[javapackages-tools] Update to upstream version 0.13.1
by Mikolaj Izdebski
commit b7753cc6e9822034a282b7f9d7e478ef7e7cc7cf
Author: Mikolaj Izdebski <mizdebsk(a)redhat.com>
Date: Thu Mar 7 07:53:15 2013 +0100
Update to upstream version 0.13.1
.gitignore | 1 +
javapackages-tools.spec | 5 ++++-
sources | 2 +-
3 files changed, 6 insertions(+), 2 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index 72b6c9e..9f0244f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -28,3 +28,4 @@
/javapackages-0.12.6.tar.xz
/javapackages-2f13366e47a0a687160fe3c555e5588af49a7566.tar.bz2
/javapackages-0.13.0.tar.xz
+/javapackages-0.13.1.tar.xz
diff --git a/javapackages-tools.spec b/javapackages-tools.spec
index dd3bc95..69926e9 100644
--- a/javapackages-tools.spec
+++ b/javapackages-tools.spec
@@ -1,5 +1,5 @@
Name: javapackages-tools
-Version: 0.13.0
+Version: 0.13.1
Release: 1%{?dist}
Summary: Macros and scripts for Java packaging support
@@ -112,6 +112,9 @@ rm -f $RPM_BUILD_ROOT%{_bindir}/mvn-{local,rpmbuild}
%changelog
+* Thu Mar 7 2013 Mikolaj Izdebski <mizdebsk(a)redhat.com> - 0.13.1-1
+- Update to upstream version 0.13.1
+
* Wed Mar 6 2013 Mikolaj Izdebski <mizdebsk(a)redhat.com> - 0.13.0-1
- Update to upstream version 0.13.0
diff --git a/sources b/sources
index 0e9b0e4..a2e91ee 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-2a97fc9da9ff287940ae4e25808fdf30 javapackages-0.13.0.tar.xz
+39fa1ed906663e5e73dc6d7602d24806 javapackages-0.13.1.tar.xz
11 years, 3 months
[javapackages] Fix XMl comments
by Mikolaj Izdebski
commit 607410adf740c4f8b7c19251cdb617c6cbea5559
Author: Mikolaj Izdebski <mizdebsk(a)redhat.com>
Date: Thu Mar 7 07:51:06 2013 +0100
Fix XMl comments
XML with double dash inside comment is invalid.
scripts/mvn-build | 10 +++++-----
1 files changed, 5 insertions(+), 5 deletions(-)
---
diff --git a/scripts/mvn-build b/scripts/mvn-build
index fd48dff..55e66e7 100755
--- a/scripts/mvn-build
+++ b/scripts/mvn-build
@@ -101,8 +101,8 @@ while [ $# -gt 0 ]; do
break
;;
-d|--xmvn-debug)
- _write_xmvn_config "%mvn_build macro (--xmvn-debug option)" "resolverSettings" "debug" "true"
- _write_xmvn_config "%mvn_build macro (--xmvn-debug option)" "installerSettings" "debug" "true"
+ _write_xmvn_config "%mvn_build macro (xmvn-debug option)" "resolverSettings" "debug" "true"
+ _write_xmvn_config "%mvn_build macro (xmvn-debug option)" "installerSettings" "debug" "true"
;;
# XXX
-E|--disable-effective-poms)
@@ -141,8 +141,8 @@ while [ $# -gt 0 ]; do
shift
;;
-X|--debug)
- _write_xmvn_config "%mvn_build macro (--debug option)" "resolverSettings" "debug" "true"
- _write_xmvn_config "%mvn_build macro (--debug option)" "installerSettings" "debug" "true"
+ _write_xmvn_config "%mvn_build macro (debug option)" "resolverSettings" "debug" "true"
+ _write_xmvn_config "%mvn_build macro (debug option)" "installerSettings" "debug" "true"
debug=-X
;;
*)
@@ -155,7 +155,7 @@ done
if $singleton; then
- _write_xmvn_config "%mvn_build macro (--singleton option)" "artifactManagement" "rule" "<artifactGlob>
+ _write_xmvn_config "%mvn_build macro (singleton option)" "artifactManagement" "rule" "<artifactGlob>
<artifactId>{*}</artifactId>
</artifactGlob>
<targetPackage>@1</targetPackage>"
11 years, 3 months
[Bug 917084] CVE-2013-0253 maven: all SSL certificate checking is disabled by default
by Red Hat Bugzilla
Product: Security Response
https://bugzilla.redhat.com/show_bug.cgi?id=917084
--- Comment #4 from Mikolaj Izdebski <mizdebsk(a)redhat.com> ---
Created attachment 706362
--> https://bugzilla.redhat.com/attachment.cgi?id=706362&action=edit
diff -u -r apache-maven-3.0.4 apache-maven-3.0.5
There is no code difference between Maven 3.0.4 and 3.0.5. I attached diff -r
between maven 3.0.4 and 3.0.5 tarballs. The diff contains basically version
bump from 3.0.4 to 3.0.5, documentation changes (which don't affect runtime)
and changed maven-wagon dependency from 2.2 to 2.4. There is no direct fix for
any security bug.
