Is there a way to tell Ivy to prefer the latest version of a particular library among the transitive dependencies, without turning the transitive dependency into a direct dependency?
After retrieving the artifacts required for a build I end up with two versions of the same library, both as transitive dependencies. I've run a report so I know where the libraries are coming from but I'd prefer not to end up with references to transitive libraries in my ivy.xml file.
The Ivy manual states "If no specific conflict manager is defined, a default conflict manager is used for all modules. The current default conflict manager is the 'latest-revision' conflict manager". Apparently that doesn't apply to transitive dependencies.
Is there a way achieve what I want without directly referencing transitive libraries?
Transitive dependencies are dependencies of your dependencies, so conflicts can occur when one or more versions of the same library are referenced. This is where the conflict manager functionality kicks in. By default, ivy will choose the most recent version, working on the assumption that most libraries are backwardly compatible. If you review the report generated by the report task you'll see the other version(s) marked as "evicted".
Your question appears to put forward an alternative mode of operation? Perhaps an example would help.
Related
From the site https://wiki.eclipse.org/Tycho/Target_Platform, I infer the following:
If the 'repositories' section contains a p2 repository, everything inside that repository is automatically considered part of the target platform as far as Tycho is concerned.
If a target definition file is referenced, everything inside that target definition file is considered part of the target platform as far as tycho is concerned.
Let's say that I have a repository under 'repositories' that points to http://download.eclipse.org/releases/indigo like in the example. Furthermore, I declare a target definition file that points to http://download.eclipse.org/releases/helios instead.
In Eclipse, developers then use the target definition file as the target platform. For dependencies in individual plug-in projects no version is defined, since the versions of the bundles are already defined by the target definition file.
The question: Will Tycho build using Indigo or Helios versions?
The target platform will contain both content from Indigo and Helios. Quoting the Target Platform wiki page:
In case multiple target platform configuration approaches are combined, the target platform contains the union of the content defined through each approach.
So for the dependency resolution, Tycho could either use Indigo bundles, or Helios bundles, or a mixture of these.
The resolution is based on the p2 planner which finds a valid solution to satisfy the requirements. In case there are multiple solutions, the p2 planner has a preference towards later bundle versions and a small set of transitive dependencies. These preferences often contradict each other, e.g. when a later version of a bundle has a larger set of transitive dependencies. So in general it is hard to predict which versions are picked in such a case.
So, if you need to know what your bundles are compiled against, use a target platform which appropriately restricts the available versions.
The POM for org.apache.cxf:cxf:jar:2.4.2 is invalid, transitive dependencies (if any) will not be available
It seems like the .pm file that captures the dependency information got corrupted (either when dowloading or is already corrupted in the central repository). Try a different version
Hi i have a quite simple question about maven dependency. I have 2 modules of one project. So first module is dependent on second. Second module has dependencies on some libs. Second module can be itself installed as standalone app. So when i build the project the first war will contain packaged second module as well as all libs that second module depends on.
I need that when i package first module the second module should be included without it's dependencies. How it is possible to manage?
Thx
I need that when i package first module the second module should be included without it's dependencies. How it is possible to manage?
Somehow, this is an hint that the dependencies of the 2nd module are provided when it gets packaged inside the war. IOW, declaring the dependencies of the 2nd module with a provided scope would do it, they wouldn't get pulled transitively.
Depending on how you create the standalone distribution of the 2nd module, you might need to combine dependencies scope with profiles, or not. Can't say since you didn't say anything about this :)
References
Dependency Scope
Is there a way to specify the artifact version outside of the POM file?
I have 2 CI projects that build an artifact. One builds a "stable" development version from a 'develop' branch and the other builds an unstable version which is the result of merging all active feature branches into the develop branch. I want the stable version to build as xyz-1.0.jar and the integration build to go in as xyz-1.0-SNAPSHOT.jar. Is there a way for the CI job to run a maven task or specify via the command line if a release or snapshot jar should be built without manually modifying the POM? Currently I have the version specified as 1.0 in the pom. I considered using the release plugin but I don't want the automatic version number increase and tagging that it does.
Short answer: no. And here are some additional remarks:
It doesn't make much sense to use a "released" version (i.e. non SNAPSHOT) for a branch under CI since released versions are not downloaded again even if a newer version is available.
Released versions should be tagged (e.g. 1.0), maintenance is done is in a branch derived from the tag (e.g. 1.0.1-SNAPSHOT).
If you want to distinguish versions built from different branches, use different versions in the POMs.
I was able to accomplish this by using a property in my POM and then overriding it via the command line.
pom.xml:
...
<version>${artifactVersion}</version>
<properties>
<artifactVersion>1.0</artifactVersion> <!-- default version -->
</properties>
...
Then overriding with mvn -DartifactVersion=1.0-SNAPSHOT package
But Pascal's answer above is more in line with what I was really asking. My solution is more of a workaround I feel.
You should be able to achieve this using maven profiles
Suppose, I have an opensource project that depends on some library, that must be patched in order to fix some issues. How do I do that? My ideas are:
Have that library sources set up as a module, keep them in my vcs. Pros: simple. Cons: some third party sources in my repo, might slow down build process, hard to find a patched place (though can be fixed in README)
Have a module, like in 1, but keep patched source files only, compile them with orignal library jar in classpath and somehow replace *.class files in library jar on build. Pros: builds faster, easy to find patched places. Cons: hard to configure, that jar hackery is non-obvious (library jar in repository and in my project assembly would be different)
Keep patched *.class files in main/resources, and replace on packaging like in 2). Pros: almost none. Cons: binaries in vcs, hard to recompile a patched class as patch compilation is not automated.
One nice solution is to create a distinct project with patched library sources, and deploy it on local/enterprise repository with -patched qualifier. But that would not fit for an opensourced project that is meant to be easily buildable by anyone who checks out its sources. Or should I just say "and also, before you build my project, please check out that stuff and run mvn install".
One nice solution is to create a distinct project with patched library sources, and deploy it on local/enterprise repository with -patched qualifier. But that would not fit for an opensourced project that is meant to be easily buildable by anyone who checks out its sources. Or should I just say "and also, before you build my project, please check out that stuff and run mvn install".
This is what I would do (and actually what I do) for both a corporate and an opensource project. Get the sources, put them under version control in a distinct project, patch them, rebuild the patched library (and include this information in the version, something like X.Y.Z-patched), deploy it to a repository (you could use SVN for this, a la Google Code1), declare the repository in your POM and update the dependency to point on your patched version.
With this approach, you can say to your users: check out my code and run mvn install and they will just get the patched version without any extra action. This is IMHO the cleanest way (not error prone, no class path order mess, no increase of the build time, etc).
1 Lots of people are deploying their code to their hosted subversion repository (how-to in this post).
One nice solution is to create a distinct project with patched library sources, and deploy it on local/enterprise repository with -patched qualifier. But that would not fit for an opensourced project that is meant to be easily buildable by anyone who checks out its sources. Or should I just say "and also, before you build my project, please check out that stuff and run mvn install".
I'd agree with this and Pascal's answer. Some additional notes:
you may use dependency:unpack on the original artifact and then combine that with your compiled classes if you don't want to rebuild the whole dependant project
in either case, your pom.xml will need to correctly represent the dependencies of that library
you can still integrate this as part of your project's build to avoid the 'deploy to a repository' step
make sure you honour the constraints of the project's license when doing all this!