maven-archetype 类型的项目尝试下载 plexus-tools:1.1
project of type maven-archetype tries to download plexus-tools:1.1
我有一个简单的原型项目。当甚至使用 mvn clean 时,它会尝试下载 plexus-utils:1.1,由于漏洞,我公司的回购协议禁止它。
我已经通过各种人工制品检查对该版本的依赖性并找到 none。我能找到的唯一依赖项是 plexus-utils:3.2.0.
在我的个人笔记本电脑上,如果我从本地存储库中删除所有版本的 plexus-utils,它会先下载 1.1,然后再下载其他版本(用于 clean 插件或 archetype 插件等)。
谁能帮我弄清楚为什么它会尝试下载那个版本的 plexus-utils?
pom.xml
...
<packaging>maven-archetype</packaging>
...
<build>
<extensions>
<extension>
<groupId>org.apache.maven.archetype</groupId>
<artifactId>archetype-packaging</artifactId>
<version>3.1.2</version>
</extension>
</extensions>
<pluginManagement>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-archetype-plugin</artifactId>
<version>3.1.2</version>
</plugin>
</plugins>
</pluginManagement>
</build>
</project>
mvn -X clean 的结果
Apache Maven 3.6.0 (97c98ec64a1fdfee7767ce5ffb20918da4f719f3; 2018-10-24T19:41:47+01:00)
Maven home: C:\no-space-paths\apache-maven-3.6.0\bin\..
Java version: 1.8.0_192, vendor: Oracle Corporation, runtime: C:\Program Files\Java\jdk1.8.0_192\jre
Default locale: en_GB, platform encoding: Cp1252
OS name: "windows 10", version: "10.0", arch: "amd64", family: "windows"
[DEBUG] Created new class realm maven.api
[DEBUG] Importing foreign packages into class realm maven.api
[DEBUG] Imported: javax.annotation.* < plexus.core
... snip ...
[DEBUG] Imported: org.codehaus.classworlds < plexus.core
[DEBUG] Imported: org.codehaus.plexus.* < plexus.core
[DEBUG] Imported: org.codehaus.plexus.classworlds < plexus.core
[DEBUG] Imported: org.codehaus.plexus.component < plexus.core
[DEBUG] Imported: org.codehaus.plexus.configuration < plexus.core
[DEBUG] Imported: org.codehaus.plexus.container < plexus.core
[DEBUG] Imported: org.codehaus.plexus.context < plexus.core
[DEBUG] Imported: org.codehaus.plexus.lifecycle < plexus.core
[DEBUG] Imported: org.codehaus.plexus.logging < plexus.core
[DEBUG] Imported: org.codehaus.plexus.personality < plexus.core
[DEBUG] Imported: org.codehaus.plexus.util.xml.Xpp3Dom < plexus.core
[DEBUG] Imported: org.codehaus.plexus.util.xml.pull.XmlPullParser < plexus.core
[DEBUG] Imported: org.codehaus.plexus.util.xml.pull.XmlPullParserException < plexus.core
[DEBUG] Imported: org.codehaus.plexus.util.xml.pull.XmlSerializer < plexus.core
[DEBUG] Imported: org.eclipse.aether.* < plexus.core
... snip ...
[DEBUG] Imported: org.slf4j.spi.* < plexus.core
[DEBUG] Populating class realm maven.api
[INFO] Error stacktraces are turned on.
... snip ...
[INFO] Scanning for projects...
[DEBUG] Dependency collection stats: {ConflictMarker.analyzeTime=759600, ConflictMarker.markTime=341900, ConflictMarker.nodeCount=1, ConflictIdSorter.graphTime=804800, ConflictIdSorter.topsortTime=613100, ConflictIdSorter.conflictIdCount=1, ConflictIdSorter.conflictIdCycleCount=0, ConflictResolver.totalTime=3014800, ConflictResolver.conflictItemCount=1, DefaultDependencyCollector.collectTime=63887200, DefaultDependencyCollector.transformTime=8607800}
[DEBUG] org.apache.maven.archetype:archetype-packaging:jar:3.1.2:
[DEBUG] org.codehaus.plexus:plexus-utils:jar:1.1:runtime
[DEBUG] Using transporter WagonTransporter with priority -1.0 for https://repo.maven.apache.org/maven2
[DEBUG] Using connector BasicRepositoryConnector with priority 0.0 for https://repo.maven.apache.org/maven2
Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.1/plexus-utils-1.1.jar
Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.1/plexus-utils-1.1.jar (169 kB at 218 kB/s)
... snip (downloads as normal) ...
