You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@iotdb.apache.org by 徐毅 <x-...@mails.tsinghua.edu.cn> on 2018/12/26 09:49:39 UTC
Vulnerability check bug
Hi,
When i execute `mvn clean pacakge -Dmaven.test.skip=true`, in some machines(Ubuntu 14.04), i got this error:
-------------
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-enforcer-plugin:3.0.0-M1:enforce (vulnerability-checks) on project root: Execution vulnerability-checks of goal org.apache.maven.plugins:maven-enforcer-plugin:3.0.0-M1:enforce failed: Failed to lookup component: ComponentReportAssistant: java.util.NoSuchElementException
[ERROR] role: org.sonatype.ossindex.maven.common.ComponentReportAssistant
[ERROR] roleHint:
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/PluginExecutionException
-------------
I have checked local maven repository,there is ossindex-maven-common-1.0.0.jar and ComponentReportAssistant.class within it.
--------
$ ls -l
-rw-rw-r-- 1 fit fit 208 12月 26 17:56 _maven.repositories
-rw-rw-r-- 1 fit fit 13300 12月 26 17:56 ossindex-maven-common-1.0.0.jar
-rw-rw-r-- 1 fit fit 40 12月 26 17:56 ossindex-maven-common-1.0.0.jar.sha1
-rw-rw-r-- 1 fit fit 2047 12月 26 17:56 ossindex-maven-common-1.0.0.pom
-rw-rw-r-- 1 fit fit 40 12月 26 17:56 ossindex-maven-common-1.0.0.pom.sha1
--------
If i remove <banVulnerable implementation="org.sonatype.ossindex.maven.enforcer.BanVulnerableDependencies"/> in the following plugin, it works.
Did anyone face the same problem before? I create an issue at https://github.com/thulab/iotdb/issues/551.
---------------------
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-enforcer-plugin</artifactId>
<version>3.0.0-M1</version> <!--$NO-MVN-MAN-VER$-->
<executions>
<!-- Make sure no dependencies are used for which known vulnerabilities exist. -->
<execution>
<id>vulnerability-checks</id>
<phase>validate</phase>
<goals>
<goal>enforce</goal>
</goals>
<configuration>
<!-- Just generate warnings for now -->
<fail>false</fail>
<rules>
<requireJavaVersion>
<version>1.8.0</version>
</requireJavaVersion>
<!-- Disabled for now as it breaks the ability to build single modules -->
<!--reactorModuleConvergence/-->
<banVulnerable implementation="org.sonatype.ossindex.maven.enforcer.BanVulnerableDependencies"/>
</rules>
</configuration>
</execution>
</executions>
<dependencies>
<dependency>
<groupId>org.sonatype.ossindex.maven</groupId>
<artifactId>ossindex-maven-enforcer-rules</artifactId>
<version>1.0.0</version>
</dependency>
</dependencies>
</plugin>
------------------
Thanks
Yi Xu
Re: Re: Vulnerability check bug
Posted by 徐毅 <x-...@mails.tsinghua.edu.cn>.
Hi,
So should I delete the local repositories and download them again?
I execute with -X and got:
---------------
org.apache.maven.lifecycle.LifecycleExecutionException: Failed to execute goal org.apache.maven.plugins:maven-enforcer-plugin:3.0.0-M1:enforce (vulnerability-checks) on project root: Execution vulnerability-checks of goal org.apache.maven.plugins:maven-enforcer-plugin:3.0.0-M1:enforce failed: Failed to lookup component: ComponentReportAssistant
at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:225)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:153)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:145)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:84)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:59)
at org.apache.maven.lifecycle.internal.LifecycleStarter.singleThreadedBuild(LifecycleStarter.java:183)
at org.apache.maven.lifecycle.internal.LifecycleStarter.execute(LifecycleStarter.java:161)
at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:320)
at org.apache.maven.DefaultMaven.execute(DefaultMaven.java:156)
at org.apache.maven.cli.MavenCli.execute(MavenCli.java:537)
at org.apache.maven.cli.MavenCli.doMain(MavenCli.java:196)
at org.apache.maven.cli.MavenCli.main(MavenCli.java:141)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced(Launcher.java:289)
at org.codehaus.plexus.classworlds.launcher.Launcher.launch(Launcher.java:229)
at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode(Launcher.java:415)
at org.codehaus.plexus.classworlds.launcher.Launcher.main(Launcher.java:356)
Caused by: org.apache.maven.plugin.PluginExecutionException: Execution vulnerability-checks of goal org.apache.maven.plugins:maven-enforcer-plugin:3.0.0-M1:enforce failed: Failed to lookup component: ComponentReportAssistant
