Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Why does Hybris ship insecure http maven repository URL? And why can't we override it?

In apache-ant/lib/libraries.properties

m2.repo=http://repo1.maven.org/maven2/

What is the point of shipping Hybris with http URL?
It cannot be accessed in the first place, let alone used for downloading.
Ideally, it should be an https URL.

m2.repo=https://repo1.maven.org/maven2/

I tried overriding it by redeclaring this property in local.properties. When that did not pick the new value, I changed it to https in apache-ant/lib/libraries.properties, but it is still picking http. How to override this property?

Error logs:

[artifact:mvn] Downloading: org/apache/maven/apache-maven/3.2.5/apache-maven-3.2.5.pom from repository central at http://repo1.maven.org/maven2
[artifact:mvn] Error transferring file: Operation timed out (Connection timed out)
[artifact:mvn] [WARNING] Unable to get resource 'org.apache.maven:apache-maven:pom:3.2.5' from repository central (http://repo1.maven.org/maven2): Error transferring file: Operation timed out (Connection timed out)
     [null] An error has occurred while processing the Maven artifact tasks.
     [null]  Diagnosis:
     [null] 
     [null] Unable to resolve artifact: Missing:
     [null] ----------
     [null] 1) org.apache.maven:apache-maven:pom:3.2.5
     [null]   Path to dependency: 
     [null]     1) org.apache.maven:super-pom:pom:2.0
     [null]     2) org.apache.maven:apache-maven:pom:3.2.5
     [null] 
     [null] ----------
     [null] 1 required artifact is missing.
     [null] 
     [null] for artifact: 
     [null]   org.apache.maven:super-pom:pom:2.0
     [null] 
     [null] from the specified remote repositories:
     [null]   central (http://repo1.maven.org/maven2)
     [null] 
     [null] 

BUILD FAILED
like image 200
Farrukh Chishti Avatar asked Jan 29 '20 17:01

Farrukh Chishti


People also ask

Does Hybris support Maven Central http?

Unfortunately under the hood hybris uses ant-maven-task, which is not maintained since 2011 and has hardcoded link to http version of maven central. CX Insights All Hybris Solr Tags All Hybris Solr Tags Fix maven central http issue 2020-02-04 (Last update: 2020-05-28) — Written by Igor Zarvanskyi

What are the different types of Maven repositories?

There are exactly two types of repositories: local and remote: 1 the local repository is a directory on the computer where Maven runs. It caches remote downloads and contains temporary... 2 remote repositories refer to any other type of repository, accessed by a variety of protocols such as file:// and... More ...

What is wrong with Hybris Ant build?

Unfortunately under the hood hybris uses ant-maven-task, which is not maintained since 2011 and has hardcoded link to http version of maven central. Such situation leads to download errors during hybris ant build in case of missing dependencies

What is internal repository in Maven?

Internal Repositories. When using Maven, particularly in a corporate environment, connecting to the internet to download dependencies is not acceptable for security, speed or bandwidth reasons. For that reason, it is desirable to set up an internal repository to house a copy of artifacts, and to publish private artifacts to.


2 Answers

You can override this by setting up your $HOME/.m2/settings.xml file.

For example:

    <?xml version="1.0" encoding="UTF-8"?>
<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
          xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 http://maven.apache.org/xsd/settings-1.0.0.xsd">
    <profiles>
        <profile>
            <id>default</id>
            <repositories>
                <repository>
                    <releases>
                        <enabled>true</enabled>
                    </releases>
                    <snapshots>
                        <enabled>true</enabled>
                    </snapshots>
                    <id>central</id>
                    <url>https://repo1.maven.org/maven2</url>
                </repository>
            </repositories>
            <pluginRepositories>
                <pluginRepository>
                    <releases>
                        <enabled>true</enabled>
                    </releases>
                    <snapshots>
                        <enabled>true</enabled>
                    </snapshots>
                    <id>central</id>
                    <url>https://repo1.maven.org/maven2</url>
                </pluginRepository>
            </pluginRepositories>
        </profile>
    </profiles>

    <activeProfiles>
        <activeProfile>default</activeProfile>
    </activeProfiles>

</settings>
like image 96
Neil Hubert-Price Avatar answered Oct 10 '22 02:10

Neil Hubert-Price


Redeclaring m2.repo in local.properties won't work as there is no such property loaded by Hybris. You can verify it by searching for m2.repo in hAC > Platform > Configuration (or simply at https://localhost:9002/platform/config).

Modifying it in apache-ant/lib/libraries.properties should work if you execute ant. Please let me know if it is not the case and I will try to find some other option.

When that did not pick the new value, I changed it to https in apache-ant/lib/libraries.properties, but it is still picking http. How to override this property?

It would be helpful if you mention where do you see it picking http. Please mention the steps to replicate this behavior.

like image 32
Arvind Kumar Avinash Avatar answered Oct 10 '22 03:10

Arvind Kumar Avinash