I have this log4j-1.2.12.jar file in my jenkins server
Path to it: /data/jenkins/.m2/repository/log4j/log4j/1.2.12/log4j-1.2.12.jar I got this Apache Log4j Unsupported Version Detection message from security team, how to resolve this I tried downloading the latest version but it is something like this log4j-api-2.19.0.jar
No, it's not "in Jenkins", more accurately, log4j is not a part of Jenkins. Jenkins consumes its jars from the exploded war in ${JENKINS_HOME}/war/WEB-INF/lib. It is not located there.
If a plugin consumes log4j, that would be found within the exploded plugin directory at ${JENKINS_HOME}/plugins/<plugin_name>/WEB-INF/lib. The status of log4j as it related to most plugins was tracked under JENKINS-67353.
What you are referencing is the maven local repository, .m2/repository. This structure is created when running a maven build on the controller; the dependency jars specified in (one of) your build's pom.xml.
The guidance in the comments is correct; find the appropriate pom.xml and update it, then rebuild.
You can verify these claims by deleting the entire .m2 directory (or moving / zip;delete if you are paranoid) and restarting Jenkins. You'll discover Jenkins is running fine and the directory remains empty. Run your maven jobs and it will repopulate, including log4j-1.2.12.jar, assuming it's still specified in your pom.xml. Fix your maven pom.xml, delete the directory, rerun your jobs and it should not reappear.
Perhaps you have already updated your pom.xml but never cleared out your local maven repository, then it will not repopulate (you could check the timestamp of the directory to know when it was first/last downloaded).
You can also delete referenced portions of the repository by specifying mvn dependency:purge-local-repository and adding -DreResolve=false to avoid re-resolving. Of course, if you've already updated the pom.xml, it would remain since it's not referenced in the pom.xml` (yes, it would be nice if there was an option to purge all or most of a repository or all version of a given jar, but ...).
Related
Currently I try to configure Jenkins, so I can do my release builds automatically. It should change the version number from SNAPSHOT to a release version, and do all the SVN commit stuff. After this is done, it should switch it back to a new SNAPSHOT version and commit it, too. Before I switched from maven to gradle, the same plugin worked correctly.
I already created a gradle build, that works correctly. It is reading the version from the property "version" in the gradle.properties file. This version is the one that is used in the gradle build. It's also possible to run "artifactoryPublish" to publish the JAR to my artifactory.
The problem:
When I open the dialog "Artifactory Pro Release Staging" (http://imgur.com/T44BtQB) it is not filling the fields "Release version", "Next development version", and none of the other fields. If I fill the fields by hand, everything is working correctly. As well the version in gradle.properties is changed and checked in correctly.
How could I solve this problem?
Used Versions:
Jenkins Version 2.7.1
JFrog Artifactory 4.7.4 rev 40169 (free version)
Jenkins Artifactory Plugin 2.6.0 (https://wiki.jenkins-ci.org/display/JENKINS/Jenkins+Artifactory+Plugin+-+Release+Management)
Gradle 2.14.1
Thanks!
According to your description, when you access the "Artifactory Release Staging" page, the "Release version" and "Next development version" fields are empty. This might be because you did not define the property names for your version and next development version in your Jenkins job configuration.
Here's how you do it:
1. Open your gradle.properties file and find the name of your version property. For example, if your gradle.properties contains:
version=1.2-SNAPSHOT
then the name is "version".
2. Open your Jenkins job configuration, and put "version" in the "Release property" and "Next development properly" text fields. You should find them under the "Release Staging" configuration.
Now, the Artifactory Release Staging page should know where to take your versions from. This configuration is not required when using Artifactory Release Staging for Maven, because in Maven the version can be found at one place only - in the pom file.
Hope this helps
The way I see it, it seems your gradle.properties could not be committed with the rest of your files with SVN. Can you check this?