at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo(DefaultBuildPluginManager.java:110)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:209)
... 19 more
Caused by: java.lang.RuntimeException: Failed to lookup component: ComponentReportAssistant
at org.sonatype.ossindex.maven.enforcer.EnforcerRuleSupport.lookup(EnforcerRuleSupport.java:76)
at org.sonatype.ossindex.maven.enforcer.BanVulnerableDependencies$Task.<init>(BanVulnerableDependencies.java:145)
at org.sonatype.ossindex.maven.enforcer.BanVulnerableDependencies.execute(BanVulnerableDependencies.java:119)
at org.apache.maven.plugins.enforcer.EnforceMojo.execute(EnforceMojo.java:202)
at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo(DefaultBuildPluginManager.java:101)
... 20 more
Caused by: org.codehaus.plexus.component.repository.exception.ComponentLookupException: java.util.NoSuchElementException
role: org.sonatype.ossindex.maven.common.ComponentReportAssistant
roleHint:
at org.codehaus.plexus.DefaultPlexusContainer.lookup(DefaultPlexusContainer.java:257)
at org.codehaus.plexus.DefaultPlexusContainer.lookup(DefaultPlexusContainer.java:245)
at org.codehaus.plexus.DefaultPlexusContainer.lookup(DefaultPlexusContainer.java:239)
at org.apache.maven.plugins.enforcer.DefaultEnforcementRuleHelper.getComponent(DefaultEnforcementRuleHelper.java:100)
at org.sonatype.ossindex.maven.enforcer.EnforcerRuleSupport.lookup(EnforcerRuleSupport.java:73)
... 24 more
Caused by: java.util.NoSuchElementException
at org.sonatype.guice.plexus.locators.RealmFilter$FilteredItr.next(RealmFilter.java:96)
at org.sonatype.guice.plexus.locators.RealmFilter$FilteredItr.next(RealmFilter.java:54)
at org.sonatype.guice.plexus.locators.DefaultPlexusBeans$Itr.next(DefaultPlexusBeans.java:60)
at org.sonatype.guice.plexus.locators.DefaultPlexusBeans$Itr.next(DefaultPlexusBeans.java:48)
at org.codehaus.plexus.DefaultPlexusContainer.lookup(DefaultPlexusContainer.java:253)
... 28 more
[ERROR]
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/PluginExecutionException
---------------
> -----原始邮件-----
> 发件人: "Christofer Dutz" <ch...@c-ware.de>
> 发送时间: 2018-12-26 19:36:25 (星期三)
> 收件人: "dev@iotdb.incubator.apache.org" <de...@iotdb.incubator.apache.org>, "dev@iotdb.apache.org" <de...@iotdb.apache.org>
> 抄送:
> 主题: Re: Vulnerability check bug
>
> Naveen has this strange notion of normal artifact and plugin repositories. Maybe your plugin repositories are not correctly setup. Also running with "-X" could provide more information.
>
> Chris
>
> Outlook for Android<https://aka.ms/ghei36> herunterladen
>
> ________________________________
> From: 徐毅 <x-...@mails.tsinghua.edu.cn>
> Sent: Wednesday, December 26, 2018 10:49:39 AM
> To: dev@iotdb.incubator.apache.org
> Subject: Vulnerability check bug
>
> Hi,
>
>
> When i execute `mvn clean pacakge -Dmaven.test.skip=true`, in some machines(Ubuntu 14.04), i got this error:
>
>
> -------------
> [ERROR] Failed to execute goal org.apache.maven.plugins:maven-enforcer-plugin:3.0.0-M1:enforce (vulnerability-checks) on project root: Execution vulnerability-checks of goal org.apache.maven.plugins:maven-enforcer-plugin:3.0.0-M1:enforce failed: Failed to lookup component: ComponentReportAssistant: java.util.NoSuchElementException
> [ERROR] role: org.sonatype.ossindex.maven.common.ComponentReportAssistant
> [ERROR] roleHint:
> [ERROR] -> [Help 1]
> [ERROR]
> [ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
> [ERROR] Re-run Maven using the -X switch to enable full debug logging.
> [ERROR]
> [ERROR] For more information about the errors and possible solutions, please read the following articles:
> [ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/PluginExecutionException
> -------------
>
>
> I have checked local maven repository,there is ossindex-maven-common-1.0.0.jar and ComponentReportAssistant.class within it.
>
>
> --------
> $ ls -l
> -rw-rw-r-- 1 fit fit 208 12月 26 17:56 _maven.repositories
> -rw-rw-r-- 1 fit fit 13300 12月 26 17:56 ossindex-maven-common-1.0.0.jar
> -rw-rw-r-- 1 fit fit 40 12月 26 17:56 ossindex-maven-common-1.0.0.jar.sha1
> -rw-rw-r-- 1 fit fit 2047 12月 26 17:56 ossindex-maven-common-1.0.0.pom
> -rw-rw-r-- 1 fit fit 40 12月 26 17:56 ossindex-maven-common-1.0.0.pom.sha1
>
>
> --------
>
>
> If i remove <banVulnerable implementation="org.sonatype.ossindex.maven.enforcer.BanVulnerableDependencies"/> in the following plugin, it works.
