search

International-Data-Spaces-Association / DataspaceConnector

This is an IDS Connector reference implementation.
Apache License 2.0
31 stars 25 forks source link

updated IAIS repository URL (http:// -> https://) #679

Closed nuthub closed 1 year ago

nuthub commented 1 year ago

http://maven.iais.fraunhofer.de/ui/native/eis-ids-public isn't accessible anymore, but https://maven.iais.fraunhofer.de/ui/native/eis-ids-public is accessible

addresses #678

nuthub commented 1 year ago

wrong patch

alzcurda commented 1 year ago

Hi, I tried this solution but it doesn't work. Could it be possible that the problem is in some internal library or dependency in the POM?

alzcurda commented 1 year ago

Hi,

One of the errors was this:

15 71.36 Caused by: org.eclipse.aether.transfer.ArtifactTransferException: Could not transfer artifact de.fraunhofer.iais.eis.infomodel:util:pom:4.2.7-SNAPSHOT from/to maven-default-http-blocker (http://0.0.0.0/): Blocked mirror fo

r repositories: [eis-public-repo (http://maven.iais.fraunhofer.de/artifactory/eis-ids-public, default, disabled), eis-snapshot-repo (http://maven.iais.fraunhofer.de/artifactory/eis-ids-snapshot, default, releases+snapshots), eis-ids-public (http://maven.iais.fraunhofer.de/artifactory/eis-ids-public, default, releases+snapshots)]

I opened the repository: https://maven.iais.fraunhofer.de/ui/native/eis-ids-public/de/fraunhofer/iais/eis/ids/infomodel/validation-serialization-provider/4.2.7-SNAPSHOT/

We can see this POM is pointing to the old URL: image

I think this problem can ocur in all the components that are using the old URL.

nuthub commented 1 year ago

I guess the best solution would be to have a redirect from HTTP -> HTTPS in place at maven.iais.fraunhofer.de, right?

alzcurda commented 1 year ago

I don't know if a redirection will work. The problem is related with this issue:

https://maven.apache.org/docs/3.8.1/release-notes.html#cve-2021-26291

The solution they give is to change the source or add a mirror in the POM settings:

image

I guess a redirect won't work because the blocking happens when Maven parses the URL.

nuthub commented 1 year ago

ok, the problem therefore does not exist with Maven versions below 3.8.1, right? I got a successful build with Maven 3.6.3 on a VM that allowed me to install that rather old maven version. Of course one idea of using docker and the like is the idea to specify a particular version a software depends on to have some kind of reproducible builds. The problem with the Dockerfile in this case is that it does not specify a specific version of Maven to build the DataspaceConnector. (Another problem is of course that the software depends on artifacts that depend on artifacts that can't be found on the official Maven repository and therefore additionally depends on the availability of the additional maven repositories like the one of Fraunhofer IAIS).

One way to avoid modification of more dependencies (considered as 3rd party dependencies), which may not be possible in each case and may have additional side effects, is to explicitly specify a maven version in the Dockerfile. This is what I have done here:

https://github.com/International-Data-Spaces-Association/DataspaceConnector/commit/3e0517518419ab194a621ce2d338c59234942760

alzcurda commented 1 year ago

It worked for me too. I think this may be a temporary solution, but if the servers have changed to https, the urls need to be changed as well.