0ovebZh1yrzkqLHdzPDbMLwQVIBQJcyKzgAAoJENzPDbMLwQVIrmMEAJK7UeRb
6KZPJbmVlw1P7Plo3ErLFcAEedZ/1Z606Rt8yFl1b5SSTLFX5FPBqXMd8UJixgTk
YCxeJThb4jqA4FcxXLMLrkIGkgt64vF0Y+co/PnvgaD4xyHLI9OEycv7toK22SqX
pcJl1zTyq/YVrFFa824qSVTcnTVAEfsyrM2x
=5tC4
-----END PGP SIGNATURE-----

J
J
Julien Lepiller wrote on 1 May 2019 08:44
(name . Arne Babenhauserheide)(address . arne_bab@web.de)(address . 35462@debbugs.gnu.org)
E97DE169-B4C8-4E18-99AA-902ACCB5435A@lepiller.eu
Le 30 avril 2019 22:15:25 GMT+02:00, Arne Babenhauserheide <arne_bab@web.de> a écrit :
Toggle quote (22 lines)
>Hi Julien,
>
>Julien Lepiller <julien@lepiller.eu> writes:
>>> In my setup, maven just ignores this setting and keeps downloading
>>> from repo.maven.apache.org which (a) could leak internal information
>>> and (b) does not get our internal packages.
>> I've given a look at this bug and it seems that our maven package
>> totally ignores settings, even if given on the CLI:
>>
>> mvn help:effective-settings --debug -s ~/.m2/settings.xml
>> -gs ~/.m2/settings.xml
>>
>> has no effect...
>>
>> strace -f mvn ... doesn't show any reference to a settings.xml either
>> (not even the globabl one in the store...).
>
>Thank you for checking! Do you have an idea how we can fix that?
>
>Best wishes,
>Arne

I hade no idea :/

Maybe there's something wrong wuth our maven-settings or something maven expects is not there which leads it to not load config?
?