search

ExpediaGroup / jenkins-spock

Unit-test Jenkins pipeline code with Spock
https://javadoc.io/doc/com.homeaway.devtools.jenkins/jenkins-spock
Apache License 2.0
186 stars 73 forks source link

mvn 3.8.4 considers an http:// repo an error, and requires https #113

Open pdsimanyi opened 2 years ago

pdsimanyi commented 2 years ago

Expected Behavior

mvn compile should succeed.

Actual Behavior

mvn compile produces

[ERROR] Failed to execute goal on project jenkins-spock: Could not resolve dependencies for project com.homeaway.devtools.jenkins:jenkins-spock:jar:2.1.6-SNAPSHOT: Failed to collect dependencies at org.jenkins-ci.main:jenkins-core:jar:2.102: Failed to read artifact descriptor for org.jenkins-ci.main:jenkins-core:jar:2.102: Could not transfer artifact org.jenkins-ci.main:jenkins-core:pom:2.102 from/to maven-default-http-blocker (http://0.0.0.0/): transfer failed for http://0.0.0.0/org/jenkins-ci/main/jenkins-core/2.102/jenkins-core-2.102.pom: Connect to 0.0.0.0:80 [/0.0.0.0] failed: Connection refused (Connection refused) -> [Help 1]

Search results suggest this is because maven's config for newest versions automatically blocks http repos, only allowing https.

Steps to Reproduce

  1. Compile with Java 8. I have openjdk version "1.8.0_312" OpenJDK Runtime Environment (Zulu 8.58.0.13-CA-macos-aarch64) (build 1.8.0_312-b07) OpenJDK 64-Bit Server VM (Zulu 8.58.0.13-CA-macos-aarch64) (build 25.312-b07, mixed mode) on an M1 Mac.
  2. Compile with mvn 3.8.4 or later. (An earlier mvn may have this problem: I didn't find the earliest version.)
  3. If you can't reproduce the error above, please try rm -rf ~/.m2 first.

Additional Information

For me, the change below fixes the problem. Please consider whether changing the repo reference from http to https suffices to fix this in general: Replacing http://repo.jenkins-ci.org/releases with https://repo.jenkins-ci.org/releases worked for me.

pdsimanyi commented 2 years ago

Here's more information about the "http is an error" check.

This is an M1 Mac, macOS Monterey 12.1. mvn is installed by homebrew.

The check that may be related to this error is in file /usr/local/Cellar/maven/3.8.4/libexec/conf/settings.xml in this code block:

    <mirror>
      <id>maven-default-http-blocker</id>
      <mirrorOf>external:http:*</mirrorOf>
      <name>Pseudo repository to mirror external repositories initially using HTTP.</name>
      <url>http://0.0.0.0/</url>
      <blocked>true</blocked>
    </mirror>
andham commented 1 year ago

As using http for maven repos was deemed a security issue (hence the changes in Maven) this should be changed. Changing from http to https is sufficient in the repository definition in the pom.xml file.