Maven
  1. Maven
  2. MNG-2399

file size check on pom.xml (or thing specified by --file opt) should only apply to regular files (patch attached)

    Details

    • Type: Bug Bug
    • Status: Closed Closed
    • Priority: Minor Minor
    • Resolution: Won't Fix
    • Affects Version/s: 2.0.4
    • Fix Version/s: None
    • Component/s: Command Line, General
    • Labels:
      None
    • Complexity:
      Intermediate
    • Patch Submitted:
      Yes
    • Number of attachments :
      3

      Description

      The file size check in maven-core/.../org/apache/maven/DefaultMaven.java is applied too aggressively. In particular, it should only be applied to regular files; when reading from a unix named pipe (probably other platform-specific devices, too) we may not be able to determine the file size prior to reading the data.

      The real-world motiviation from this is the attached 'mvn-get-plugin' bash script, which wants to pipe a dummy pom.xml file to mvn on stdin (by specifying /dev/stdin as the argument to the mvn --file command line option).

      Once I submit this issue and have the issue number, I'll attach two patches, one against the maven svn trunk, and one against the maven-2.0.4 tag.

      1. MNG-2399-maven-core-2.0.4.patch
        0.9 kB
        Alan D. Salewski
      2. MNG-2399-maven-core-trunk.patch
        0.9 kB
        Alan D. Salewski
      3. mvn-get-plugin
        10 kB
        Alan D. Salewski

        Activity

        Hide
        Alan D. Salewski added a comment -

        Attaching two patches indicated in original bug report (one against the trunk, one against the maven-2.0.4 tag).

        When using mvn-2.0.4 without the patch, maven attempts to fail early by detecting an empty pom.xml. However, this check is only valid for "regular" files. Here's the output when used with stock mvn-2.0.4:

        /tmp/mtmp2$ echo $M2_HOME
        /usr/local/maven-2.0.4
        /tmp/mtmp2$ type -all mvn
        mvn is /usr/local/maven-2.0.4/bin/mvn
        /tmp/mtmp2$ rm -fr ~/.m2/repository/org/apache/maven/plugins/maven-idea-plugin
        /tmp/mtmp2$ cat /tmp/dummy-pom.xml
        <?xml version="1.0" ?>
        <project>
          <modelVersion>4.0.0</modelVersion>
          <groupId>foo.bar.baz</groupId>
          <artifactId>fooshizzle</artifactId>
          <name>Dummy Project for Retrieving and Installing maven-idea-plugin</name>
          <version>does-not-matter</version>
          <build>
            <plugins>
              <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-idea-plugin</artifactId>
              </plugin>
            </plugins>
          </build>
        </project>
        /tmp/mtmp2$ cat /tmp/dummy-pom.xml | mvn --file /dev/stdin validate
        [INFO] Scanning for projects...
        [INFO] ------------------------------------------------------------------------
        [ERROR] FATAL ERROR
        [INFO] ------------------------------------------------------------------------
        [INFO] Error building POM (may not be this project's POM).
        
        
        Project ID: unknown
        
        Reason: The file /dev/stdin you specified has zero length.
        
        
        [INFO] ------------------------------------------------------------------------
        [INFO] Trace
        org.apache.maven.reactor.MavenExecutionException: The file /dev/stdin you specified has zero length.
        	at org.apache.maven.DefaultMaven.getProjects(DefaultMaven.java:365)
        	at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:278)
        	at org.apache.maven.DefaultMaven.execute(DefaultMaven.java:115)
        	at org.apache.maven.cli.MavenCli.main(MavenCli.java:256)
        	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        	at java.lang.reflect.Method.invoke(Method.java:585)
        	at org.codehaus.classworlds.Launcher.launchEnhanced(Launcher.java:315)
        	at org.codehaus.classworlds.Launcher.launch(Launcher.java:255)
        	at org.codehaus.classworlds.Launcher.mainWithExitCode(Launcher.java:430)
        	at org.codehaus.classworlds.Launcher.main(Launcher.java:375)
        Caused by: org.apache.maven.project.ProjectBuildingException: The file /dev/stdin you specified has zero length.
        	at org.apache.maven.DefaultMaven.getProject(DefaultMaven.java:510)
        	at org.apache.maven.DefaultMaven.collectProjects(DefaultMaven.java:447)
        	at org.apache.maven.DefaultMaven.getProjects(DefaultMaven.java:351)
        	... 11 more
        [INFO] ------------------------------------------------------------------------
        [INFO] Total time: < 1 second
        [INFO] Finished at: Wed Jun 21 10:54:28 EDT 2006
        [INFO] Final Memory: 1M/2M
        [INFO] ------------------------------------------------------------------------
        /tmp/mtmp2$
        



