Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade aether #83

Merged
merged 16 commits into from
May 19, 2017
Merged

Upgrade aether #83

merged 16 commits into from
May 19, 2017

Conversation

technomancy
Copy link
Contributor

@technomancy technomancy commented May 18, 2017
edited
Loading

This builds on #80 but takes it a bit further.

  • brings Maven up to 3.5.0, which wasn't released when the first PR was created
  • drops support for OpenJDK6
  • does not support non-TLS HTTP repositories out of the box
  • adds a test for registering new wagons
  • deletes a test for proxy support that assumed repo1.maven.org could be used as a proxy for repo1.maven.org

Note that item 3 above is technically a breaking change; however I would argue it is a bugfix for a critical security flaw. It's still possible to explicitly opt-in to non-TLS HTTP repositories if you don't care for security by calling register-wagon-factory! yourself.

ryfow and others added 16 commits February 9, 2017 15:44
@ryfow @arichiardi
Upgrading to org.eclipse.aether
b71ad6f
@arichiardi
Bump dependency version
d6ef6ee
@arichiardi
Update aether to release version and remove PomegranadeWagonProvider
9961f72 
This patch upgrades to the latest version of aether: 1.1.0. The change
makes the Pomegranade customization of the wagon unnecessary and
therefore the new internal repository-system does not include it
anymore:

  (doto (MavenRepositorySystemUtils/newServiceLocator)
     (.addService RepositoryConnectorFactory BasicRepositoryConnectorFactory)
     (.addService TransporterFactory FileTransporterFactory)
     (.addService TransporterFactory HttpTransporterFactory)
     (.setErrorHandler error-handler))
@arichiardi
Fix default checksum level in deploy-artifacts docstring
3733762
@arichiardi
Make tests green again
de180f2
@arichiardi
Suppress slf4j warning in tests
cf8ef54
@technomancy
Bump to Maven 3.5.0 and replace aether with maven-resolver.
c4e1998
@technomancy
Test on openjdk 8, but not 6.
d720c6e
@technomancy
Reintroduce register-wagon-factory function.
c0489ea 
Note that this is a bit different from the version in the released
version, which includes an "http" and "https" entry in the factories
atom; this falls back to the HttpTransporterFactory inside the
ServiceLocator. It's unclear if there is any difference between the
two approaches.
@technomancy
Use new WagonTransporterFactory API.
5a3ef03
@technomancy
UK Maven mirror is not HTTPS-capable; try this Google one.
0af98b3
@technomancy
Register an exception-throwing wagon fn for non-TLS HTTP repos.
9150b14
@technomancy
Remove test that makes no sense.
1d6c911 
repo1.maven.org is not a proxy; why would you expect it to work like a
proxy? It's a repository. Silly wabbit.
@technomancy
Add test for registering new wagons.
e2600a8 
Test based on https://github.com/xeqi/pedantic; thanks to Nelson Morris/xeqi.
@technomancy
Apparently Travis doesn't know about OpenJDK 8 yet?
740f815
@technomancy
Catch straggling http->https changes.
12d35ca
@technomancy technomancy mentioned this pull request May 18, 2017
Closed
@cemerick
Copy link
Collaborator

Just to make sure I grok the HTTPS-only change: it looks like this means any http repository defined via :repositories in project.clj would fail the lein task. The workaround would then be some code after defproject explicitly adding in the HTTP wagon and then adding the desired unsecure repo?

(@technomancy I have no problem with this at all, esp. insofar as you and others actively maintaining Leiningen are likely to find out just how many people are using janky http apache-served repos, old internal nexus installs, etc.)

@cemerick cemerick merged commit 69b7d03 into clj-commons:master May 19, 2017
@cemerick
Copy link
Collaborator

I'll get a release cut of this later today, I think. Thanks to @ryfow, @arichiardi, and @technomancy for putting this together.

@arichiardi
Copy link
Contributor

@cemerick thanks! teamwork!

@technomancy Did you notice any positive side in bumping? I wonder if it actually improves things (it should, many bugs were solved).

arichiardi
arichiardi reviewed May 19, 2017
View reviewed changes
src/main/clojure/cemerick/pomegranate/aether.clj Outdated
@@ -83,6 +115,7 @@
(clojure.stacktrace/print-cause-trace e)))]
(.getService
(doto (MavenRepositorySystemUtils/newServiceLocator)
(.setService WagonProvider PomegranateWagonProvider)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@technomancy
Copy link
Contributor Author

@arichiardi the main positive side is that it no longer depends on libs which are in an unmaintained state. This will make it possible to have Leiningen distributed thru Debian repositories.

I also took this chance to remove the non-TLS HTTP support, which is a very important benefit, but it is unrelated to the upgrade to the latest version.

@technomancy technomancy deleted the upgrade-aether branch May 19, 2017 18:04
@cemerick cemerick added this to the 0.4.0 milestone May 19, 2017
@cemerick
Copy link
Collaborator

0.4.0-alpha1 is winding its way through the bowels of OSS sonatype now.

@cemerick cemerick mentioned this pull request May 19, 2017
Closed
@arichiardi arichiardi mentioned this pull request May 27, 2017
Closed
@glts glts mentioned this pull request Aug 15, 2017
Merged
@gfpeltier gfpeltier mentioned this pull request Oct 19, 2018
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@arichiardi arichiardi arichiardi left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
0.4.0
Development

Successfully merging this pull request may close these issues.
4 participants
@technomancy @cemerick @arichiardi @ryfow