If it is committed and is effectively present with all the other source files when Jenkins executes the build job, it may be worth ensuring that the Jenkins build job is looking for the gradle.properties file at the right place. The Gradle plugin's default behaviour is to search for the gradle.properties file at the root of each project. If that's not where your gradle.properties file is, you may want to set the path manually. To do so, add the following under 'switches', in your Jenkins job:
-Dgradle.user.home=$HOME/.gradle
Let me know if this helps.
possibly this happens due to the below reason, while reading the properties
File permission - check the file group and owner in the work-space where your gradle.properties is located
2.(Not sure on details, it helped me in resolving) After updating the correct file owner group, removed the version property from jenkins artifactory release management section and triggered the build and once it is successful and included the version in jenkins artifactory release management section and triggered the build and it solved the problem.
I have a number of Gradle builds that work very well from the command line, from buildship, etc.
However now I am porting them to a Jenkins system. And it is producing some very strange results. I'm pretty much a total newbie to Jenkins, so this may have an easy answer. So far I haven't found it.
I am using the Gradle Plugin for Jenkins, v.1.24 to configure my build in Jenkins. However, Jenkins (at least as I have it configured) organizes its build structure as {jenkins root}/data/jobs/{project_name}/workspace. When code is checked out of source control it is deposited in that directory, not in a directory named {project_name}.
Gradle seems to assume that the directory in which it is running names the project, and when I'm running outside of Jenkins this assumption is true. The name of the project that Gradle sees is the name of the project that was checked out from source control. Project.name is a gettable but not a settable property of a gradle Project. So in the Jenkins case, the archives that gradle builds are named workspace* rather than {project_name}*. It is also named workspace in the repositories it publishes into. I must be missing something very obvious but for the life of me I cannot figure out what it is.
Has anyone grappled with this?
UPDATE - It appears that the problem is that the people who designed my Jenkins instance knew nothing about Gradle. The {jenkins root}/data/jobs/{project_name}/workspace layout that I described above is not required by Jenkins, but apparently was felt to be useful for some reason in some other, non-Gradle context. So the question becomes, where is the project layout set up in the Jenkins configuration - OR - can Gradle be modified somehow to assume a different project layout/naming strategy.
Set Manage Jenkins → Configure System → Advanced... (the one right at the top) → Workspace Root Directory: ${JENKINS_HOME}/workspace/${ITEM_FULLNAME}.
The inline help:
Specify where Jenkins would store job workspaces on the master node. (It has no effect on builds run on slaves.) This value can include the following variables.
${JENKINS_HOME} — Jenkins home directory.
${ITEM_ROOTDIR} — Root directory of a job for which the default workspace is allocated.
${ITEM_FULL_NAME} — '/'-separated job name, like "foo/bar".
Changing this value allows you to put workspaces on SSD, SCSI, or even ram disks. Default value is ${ITEM_ROOTDIR}/workspace.
.../jenkins/config.xml
...
<workspaceDir>${JENKINS_HOME}/workspace/${ITEM_FULLNAME}</workspaceDir>
...
Gradle seems to assume that the directory in which it is running names the project
Yes this is gradle's default behavior, but can be easily overridden. If it is just the output artifact name you're concerned about, override the jar name with:
jar{
baseName 'actualProjectName'
}
I have a question related to maven - generating a war. Please see below.
- In one of my project (war), I am using a 3rd party jar (-SNAPSHOT version) whose entry I have made into my project pom.xml. So far it gets bundled correctly into the project war.
- But we encountered one issue in one of the java file inside this jar. For which my developer took the source code for the jar and modified-compiled and updated the jar file into local maven_repo directory.
- But whenever I build the project using maven clean:install command, my updated jar gets deleted from my local maven-repo dir and a fresh copy is downloaded from remote maven repo (where the actual 3rd party jar resides).
Can someone please help on this how can I manage so that maven use my modified jar and does not replace it with old jar during build process.