        Here is the output of doing the same thing with a version of maven-2.0.4 with the attached patch applied:

        /tmp/mtmp2$ export M2_HOME=/tmp/maven-2.0.4-patched
        /tmp/mtmp2$ export PATH=${M2_HOME}/bin:$PATH
        /tmp/mtmp2$ type -all mvn
        mvn is /tmp/maven-2.0.4-patched/bin/mvn
        mvn is /usr/local/maven-2.0.4/bin/mvn
        /tmp/mtmp2$ 
        /tmp/mtmp2$ rm -fr ~/.m2/repository/org/apache/maven/plugins/maven-idea-plugin
        /tmp/mtmp2$ 
        /tmp/mtmp2$ cat /tmp/dummy-pom.xml 
        <?xml version="1.0" ?>
        <project>
          <modelVersion>4.0.0</modelVersion>
          <groupId>foo.bar.baz</groupId>
          <artifactId>fooshizzle</artifactId>
          <name>Dummy Project for Retrieving and Installing maven-idea-plugin</name>
          <version>does-not-matter</version>
          <build>
            <plugins>
              <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-idea-plugin</artifactId>
              </plugin>
            </plugins>
          </build>
        </project>
        /tmp/mtmp2$ 
        /tmp/mtmp2$ cat /tmp/dummy-pom.xml | mvn --file /dev/stdin validate
        [INFO] Scanning for projects...
        [INFO] ----------------------------------------------------------------------------
        [INFO] Building Dummy Project for Retrieving and Installing maven-idea-plugin
        [INFO]    task-segment: [validate]
        [INFO] ----------------------------------------------------------------------------
        [INFO] artifact org.apache.maven.plugins:maven-idea-plugin: checking for updates from central
        Downloading: http://my.mvn.proxy.server/maven2Proxy/repository/org/apache/maven/plugins/maven-idea-plugin/2.0/maven-idea-plugin-2.0.pom
        2/2K
        2K downloaded
        Downloading: http://my.mvn.proxy.server/maven2Proxy/repository/org/apache/maven/plugins/maven-idea-plugin/2.0/maven-idea-plugin-2.0.jar
        4/37K
        8/37K
        12/37K
        16/37K
        20/37K
        24/37K
        28/37K
        32/37K
        36/37K
        37/37K
        37K downloaded
        [INFO] No goals needed for project - skipping
        [INFO] ------------------------------------------------------------------------
        [INFO] BUILD SUCCESSFUL
        [INFO] ------------------------------------------------------------------------
        [INFO] Total time: < 1 second
        [INFO] Finished at: Wed Jun 21 11:05:07 EDT 2006
        [INFO] Final Memory: 1M/3M
        [INFO] ------------------------------------------------------------------------
        /tmp/mtmp2$
        
