If you want to update to that zookeeper version then you should update the build files to exclude those classes from getting included transitively from it.
Would you mind filing a bug against zookeeper as well? spotbugs-annotations 3.1.9 is LGPL, so they should not be exposing it as a downstream transitive dependency. > On Jun 11, 2021, at 12:47 PM, Bryan Beaudreault > <bbeaudrea...@hubspot.com.INVALID> wrote: > > Ok sorry, false alarm. I figured this out by cleaning out my .m2 > repository, re-building just hadoop-client-minicluster, and then iterating > all resulting jars in the .m2 using jar -tf with grep to find which jar was > providing these classes. Turns out it was > com.github.spotbugs:spotbugs-annotations:jar:3.1.9, which I could then see > in dependency:tree as coming from zookeeper 3.4.14. My build environment > was setting the zookeeper.version property to 3.4.14, and it seems like > this was a new dependency added between the hadoop-default version of > 3.4.13 and 14. > > The build works with 3.4.13, so now I can decide whether to use that > version or update the invariant check accordingly. > > On Fri, Jun 11, 2021 at 1:23 PM Bryan Beaudreault <bbeaudrea...@hubspot.com> > wrote: > >> Hey all, >> >> I'm trying to build hadoop from source. I've checked out the >> rel/release-3.2.2 tag from github.com/apache/hadoop. The maven build gets >> most of the way through, but fails on hadoop-client-check-test-invariants >> with the following error: >> >> [ERROR] Found artifact with unexpected contents: >> '/hadoop/rpm/scratch/BUILD/hadoop-3.2.2-src/hadoop-client-modules/hadoop-client-minicluster/target/hadoop-client-minicluster-3.2.2.jar' >> Please check the following and either correct the build or update >> the allowed list with reasoning. >> >> edu/ >> edu/umd/ >> edu/umd/cs/ >> edu/umd/cs/findbugs/ >> edu/umd/cs/findbugs/annotations/ >> edu/umd/cs/findbugs/annotations/NonNull.class >> ... snip (there's more classes in this package) ... >> >> I know I could modify the shell script to allow this, or I could try to >> modify the pom to exclude it. But it seems weird that I'm hitting this at >> all. I have not made any changes to the source yet. >> >> Has anyone else hit this or have any idea why it's happening? I can't find >> any reference to "edu/umd" or "edu.umd" in the source. I'm guessing it's >> coming from a transitive dependency, but I tried running mvn >> dependency:tree and did not see any mention of this version of findbugs. >> >> Thanks! >> --------------------------------------------------------------------- To unsubscribe, e-mail: common-dev-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-dev-h...@hadoop.apache.org