[DEBUG] Created new class realm extension>org.apache.maven.archetype:archetype-packaging:3.1.2
[DEBUG] Importing foreign packages into class realm extension>org.apache.maven.archetype:archetype-packaging:3.1.2
[DEBUG] Imported: < maven.api
[DEBUG] Populating class realm extension>org.apache.maven.archetype:archetype-packaging:3.1.2
[DEBUG] Included: org.apache.maven.archetype:archetype-packaging:jar:3.1.2
[DEBUG] Included: org.codehaus.plexus:plexus-utils:jar:1.1
[DEBUG] Extension realms for project test:test:maven-archetype:0.0.1-SNAPSHOT: [ClassRealm[extension>org.apache.maven.archetype:archetype-packaging:3.1.2, parent: sun.misc.Launcher$AppClassLoader@4e25154f]]
[DEBUG] Created new class realm project>test:test:0.0.1-SNAPSHOT
[DEBUG] Populating class realm project>test:test:0.0.1-SNAPSHOT
[DEBUG] Included: org.apache.maven.archetype:archetype-packaging:jar:3.1.2
并且企业版失败,因为它无法下载plexus-utils:1.1。这是它真正开始处理干净目标之前的全部内容。
因此,出于某种原因,它已经解决了 archetype-packaging 的依赖关系,并决定它需要 plexus-utils:1.1。 :runtime
在依赖列表中是什么意思? -- 编辑说,我可以看到 :runtime
必须是依赖项的范围,但它没有在任何地方声明。
但是如果我查看 archetype-packaging,pom 或 jar 中没有任何内容提示我应该使用 plexus-utils:1.1。
archetype-packaging-3.1.2.pom
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.apache.maven.archetype</groupId>
<artifactId>maven-archetype</artifactId>
<version>3.1.2</version>
</parent>
<artifactId>archetype-packaging</artifactId>
<name>Maven Archetype Packaging</name>
<description>'maven-archetype' packaging configuration for archetypes.</description>
</project>
maven-archetype-3.1.2.pom
<dependencyManagement>
... snip ...
<dependency>
<groupId>org.codehaus.plexus</groupId>
<artifactId>plexus-utils</artifactId>
<version>3.2.0</version>
</dependency>
...
原型打包 jar 文件中真正唯一的东西是 plexus\components.xml。我想它可能是这里的东西,但依赖项集合中没有迹象表明它正在使用这些中的任何一个,也没有指定干净的目标。
<?xml version="1.0" encoding="UTF-8"?>
<component-set>
<components>
<component>
<role>org.apache.maven.lifecycle.mapping.LifecycleMapping</role>
<role-hint>maven-archetype</role-hint>
<implementation>org.apache.maven.lifecycle.mapping.DefaultLifecycleMapping</implementation>
<configuration>
<phases>
<process-resources>org.apache.maven.plugins:maven-resources-plugin:resources</process-resources>
<process-test-resources>org.apache.maven.plugins:maven-resources-plugin:testResources</process-test-resources>
<package>org.apache.maven.plugins:maven-archetype-plugin:jar</package>
<integration-test>org.apache.maven.plugins:maven-archetype-plugin:integration-test</integration-test>
<install>org.apache.maven.plugins:maven-install-plugin:install,
org.apache.maven.plugins:maven-archetype-plugin:update-local-catalog
</install>
<deploy>org.apache.maven.plugins:maven-deploy-plugin:deploy</deploy>
</phases>
</configuration>
</component>
<component>
<role>org.apache.maven.artifact.handler.ArtifactHandler</role>
<role-hint>maven-archetype</role-hint>
<implementation>org.apache.maven.artifact.handler.DefaultArtifactHandler</implementation>
<configuration>
<type>maven-archetype</type>
<extension>jar</extension>
<packaging>maven-archetype</packaging>
</configuration>
</component>
</components>
</component-set>
事实证明这是 Maven 3 与 Maven 2 兼容的(有点晦涩)功能。任何未声明对 plexus-utils 的显式依赖的插件(或扩展)将对 plexus- 具有隐式依赖utils:1.1 添加。
你可以在这里看到我对这个决定的看法:archetype-packaging.jar:3.1.2 requires org.codehaus.plexus:plexus-utils:jar:1.1
我有一个简单的原型项目。当甚至使用 mvn clean 时,它会尝试下载 plexus-utils:1.1,由于漏洞,我公司的回购协议禁止它。
我已经通过各种人工制品检查对该版本的依赖性并找到 none。我能找到的唯一依赖项是 plexus-utils:3.2.0.