The vulnerability itself was present in maven-wagon 2.x < 2.4. In Fedora we
never had such versions of maven-wagon. In Fedora 19 it was updated from 1.0
directly to 2.4, skipping all affected versions. Fedora 17 and 18 we still have
version 1.0, which is unaffected.
(In reply to comment #3)
> The bug was more to bump Maven to 3.0.5 (from 3.0.4) and not necessarily
> also bump Maven Wagon (as the flaw is noted as being introduced in 3.0.4, I
> suspect the flaw is more in Maven than Maven Wagon). Bumping Maven to 3.0.5
> across all versions of Fedora and leaving Maven Wagon untouched (keep it at
> 1.0) should be sufficient to correct this.
It's exactly the opposite. The bug is in Maven Wagon. It would be enough to
update Maven Wagon, there is no need for updating Maven itself. (Combination of
Maven 3.0.5 and Maven Wagon 2.2 is vulnerable, while Maven 3.0.4 and Maven
Wagon 1.0 or 2.4 are not). The attached diff shows that there are no semantic
changes in Maven 3.0.5.
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=WYis8h97KO&a=cc_unsubscribe
11 years, 3 months
[javapackages] [doc] Fix backtick pairing
by Stanislav Ochotnicky
commit e934a392c25d0e58309caf0cf7bc9c283a2d38e4
Author: Stanislav Ochotnicky <sochotnicky(a)gmail.com>
Date: Wed Mar 6 22:50:03 2013 +0100
[doc] Fix backtick pairing
doc/index.txt | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
---
diff --git a/doc/index.txt b/doc/index.txt
index 6d73ffd..439c73b 100644
--- a/doc/index.txt
+++ b/doc/index.txt
@@ -392,7 +392,7 @@ mentioned (e.g. some parent POMs), then these will all end up in package named
[TIP]
======
`%mvn_package` macro supports wildcards and brace expansions, so whole `%prep` section from previous example can be replaced with single line:
-`%mvn_package ":plexus-compiler-{jikes,eclipse,csharp}" plexus-compiler-extras
+`%mvn_package ":plexus-compiler-{jikes,eclipse,csharp}" plexus-compiler-extras`
======
.XMvn package relationships
11 years, 3 months
[Bug 917084] CVE-2013-0253 maven: all SSL certificate checking is disabled by default
by Red Hat Bugzilla
Product: Security Response
https://bugzilla.redhat.com/show_bug.cgi?id=917084
Vincent Danen <vdanen(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Flags|needinfo?(vdanen(a)redhat.com |
|) |
--- Comment #3 from Vincent Danen <vdanen(a)redhat.com> ---
It sounds as though it's a combination of Maven 3.0.4 and Maven Wagon 2.x but I
can't be 100% sure (and as per your comment in the fedora tracking bug, I don't
have a reproducer although I suspect if you pointed it a host with an invalid
certificate you would know (or have the cert specified for host.com and point
Maven to cname.com (cname for host.com) so that Maven is connecting to
cname.com with a certificate specifying host.com) would be sufficient to check.
The bug was more to bump Maven to 3.0.5 (from 3.0.4) and not necessarily also
bump Maven Wagon (as the flaw is noted as being introduced in 3.0.4, I suspect
the flaw is more in Maven than Maven Wagon). Bumping Maven to 3.0.5 across all
versions of Fedora and leaving Maven Wagon untouched (keep it at 1.0) should be
sufficient to correct this.
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=mGJhWrR4TC&a=cc_unsubscribe
11 years, 3 months
[javapackages] Add Maven section from guidelines
by Stanislav Ochotnicky
commit d2ac96ef6be373abd9da72d1c9352eabc1106180
Author: Stanislav Ochotnicky <sochotnicky(a)redhat.com>
Date: Wed Mar 6 17:17:59 2013 +0100
Add Maven section from guidelines
doc/index.txt | 160 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++-
1 files changed, 158 insertions(+), 2 deletions(-)
---
diff --git a/doc/index.txt b/doc/index.txt
index d5d73dc..6d73ffd 100644
--- a/doc/index.txt
+++ b/doc/index.txt
@@ -235,9 +235,165 @@ Lorem ipsum about build systems, differences, preferences etcetera.
Will probably include some information about <<Xdepmap,depmap>> files.