I am using maven-3.2.5.
you can run maven offline by running with the "-o" argument.
Example:
mvn clean install -o
Keep in mind that this will affect all your other dependencies and your need to have all the dependencies in your local .m2 repository.
Here is another thread taking up the issue of running maven offline:
How do I configure Maven for offline development?
I am modifying the hadoop source code but when I do a compile in maven it downloads from the maven repository, which is causing problems as my changes are not always be used.
How can I get maven to not download some files from the repository at all, and just use what is in the local classpath?
I am using maven 3.0.4
The best way is to give to "hadoop source code" a different SNAPSHOT version or a different artifactId and refer to it.
However, I think it is a stupid answer.
You can set local settings to offline=true. http://maven.apache.org/ref/3.0.3/maven-settings/settings.html;
or use a repository manager (sucha as Nexus) http://maven.apache.org/repository-management.html and deploy to Repository
Update these properties inside of your POM file to disable updates of your dependencies.
enabled: true or false for whether this repository is enabled for the
respective type (releases or snapshots).
updatePolicy: This element specifies how often updates should
attempt to occur. Maven will compare the local POM's timestamp
(stored in a repository's maven-metadata file) to the remote. The
choices are: always, daily (default), interval:X (where X is an
integer in minutes) or never.
POM Reference - MAVEN Site
In my Maven repo (.m2). there is one my local jar like sub_app-0.1.jar.
I have same copy of the it in ivy-cache.
I run maven install on sub_app then new sub_app-0.1.jar file created.
After, I run grails clean and it not getting my new sub_app-0.1.jar from .m2.
But, if I remove (delete) sub_app-0.1.jar file from ivy-cache and run the grails clean then it is getting new sub_app-0.1.jar file into ivy-cache.
If I change the version in sub-app pom and grails pom and Grails is taking latest one. install again it not taking.
I tried by adding SNAPSHOT to sup-app jar even. Same result, first time it is taking, after not.
ie. Grails considering only jar name and version in ivy-cache, if having - it not take. If not having - it taking from .m2.
But it not considering new/old build.
How can I get the same behavior (step 5) in step 4 also?
UPDATED
You can try adding changing=true to your dependency in the BuildConfig.groovy, as specified in the Grails Guide
compile ('YOUR_GROUP_ID:YOUR_SUB_AP:0.1') {
changing = true
}
Not sure if this is the same problem as you, but I use Spring Source Tool Suite (STS) with a 'grails' project having a dependency on an 'interfaces' project (which just contains interfaces, beans, pojos, etc).
If I run a maven install on interfaces in STS, then maven correctly updated with latest jar (I use '-1.0-SNAPSHOT' as my version number).
If I then run a grails clean on my 'grails' project in STS, Grails correctly identifies the change of the interfaces jar (I have {changing=true} in BuildConfig.groovy), downloads the pom, but fails to download the jar as it cannot delete the jar from the ivy-cache. Looks like STS has a handle on the ivy-cache which prevents this.
As I inherited this project from another developer who informed me it was a bug/feature of Grails and/or STS, I've bowed to his knowledge and workaround this by either:
maven package instead of install on 'interfaces' then copy the latest jar to the ivy-cache. It seems STS will let me replace the contents of the jar. Then grails clean uses the latest jar from ivy-cache (no attempt to download from maven).
maven install on 'interfaces', close down STS, delete jar from ivy-cache, re-open STS, grails clean which downloads latest jar from maven.
Both workarounds as a pain, so I'd be interested if anyone has any ideas?
Grails not supports to get latest of same (group-id, artifact-id, version) jar even SNAPSHOT jar also.
Solutions:
Every-time, delete the sub-app-version.jar from ivy-cache. or
Every-time, change the version to next value(should be greater than current value) of the sub-app jar in pom.xml.
4 Configuration - Reference Documentation
Please read:
4.7.6 Snapshots and Other Changing Dependencies