        Show
        Alan D. Salewski added a comment - Attaching two patches indicated in original bug report (one against the trunk, one against the maven-2.0.4 tag). When using mvn-2.0.4 without the patch, maven attempts to fail early by detecting an empty pom.xml . However, this check is only valid for "regular" files. Here's the output when used with stock mvn-2.0.4 : /tmp/mtmp2$ echo $M2_HOME /usr/local/maven-2.0.4 /tmp/mtmp2$ type -all mvn mvn is /usr/local/maven-2.0.4/bin/mvn /tmp/mtmp2$ rm -fr ~/.m2/repository/org/apache/maven/plugins/maven-idea-plugin /tmp/mtmp2$ cat /tmp/dummy-pom.xml <?xml version="1.0" ?> <project> <modelVersion>4.0.0</modelVersion> <groupId>foo.bar.baz</groupId> <artifactId>fooshizzle</artifactId> <name>Dummy Project for Retrieving and Installing maven-idea-plugin</name> <version>does-not-matter</version> <build> <plugins> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-idea-plugin</artifactId> </plugin> </plugins> </build> </project> /tmp/mtmp2$ cat /tmp/dummy-pom.xml | mvn --file /dev/stdin validate [INFO] Scanning for projects... [INFO] ------------------------------------------------------------------------ [ERROR] FATAL ERROR [INFO] ------------------------------------------------------------------------ [INFO] Error building POM (may not be this project's POM). Project ID: unknown Reason: The file /dev/stdin you specified has zero length. [INFO] ------------------------------------------------------------------------ [INFO] Trace org.apache.maven.reactor.MavenExecutionException: The file /dev/stdin you specified has zero length. at org.apache.maven.DefaultMaven.getProjects(DefaultMaven.java:365) at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:278) at org.apache.maven.DefaultMaven.execute(DefaultMaven.java:115) at org.apache.maven.cli.MavenCli.main(MavenCli.java:256) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:585) at org.codehaus.classworlds.Launcher.launchEnhanced(Launcher.java:315) at org.codehaus.classworlds.Launcher.launch(Launcher.java:255) at org.codehaus.classworlds.Launcher.mainWithExitCode(Launcher.java:430) at org.codehaus.classworlds.Launcher.main(Launcher.java:375) Caused by: org.apache.maven.project.ProjectBuildingException: The file /dev/stdin you specified has zero length. at org.apache.maven.DefaultMaven.getProject(DefaultMaven.java:510) at org.apache.maven.DefaultMaven.collectProjects(DefaultMaven.java:447) at org.apache.maven.DefaultMaven.getProjects(DefaultMaven.java:351) ... 11 more [INFO] ------------------------------------------------------------------------ [INFO] Total time: < 1 second [INFO] Finished at: Wed Jun 21 10:54:28 EDT 2006 [INFO] Final Memory: 1M/2M [INFO] ------------------------------------------------------------------------ /tmp/mtmp2$ Here is the output of doing the same thing with a version of maven-2.0.4 with the attached patch applied: /tmp/mtmp2$ export M2_HOME=/tmp/maven-2.0.4-patched /tmp/mtmp2$ export PATH=${M2_HOME}/bin:$PATH /tmp/mtmp2$ type -all mvn mvn is /tmp/maven-2.0.4-patched/bin/mvn mvn is /usr/local/maven-2.0.4/bin/mvn /tmp/mtmp2$ /tmp/mtmp2$ rm -fr ~/.m2/repository/org/apache/maven/plugins/maven-idea-plugin /tmp/mtmp2$ /tmp/mtmp2$ cat /tmp/dummy-pom.xml <?xml version="1.0" ?> <project> <modelVersion>4.0.0</modelVersion> <groupId>foo.bar.baz</groupId> <artifactId>fooshizzle</artifactId> <name>Dummy Project for Retrieving and Installing maven-idea-plugin</name> <version>does-not-matter</version> <build> <plugins> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-idea-plugin</artifactId> </plugin> </plugins> </build> </project> /tmp/mtmp2$ /tmp/mtmp2$ cat /tmp/dummy-pom.xml | mvn --file /dev/stdin validate [INFO] Scanning for projects... [INFO] ---------------------------------------------------------------------------- [INFO] Building Dummy Project for Retrieving and Installing maven-idea-plugin [INFO] task-segment: [validate] [INFO] ---------------------------------------------------------------------------- [INFO] artifact org.apache.maven.plugins:maven-idea-plugin: checking for updates from central Downloading: http://my.mvn.proxy.server/maven2Proxy/repository/org/apache/maven/plugins/maven-idea-plugin/2.0/maven-idea-plugin-2.0.pom 2/2K 2K downloaded Downloading: http://my.mvn.proxy.server/maven2Proxy/repository/org/apache/maven/plugins/maven-idea-plugin/2.0/maven-idea-plugin-2.0.jar 4/37K 8/37K 12/37K 16/37K 20/37K 24/37K 28/37K 32/37K 36/37K 37/37K 37K downloaded [INFO] No goals needed for project - skipping [INFO] ------------------------------------------------------------------------ [INFO] BUILD SUCCESSFUL [INFO] ------------------------------------------------------------------------ [INFO] Total time: < 1 second [INFO] Finished at: Wed Jun 21 11:05:07 EDT 2006 [INFO] Final Memory: 1M/3M [INFO] ------------------------------------------------------------------------ /tmp/mtmp2$
        Hide
        Jason van Zyl added a comment -

        The pom.xml should be a file. Not sure why this would ever be useful like having a POM be a named pipe. You would create a different builder if you wanted to use a different source.