-=== Maven
-Loong section about maven
+=== Apache Maven ===
+
+[quote,,http://maven.apache.org]
+______
+Apache Maven is a software project management and comprehension tool. Based on
+the concept of a project object model (POM), Maven can manage a project's build,
+reporting and documentation from a central piece of information.
+______
+
+Maven is by far the most consistent Java build system, allowing large amount of
+automation. In most common situations only following steps are necessary:
+
+1. In `%build` section of the spec file use `%mvn_build` macro
+2. In `%install` section, use `%mvn_install` macro
+3. Use generated file `.mfiles` lists to populate `%files` section with `-f` switch
+
+.Common spec file sections
+[source,spec]
+--------
+BuildRequires: maven-local
+...
+%build
+%mvn_build
+...
+
+%install
+%mvn_install
+...
+
+
+%files -f .mfiles
+%dir %{_javadir}/%{name}
+
+%files javadoc -f .mfiles-javadoc
+-------
+
+
+The macros `%mvn_build` and `%mvn_install` automatically handle building of the
+JAR files and their subsequent installation to the correct directory. The
+corresponding POM and <<Xdepmap,depmap>> files are also installed.
+
+==== Additional mappings ====
+[[pom_jar_mapping]]
+
+The macro `%mvn_alias` can be used to add additional mappings for given POM/JAR
+file. For example, if the POM file indicates that it contains groupId
+commons-lang, artifactId commons-lang, this macro ensures that we also add a
+mapping between groupId org.apache.commons and the installed JAR/POM files. This
+is necessary in cases where the groupId or artifactId may have changed, and
+other packages might require different IDs than those reflected in the installed
+POM.
+
+.Adding more mappings for JAR/POM files example
+[source,spec]
+-------
+%prep
+...
+%mvn_alias "commons-lang:commons-lang" "org.apache.commons:commons-lang"
+-------
+
+==== Alternative JAR file names ====
+In some cases, it may be important to be able to provide symlinks to actual JAR
+files. This can be achieved with `%mvn_file` macro. This macro allows packager
+to specify names of the JAR files, their location in `%{_javadir}` directory and
+also can create symlinks to the JAR files. These symlinks can be possibly
+located outside of the `%{_javadir}` directory.
+
+.Adding file symlinks to compatibility
+[source,spec]
+-------
+%prep
+...
+%mvn_file :guice google/guice guice
+-------
+
+This means that JAR file for artifact with ID "guice" (and any groupId) will be
+installed in `%{_javadir}/google/guice.jar` and there also will be a symlink to
+this JAR file located in `%{_javadir}/guice.jar`. Note the macro will add ".jar"
+extensions automatically.
+
+==== Single artifact per package ====
+If the project consists of multiple artifacts, it is recommended to install each
+artifact to the separate subpackage. The macro `%mvn_build -s` will generate
+separate `.mfiles` file for every artifact in the project. This file contains
+list of files related to specific artifact (typically JAR file, POM file and
+depmap). It can be later used in `%files` section of the spec file.
+
+.Creating one subpackage for each generated artifact
+[source,spec]
+-------
+...
+%description
+The Maven Plugin Tools contains...
+
+%package -n maven-plugin-annotations
+Summary: Maven Plugin Java 5 Annotations
+
+%description -n maven-plugin-annotations
+This package contains Java 5 annotations to use in Mojos.
+
+%package -n maven-plugin-plugin
+Summary: Maven Plugin Plugin
+
+%description -n maven-plugin-plugin
+The Plugin Plugin is used to...
+...
+
+%build
+%mvn_build -s
+
+%install
+%mvn_install
+
+%files -f .mfiles-maven-plugin-tools
+%doc LICENSE NOTICE
+%files -n maven-plugin-annotations -f .mfiles-maven-plugin-annotations
+%files -n maven-plugin-plugin -f .mfiles-maven-plugin-plugin
+%files -f .mfiles-javadoc
+...
+-------
+
+==== Assignment of the Maven artifacts to the subpackages ====
+The macro `%mvn_package` allows maintainer to specify in which exact package the
+selected artifact will end up. It is something between singleton packaging, when
+each artifact has its own subpackage and default packaging, when all artifacts
+end up in the same package.
+
+.Assigning multiple artifacts to single subpackage
+[source,spec]
+-------
+...
+%prep
+%mvn_package ":plexus-compiler-jikes" plexus-compiler-extras
+%mvn_package ":plexus-compiler-eclipse" plexus-compiler-extras
+%mvn_package ":plexus-compiler-csharp" plexus-compiler-extras
+
+%build
+%mvn_build
+
+%install
+%mvn_install
+
+%files -f .mfiles
+%files -f .mfiles-plexus-compiler-extras
+%files -f .mfiles-javadoc
+-------
+
+In above example, the artifacts `plexus-compiler-jikes`,
+`plexus-compiler-eclipse`, `plexus-compiler-csharp` will end up in package named
+`plexus-compiler-extras`. If there are some other artifacts beside these three
+mentioned (e.g. some parent POMs), then these will all end up in package named
+`%{name}`.