在我的个人笔记本电脑上,如果我从本地存储库中删除所有版本的 plexus-utils,它会先下载 1.1,然后再下载其他版本(用于 clean 插件或 archetype 插件等)。
谁能帮我弄清楚为什么它会尝试下载那个版本的 plexus-utils?
pom.xml
...
<packaging>maven-archetype</packaging>
...
<build>
<extensions>
<extension>
<groupId>org.apache.maven.archetype</groupId>
<artifactId>archetype-packaging</artifactId>
<version>3.1.2</version>
</extension>
</extensions>
<pluginManagement>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-archetype-plugin</artifactId>
<version>3.1.2</version>
</plugin>
</plugins>
</pluginManagement>
</build>
</project>
mvn -X clean 的结果
Apache Maven 3.6.0 (97c98ec64a1fdfee7767ce5ffb20918da4f719f3; 2018-10-24T19:41:47+01:00)
Maven home: C:\no-space-paths\apache-maven-3.6.0\bin\..
Java version: 1.8.0_192, vendor: Oracle Corporation, runtime: C:\Program Files\Java\jdk1.8.0_192\jre
Default locale: en_GB, platform encoding: Cp1252
OS name: "windows 10", version: "10.0", arch: "amd64", family: "windows"
[DEBUG] Created new class realm maven.api
[DEBUG] Importing foreign packages into class realm maven.api
[DEBUG] Imported: javax.annotation.* < plexus.core
... snip ...
[DEBUG] Imported: org.codehaus.classworlds < plexus.core
[DEBUG] Imported: org.codehaus.plexus.* < plexus.core
[DEBUG] Imported: org.codehaus.plexus.classworlds < plexus.core
[DEBUG] Imported: org.codehaus.plexus.component < plexus.core
[DEBUG] Imported: org.codehaus.plexus.configuration < plexus.core
[DEBUG] Imported: org.codehaus.plexus.container < plexus.core
[DEBUG] Imported: org.codehaus.plexus.context < plexus.core
[DEBUG] Imported: org.codehaus.plexus.lifecycle < plexus.core
[DEBUG] Imported: org.codehaus.plexus.logging < plexus.core
[DEBUG] Imported: org.codehaus.plexus.personality < plexus.core
[DEBUG] Imported: org.codehaus.plexus.util.xml.Xpp3Dom < plexus.core
[DEBUG] Imported: org.codehaus.plexus.util.xml.pull.XmlPullParser < plexus.core
[DEBUG] Imported: org.codehaus.plexus.util.xml.pull.XmlPullParserException < plexus.core
[DEBUG] Imported: org.codehaus.plexus.util.xml.pull.XmlSerializer < plexus.core
[DEBUG] Imported: org.eclipse.aether.* < plexus.core
... snip ...
[DEBUG] Imported: org.slf4j.spi.* < plexus.core
[DEBUG] Populating class realm maven.api
[INFO] Error stacktraces are turned on.
... snip ...
[INFO] Scanning for projects...
[DEBUG] Dependency collection stats: {ConflictMarker.analyzeTime=759600, ConflictMarker.markTime=341900, ConflictMarker.nodeCount=1, ConflictIdSorter.graphTime=804800, ConflictIdSorter.topsortTime=613100, ConflictIdSorter.conflictIdCount=1, ConflictIdSorter.conflictIdCycleCount=0, ConflictResolver.totalTime=3014800, ConflictResolver.conflictItemCount=1, DefaultDependencyCollector.collectTime=63887200, DefaultDependencyCollector.transformTime=8607800}
[DEBUG] org.apache.maven.archetype:archetype-packaging:jar:3.1.2:
[DEBUG] org.codehaus.plexus:plexus-utils:jar:1.1:runtime
[DEBUG] Using transporter WagonTransporter with priority -1.0 for https://repo.maven.apache.org/maven2
[DEBUG] Using connector BasicRepositoryConnector with priority 0.0 for https://repo.maven.apache.org/maven2
Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.1/plexus-utils-1.1.jar
Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.1/plexus-utils-1.1.jar (169 kB at 218 kB/s)
... snip (downloads as normal) ...
