Nick
I have followed the tutorials on the ServiceMix site to the letter.
The repositories in the pom.xml file are:
<repositories>
<repository>
<releases />
<snapshots>
<enabled>false</enabled>
</snapshots>
<id>apache</id>
<name>Apache Repository</name>
<url>http://people.apache.org/repo/m2-ibiblio-rsync-repository</url>
</repository>
<repository>
<releases>
<enabled>false</enabled>
</releases>
<snapshots />
<id>apache.snapshots</id>
<name>Apache Snapshots Repository</name>
<url>http://people.apache.org/repo/m2-snapshot-repository</url>
</repository>
</repositories>
<pluginRepositories>
<pluginRepository>
<releases />
<snapshots>
<enabled>false</enabled>
</snapshots>
<id>apache</id>
<name>Apache Repository</name>
<url>http://people.apache.org/repo/m2-ibiblio-rsync-repository</url>
</pluginRepository>
<pluginRepository>
<releases>
<enabled>false</enabled>
</releases>
<snapshots />
<id>apache.snapshots</id>
<name>Apache Snapshots Repository</name>
<url>http://people.apache.org/repo/m2-snapshot-repository</url>
</pluginRepository>
</pluginRepositories>
these were generated by
mvn archetype:create
-DarchetypeArtifactId=servicemix-service-unit
-DarchetypeGroupId=org.apache.servicemix.tooling
-DartifactId=tutorial-file-su
Hunting through the build logs I find this:
Downloading:
http://people.apache.org/repo/m2-ibiblio-rsync-repository/commons-pool/commons-pool/1.3/commons-pool-1.3.pom
[INFO] Unable to find resource 'commons-pool:commons-pool:pom:1.3' in
repository apache
(http://people.apache.org/repo/m2-ibiblio-rsync-repository)
Downloading:
http://svn.apache.org/repos/asf/servicemix/m2-repo/commons-pool/commons-pool/1.3/commons-pool-1.3.pom
[INFO] Unable to find resource 'commons-pool:commons-pool:pom:1.3' in
repository servicemix-m2-repo
(http://svn.apache.org/repos/asf/servicemix/m2-repo)
Downloading:
http://people.apache.org/repo/m2-incubating-repository/commons-pool/commons-pool/1.3/commons-pool-1.3.pom
[INFO] Unable to find resource 'commons-pool:commons-pool:pom:1.3' in
repository apache-incubating
(http://people.apache.org/repo/m2-incubating-repository)
Downloading:
http://repository.codehaus.org/commons-pool/commons-pool/1.3/commons-pool-1.3.pom
[INFO] Unable to find resource 'commons-pool:commons-pool:pom:1.3' in
repository codehaus (http://repository.codehaus.org)
Downloading:
http://download.java.net/maven/1/commons-pool/poms/commons-pool-1.3.pom
[INFO] Unable to find resource 'commons-pool:commons-pool:pom:1.3' in
repository java.net (http://download.java.net/maven/1)
Downloading:
http://servicemix.org/m2-repo/commons-pool/commons-pool/1.3/commons-pool-1.3.pom
[WARNING] *** CHECKSUM FAILED - Checksum failed on download: local =
'1559863a375499e55c9adee606c51a69e546b69a'; remote = '<!DOCTYPE' -
RETRYING
Downloading:
http://servicemix.org/m2-repo/commons-pool/commons-pool/1.3/commons-pool-1.3.pom
8K downloaded (commons-pool-1.3.pom)
[WARNING] *** CHECKSUM FAILED - Checksum failed on download: local =
'1559863a375499e55c9adee606c51a69e546b69a'; remote = '<!DOCTYPE' -
IGNORING
[WARNING] POM for 'commons-pool:commons-pool:pom:1.3:provided' is
invalid.
The project pom.xml file has a <url>http://servicemix.org/</url>. This
site resolves to a site for a car performance chip company. Their web
site always returns the home page regardless of the page requested,
rather than a 404.
Does maven's repository resolution fallback to the project pom.xml URL
as a last resort if a file can't be found in one of the other
repositories?
Why would it keep the file that failed the checksum anyway?
Thanks for the quick response.
Regards
Richard
On Tue, 2009-09-22 at 10:09 +0200, Nick Stolwijk wrote:
> As you are the first one to notice this, I would think it would be or
> your local computer or your company repository. Which repositories are
> you using for your project?
>
> With regards,
>
> Nick Stolwijk
> ~Java Developer~
>
> IPROFS BV.
> Claus Sluterweg 125
> 2012 WS Haarlem
> http://www.iprofs.nl
>
>
>
> On Tue, Sep 22, 2009 at 9:47 AM, Richard Taylor
> <rjtay...@taz.qinetiq.com> wrote:
> > Hi
> >
> > I am completely new to maven, just running through some ServiceMix
> > tutorials (completely new to that too).