+
+[TIP]
+======
+`%mvn_package` macro supports wildcards and brace expansions, so whole `%prep` section from previous example can be replaced with single line:
+`%mvn_package ":plexus-compiler-{jikes,eclipse,csharp}" plexus-compiler-extras
+======
.XMvn package relationships
image:images/xmvn.svg["XMvn related packages",width=600]
11 years, 3 months
[javapackages] asciidoc actually handles spec highlighting fine so use it
by Stanislav Ochotnicky
commit 8388f6ee4a7ac045a5c6358556440ebaad71c481
Author: Stanislav Ochotnicky <sochotnicky(a)redhat.com>
Date: Wed Mar 6 17:16:59 2013 +0100
asciidoc actually handles spec highlighting fine so use it
doc/index.txt | 20 ++++++++++----------
1 files changed, 10 insertions(+), 10 deletions(-)
---
diff --git a/doc/index.txt b/doc/index.txt
index 90a9423..d5d73dc 100644
--- a/doc/index.txt
+++ b/doc/index.txt
@@ -51,7 +51,7 @@ macros. Below are some examples added for convenience.
Often dependencies specified in Maven `pom.xml` files need to be removed because of different reasons. `%pom_remove_dep` macro can be used to ease this task:
.Removing dependencies from pom.xml files
-[source,bash]
+[source,spec]
--------
# Removes dependency on groupId:artifactId from ./pom.xml
%pom_remove_dep groupId:artifactId
@@ -72,7 +72,7 @@ Often dependencies specified in Maven `pom.xml` files need to be removed because
`%pom_remove_plugin` macro works exactly as `%pom_remove_dep`, except it removes Maven plugin invocations. Some examples:
.Removing Maven plugins from pom.xml files
-[source,bash]
+[source,spec]
--------
# Disables maven-jar-plugin so that classpath isn't included in manifests
%pom_remove_plugin :maven-jar-plugin
@@ -86,7 +86,7 @@ reasons and there is a need to disable them. This can be achieved by using
`%pom_disable_module`, for example:
.Disabling specific project modules
-[source,bash]
+[source,spec]
--------
# Disables child-module-1, a submodule of the main pom.xml file
%pom_disable_module child-module-1
@@ -104,7 +104,7 @@ link:http://www.w3.org/TR/xml/[XML] code to any `pom.xml` file. Below you can fi
some examples for these macros.
.Less common pom.xml modifications
-[source,bash]
+[source,spec]
--------
# Removes parent definition
%pom_xpath_remove "pom:parent"
@@ -154,7 +154,7 @@ and all pom files must be copied into `%{_mavenpomdir}` and given
file names of the following form, where `jarname` is the name of the
jar without the .jar suffix:
-[source,bash]
+[source,spec]
--------
%{_mavenpomdir}/JPP[.subdirectory]-jarname.pom
--------
@@ -175,7 +175,7 @@ poms -- the same convention should be followed:
In its simplest form (a pom without a jar file), `%add_maven_depmap` looks like this:
.Parent pom
-[source,bash]
+[source,spec]
--------
%add_maven_depmap JPP-%{name}.pom
--------
@@ -187,7 +187,7 @@ groupId and artifactId inside the pom file and the pom file placed into
For a pom that maps directly to a jar file, the following is the correct form:
.Standard invocation
-[source,bash]
+[source,spec]
--------
%add_maven_depmap JPP-%{name}.pom %{name}.jar
--------
@@ -196,7 +196,7 @@ In addition to creating the pom mapping, this will also ensure that the correct
jar is associated with the groupId and artifactId from the pom.
.Providing additional artifact mappings
-[source,bash]
+[source,spec]
--------
%add_maven_depmap JPP-%{name}.pom %{name}.jar -a "org.apache.commons:commons-lang"
--------
@@ -208,7 +208,7 @@ where the groupId or artifactId may have changed, and other packages might
require different IDs than those reflected in the installed pom.
.Multiple subpackages
-[source,bash]
+[source,spec]
--------
%add_maven_depmap JPP-%{name}.pom %{name}.jar -f "XXX"
--------
@@ -217,7 +217,7 @@ instead of standard location. This is useful for packages with multiple
subpackages where each has its own jar files.
.Multiple artifacts in a subdirectory
-[source,bash]
+[source,spec]
--------
%add_maven_depmap JPP.%{name}-sub.pom %{name}/sub.jar
--------
11 years, 3 months