>
>
> Did anyone face the same problem before? I create an issue at https://github.com/thulab/iotdb/issues/551.
>
>
> ---------------------
> <plugin>
> <groupId>org.apache.maven.plugins</groupId>
> <artifactId>maven-enforcer-plugin</artifactId>
> <version>3.0.0-M1</version> <!--$NO-MVN-MAN-VER$-->
> <executions>
> <!-- Make sure no dependencies are used for which known vulnerabilities exist. -->
> <execution>
> <id>vulnerability-checks</id>
> <phase>validate</phase>
> <goals>
> <goal>enforce</goal>
> </goals>
> <configuration>
> <!-- Just generate warnings for now -->
> <fail>false</fail>
> <rules>
> <requireJavaVersion>
> <version>1.8.0</version>
> </requireJavaVersion>
> <!-- Disabled for now as it breaks the ability to build single modules -->
> <!--reactorModuleConvergence/-->
> <banVulnerable implementation="org.sonatype.ossindex.maven.enforcer.BanVulnerableDependencies"/>
> </rules>
> </configuration>
> </execution>
> </executions>
> <dependencies>
> <dependency>
> <groupId>org.sonatype.ossindex.maven</groupId>
> <artifactId>ossindex-maven-enforcer-rules</artifactId>
> <version>1.0.0</version>
> </dependency>
> </dependencies>
> </plugin>
> ------------------
>
>
> Thanks
> Yi Xu
>
Re: Vulnerability check bug
Posted by Christofer Dutz <ch...@c-ware.de>.
Naveen has this strange notion of normal artifact and plugin repositories. Maybe your plugin repositories are not correctly setup. Also running with "-X" could provide more information.
Chris
Outlook for Android<https://aka.ms/ghei36> herunterladen
________________________________
From: 徐毅 <x-...@mails.tsinghua.edu.cn>
Sent: Wednesday, December 26, 2018 10:49:39 AM
To: dev@iotdb.incubator.apache.org
Subject: Vulnerability check bug
Hi,
When i execute `mvn clean pacakge -Dmaven.test.skip=true`, in some machines(Ubuntu 14.04), i got this error:
-------------
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-enforcer-plugin:3.0.0-M1:enforce (vulnerability-checks) on project root: Execution vulnerability-checks of goal org.apache.maven.plugins:maven-enforcer-plugin:3.0.0-M1:enforce failed: Failed to lookup component: ComponentReportAssistant: java.util.NoSuchElementException
[ERROR] role: org.sonatype.ossindex.maven.common.ComponentReportAssistant
[ERROR] roleHint:
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/PluginExecutionException
-------------
I have checked local maven repository,there is ossindex-maven-common-1.0.0.jar and ComponentReportAssistant.class within it.
--------
$ ls -l
-rw-rw-r-- 1 fit fit 208 12月 26 17:56 _maven.repositories
-rw-rw-r-- 1 fit fit 13300 12月 26 17:56 ossindex-maven-common-1.0.0.jar
-rw-rw-r-- 1 fit fit 40 12月 26 17:56 ossindex-maven-common-1.0.0.jar.sha1
-rw-rw-r-- 1 fit fit 2047 12月 26 17:56 ossindex-maven-common-1.0.0.pom
-rw-rw-r-- 1 fit fit 40 12月 26 17:56 ossindex-maven-common-1.0.0.pom.sha1
--------
If i remove <banVulnerable implementation="org.sonatype.ossindex.maven.enforcer.BanVulnerableDependencies"/> in the following plugin, it works.
Did anyone face the same problem before? I create an issue at https://github.com/thulab/iotdb/issues/551.
---------------------
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-enforcer-plugin</artifactId>
<version>3.0.0-M1</version> <!--$NO-MVN-MAN-VER$-->
<executions>
<!-- Make sure no dependencies are used for which known vulnerabilities exist. -->
<execution>
<id>vulnerability-checks</id>
<phase>validate</phase>
<goals>
<goal>enforce</goal>
</goals>
<configuration>
<!-- Just generate warnings for now -->
<fail>false</fail>
<rules>
<requireJavaVersion>
<version>1.8.0</version>
</requireJavaVersion>
<!-- Disabled for now as it breaks the ability to build single modules -->
<!--reactorModuleConvergence/-->
<banVulnerable implementation="org.sonatype.ossindex.maven.enforcer.BanVulnerableDependencies"/>
</rules>
</configuration>
</execution>
</executions>
<dependencies>
<dependency>
<groupId>org.sonatype.ossindex.maven</groupId>
<artifactId>ossindex-maven-enforcer-rules</artifactId>
<version>1.0.0</version>
</dependency>
</dependencies>
</plugin>
------------------
Thanks
Yi Xu