[DEBUG] Created new class realm extension>org.apache.maven.archetype:archetype-packaging:3.1.2
[DEBUG] Importing foreign packages into class realm extension>org.apache.maven.archetype:archetype-packaging:3.1.2
[DEBUG] Imported: < maven.api
[DEBUG] Populating class realm extension>org.apache.maven.archetype:archetype-packaging:3.1.2
[DEBUG] Included: org.apache.maven.archetype:archetype-packaging:jar:3.1.2
[DEBUG] Included: org.codehaus.plexus:plexus-utils:jar:1.1
[DEBUG] Extension realms for project test:test:maven-archetype:0.0.1-SNAPSHOT: [ClassRealm[extension>org.apache.maven.archetype:archetype-packaging:3.1.2, parent: sun.misc.Launcher$AppClassLoader@4e25154f]]
[DEBUG] Created new class realm project>test:test:0.0.1-SNAPSHOT
[DEBUG] Populating class realm project>test:test:0.0.1-SNAPSHOT
[DEBUG] Included: org.apache.maven.archetype:archetype-packaging:jar:3.1.2
并且企业版失败,因为它无法下载plexus-utils:1.1。这是它真正开始处理干净目标之前的全部内容。
因此,出于某种原因,它已经解决了 archetype-packaging 的依赖关系,并决定它需要 plexus-utils:1.1。 :runtime
在依赖列表中是什么意思? -- 编辑说,我可以看到 :runtime
必须是依赖项的范围,但它没有在任何地方声明。
但是如果我查看 archetype-packaging,pom 或 jar 中没有任何内容提示我应该使用 plexus-utils:1.1。
archetype-packaging-3.1.2.pom
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.apache.maven.archetype</groupId>
<artifactId>maven-archetype</artifactId>
<version>3.1.2</version>
</parent>
<artifactId>archetype-packaging</artifactId>
<name>Maven Archetype Packaging</name>
<description>'maven-archetype' packaging configuration for archetypes.</description>
</project>
maven-archetype-3.1.2.pom
<dependencyManagement>
... snip ...
<dependency>
<groupId>org.codehaus.plexus</groupId>
<artifactId>plexus-utils</artifactId>
<version>3.2.0</version>
</dependency>
...
原型打包 jar 文件中真正唯一的东西是 plexus\components.xml。我想它可能是这里的东西,但依赖项集合中没有迹象表明它正在使用这些中的任何一个,也没有指定干净的目标。
<?xml version="1.0" encoding="UTF-8"?>
<component-set>
<components>
<component>
<role>org.apache.maven.lifecycle.mapping.LifecycleMapping</role>
<role-hint>maven-archetype</role-hint>
<implementation>org.apache.maven.lifecycle.mapping.DefaultLifecycleMapping</implementation>
<configuration>
<phases>
<process-resources>org.apache.maven.plugins:maven-resources-plugin:resources</process-resources>
<process-test-resources>org.apache.maven.plugins:maven-resources-plugin:testResources</process-test-resources>
<package>org.apache.maven.plugins:maven-archetype-plugin:jar</package>
<integration-test>org.apache.maven.plugins:maven-archetype-plugin:integration-test</integration-test>
<install>org.apache.maven.plugins:maven-install-plugin:install,
org.apache.maven.plugins:maven-archetype-plugin:update-local-catalog
</install>
<deploy>org.apache.maven.plugins:maven-deploy-plugin:deploy</deploy>
</phases>
</configuration>
</component>
<component>
<role>org.apache.maven.artifact.handler.ArtifactHandler</role>
<role-hint>maven-archetype</role-hint>
<implementation>org.apache.maven.artifact.handler.DefaultArtifactHandler</implementation>
<configuration>
<type>maven-archetype</type>
<extension>jar</extension>
<packaging>maven-archetype</packaging>
</configuration>
</component>
</components>
</component-set>
事实证明这是 Maven 3 与 Maven 2 兼容的(有点晦涩)功能。任何未声明对 plexus-utils 的显式依赖的插件(或扩展)将对 plexus- 具有隐式依赖utils:1.1 添加。
你可以在这里看到我对这个决定的看法:archetype-packaging.jar:3.1.2 requires org.codehaus.plexus:plexus-utils:jar:1.1