jruby-maven-plugins icon indicating copy to clipboard operation
jruby-maven-plugins copied to clipboard

Published 20 hours ago verified publisher icon jruby

repository url blocked on latest maven

Open seanstory opened this issue 3 years ago • 4 comments

running mvn clean gem:initialize I was hitting errors like:

[ERROR] Failed to execute goal on project dummy: Could not resolve dependencies for project rubygems:dummy:jar:testing: Failed to collect dependencies at rubygems:rails:gem:2.3.5: Failed to read artifact descriptor for rubygems:rails:gem:2.3.5: Could not transfer artifact rubygems:rails:pom:2.3.5 from/to maven-default-http-blocker (http://0.0.0.0/): Blocked mirror for repositories: [rubygems-proxy (http://rubygems-proxy.torquebox.org/releases, default, releases)] -> [Help 1]

I was able to find this stack overflow post which explained that the repository URL of http://rubygems-proxy.torquebox.org/releases is automatically blocked by maven versions >= 3.8.1

As a workaround, I switched my project to use mvnw with .mvn/wrapper/maven-wrapper.properties using

distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.6.3/apache-maven-3.6.3-bin.zip

but it would be great if rubygems-proxy.torquebox.org could use HTTPS and a valid certificate. When I tried to just specify

        <repository>
            <id>rubygems-release</id>
            <url>https://rubygems-proxy.torquebox.org/releases</url> <!-- note the "httpS" -->
        </repository>

I hit:

[ERROR] Failed to execute goal on project dummy: Could not resolve dependencies for project rubygems:dummy:jar:testing: Failed to collect dependencies at rubygems:rails:gem:2.3.5: Failed to read artifact descriptor for rubygems:rails:gem:2.3.5: Could not transfer artifact rubygems:rails:pom:2.3.5 from/to rubygems-proxy (https://rubygems-proxy.torquebox.org/releases): transfer failed for https://rubygems-proxy.torquebox.org/releases/rubygems/rails/2.3.5/rails-2.3.5.pom: Certificate for <rubygems-proxy.torquebox.org> doesn't match any of the subject alternative names: [*.ceylon-lang.org, ceylon-lang.org] -> [Help 1]

seanstory avatar Dec 15 '21 19:12 seanstory

@mkristian Can you assist here? I guess I did not fully remove the torquebox repository from ruby-tools, and this file still seems to try to use it:

https://github.com/jruby/jruby-maven-plugins/blob/ac6fcff609e312aa045ff831f4b97fec442d9657/ruby-tools/src/main/java/de/saumya/mojo/ruby/gems/DefaultGemManager.java

This doesn't appear to affect released files, but for prerelease files it's falling back on this and of course failing to resolve it. For example, try to run rake specs in jar-dependencies, and it blows up dealing with any gems that have prerelease versions.

headius avatar Feb 06 '25 21:02 headius

I will have a look

mkristian avatar Feb 07 '25 17:02 mkristian

first thing I would do this: https://github.com/jruby/maven-tools/pull/41 as it makes no sense to use torquebox repo if it does not exists.

The default rubygems repo is only needed for this case: https://github.com/jruby/jruby-maven-plugins/blob/master/jruby-maven-plugin/src/main/java/de/saumya/mojo/jruby/JRubyVersion.java#L88-L91 i.e. for jruby-1.7 and before.

If you agree I would prepare a PR which removes all this code for jruby-1.7 and before - as it will try to use the torquebox repo which does not exit anymore, i.e. it is failing for some time now. Assuming nobody is using this anymore.

mkristian avatar Feb 09 '25 12:02 mkristian

@mkristian Please do!

headius avatar Feb 09 '25 19:02 headius