> >
> > Tracking down a 'mvn install' failure that said:
> >
> > [INFO]
> > ------------------------------------------------------------------------
> > [ERROR] BUILD FAILURE
> > [INFO]
> > ------------------------------------------------------------------------
> > [INFO] Compilation failure
> >
> > error: error
> > reading
> > /home/rjt/.m2/repository/org/springframework/spring-dao/2.0.6/spring-dao-2.0.6.jar;
> > error in opening zip file
> > error: error
> > reading
> > /home/rjt/.m2/repository/org/springframework/spring-support/2.0.6/spring-support-2.0.6.jar;
> > error in opening zip file
> > error: error
> > reading /home/rjt/.m2/repository/xerces/xerces/2.0.2/xerces-2.0.2.jar;
> > error in opening zip file
> >
> > I discover that the contents of these files are all spam web pages with
> > the title: "Truck Performance Chips". I then searched my local
> > repository for the same string and I get:
> >
> > grep -r Truck\ Performance\ Chips *
> > commons-collections/commons-collections/2.1/commons-collections-2.1.pom:<title>Car
> > & Truck Performance Chips</title>
> > commons-pool/commons-pool/1.2/commons-pool-1.2.pom:<title>Car &
> > Truck Performance Chips</title>
> > commons-pool/commons-pool/1.3/commons-pool-1.3.pom:<title>Car &
> > Truck Performance Chips</title>
> > org/springframework/spring-beans/2.0.6/spring-beans-2.0.6.pom:<title>Car
> > & Truck Performance Chips</title>
> > org/springframework/spring-core/2.0.6/spring-core-2.0.6.pom:<title>Car
> > & Truck Performance Chips</title>
> > org/springframework/spring-dao/2.0.6/spring-dao-2.0.6.pom:<title>Car
> > & Truck Performance Chips</title>
> > org/springframework/spring-dao/2.0.6/spring-dao-2.0.6.jar:<title>Car
> > & Truck Performance Chips</title>
> > org/springframework/spring-context/2.0.6/spring-context-2.0.6.pom:<title>Car
> > & Truck Performance Chips</title>
> > org/springframework/spring-support/2.0.6/spring-support-2.0.6.jar:<title>Car
> > & Truck Performance Chips</title>
> > org/springframework/spring-support/2.0.6/spring-support-2.0.6.pom:<title>Car
> > & Truck Performance Chips</title>
> > xerces/xerces/2.0.2/xerces-2.0.2.jar:<title>Car & Truck Performance
> > Chips</title>
> > xerces/xerces/2.0.2/xerces-2.0.2.pom:<title>Car & Truck Performance
> > Chips</title>
> >
> > This all looks very worrying. It suggests that one of the online
> > repositories has been infiltrated.
> >
> > Is there anyway to discover which repository these files came from?
> >
> > I am beginning to worry about safety of using all this code pulled
> > automatically from online repositories :-(
> >
> > Regards
> >
> > Richard
> >
> >
> >
> > The information contained in this E-Mail and any subsequent
> > correspondence is private and is intended solely for the intended
> > recipient(s). The information in this communication may be
> > confidential and/or legally privileged. Nothing in this e-mail is
> > intended to conclude a contract on behalf of QinetiQ or make QinetiQ
> > subject to any other legally binding commitments, unless the e-mail
> > contains an express statement to the contrary or incorporates a formal
> > Purchase Order.
> >
> > For those other than the recipient any disclosure, copying,
> > distribution, or any action taken or omitted to be taken in reliance
> > on such information is prohibited and may be unlawful.
> >
> > Emails and other electronic communication with QinetiQ may be
> > monitored and recorded for business purposes including security, audit
> > and archival purposes. Any response to this email indicates consent
> > to this.
> >
> > Telephone calls to QinetiQ may be monitored or recorded for quality
> > control, security and other business purposes.
> >
> > QinetiQ Limited
> > Registered in England & Wales: Company Number:3796233
> > Registered office: 85 Buckingham Gate, London SW1E 6PD, United Kingdom
> > Trading address: Cody Technology Park, Cody Building, Ively Road,
> > Farnborough, Hampshire, GU14 0LX, United Kingdom
> > http://www.qinetiq.com/home/notices/legal.html
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscr...@maven.apache.org
> > For additional commands, e-mail: users-h...@maven.apache.org
> >
> >
The QinetiQ e-mail privacy policy and company information is detailed elsewhere
in the body of this email.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@maven.apache.org
For additional commands, e-mail: users-h...@maven.apache.org