        Show
        Jason van Zyl added a comment - The pom.xml should be a file. Not sure why this would ever be useful like having a POM be a named pipe. You would create a different builder if you wanted to use a different source.
        Hide
        Alan D. Salewski added a comment -

        Well, one reason for reading the pom from a named pipe is that it facilitates using 'mvn' from within shell scripts for performing tasks that leverage built-in maven capabilities. For example, the attached 'mvn-get-plugin' script retrieves and installs one or more maven plugins using a shell "here" document for the POM:

        ...
            mvn --file /dev/stdin validate <<EOF
        <project>
          <modelVersion>4.0.0</modelVersion>
          <groupId>foo.bar.baz</groupId>
          <artifactId>fooshizzle</artifactId>
          <name>Dummy Project for Retrieving and Installing ${plugin_name}</name>
          <version>does-not-matter</version>
          <build>
            <plugins>
              <plugin>
                <groupId>${plugin_group_id}</groupId>
                <artifactId>${plugin_name}</artifactId>
                ${plugin_version_elem}
              </plugin>
            </plugins>
          </build>
        </project>
        EOF
        ...
        

        It does this without creating any temporary files, which simplifies the program (there are no temporary file security bugs to worry about; there is no temporary directory to clean up when the program ends or when a signal is received, etc).

        More generally, though, not fixing the issue leaves an arbitrary limitation in the program, and violates the principle of least surprise (encountering an error when attempting to specify '/dev/stdin' as an argument to the '--file' option is what lead me to investigate the issue in the first place). One of the strengths of unix command line tools is that they are of general use and expected to be used in combination with other tools, even in ways that their original authors did not foresee. There is no benefit of leaving this easily addressed issue in maven, only an arbitrary limitation.

        Some examples:

        $ make -f /dev/stdin <<EOF
        > all:
        >       @echo "hello from stdin"
        > EOF
        hello from stdin
        
        $ ant -buildfile /dev/stdin <<EOF
        > <project><echo>hello from stdin</echo></project>
        > EOF
        Buildfile: /dev/stdin
             [echo] hello from stdin
        
        BUILD SUCCESSFUL
        Total time: 0 seconds
        

        And in case it gives anyone a warm and fuzzy, over the past year I've run maven 2.0.4, 2.0.5, and now 2.0.6 with the originally attached (simple) patch without any problems.

        Show
        Alan D. Salewski added a comment - Well, one reason for reading the pom from a named pipe is that it facilitates using ' mvn ' from within shell scripts for performing tasks that leverage built-in maven capabilities. For example, the attached ' mvn-get-plugin ' script retrieves and installs one or more maven plugins using a shell "here" document for the POM: ... mvn --file /dev/stdin validate <<EOF <project> <modelVersion>4.0.0</modelVersion> <groupId>foo.bar.baz</groupId> <artifactId>fooshizzle</artifactId> <name>Dummy Project for Retrieving and Installing ${plugin_name}</name> <version>does-not-matter</version> <build> <plugins> <plugin> <groupId>${plugin_group_id}</groupId> <artifactId>${plugin_name}</artifactId> ${plugin_version_elem} </plugin> </plugins> </build> </project> EOF ... It does this without creating any temporary files, which simplifies the program (there are no temporary file security bugs to worry about; there is no temporary directory to clean up when the program ends or when a signal is received, etc). More generally, though, not fixing the issue leaves an arbitrary limitation in the program, and violates the principle of least surprise (encountering an error when attempting to specify ' /dev/stdin ' as an argument to the ' --file ' option is what lead me to investigate the issue in the first place). One of the strengths of unix command line tools is that they are of general use and expected to be used in combination with other tools, even in ways that their original authors did not foresee. There is no benefit of leaving this easily addressed issue in maven, only an arbitrary limitation. Some examples: $ make -f /dev/stdin <<EOF > all: > @echo "hello from stdin" > EOF hello from stdin $ ant -buildfile /dev/stdin <<EOF > <project><echo>hello from stdin</echo></project> > EOF Buildfile: /dev/stdin [echo] hello from stdin BUILD SUCCESSFUL Total time: 0 seconds And in case it gives anyone a warm and fuzzy, over the past year I've run maven 2.0.4, 2.0.5, and now 2.0.6 with the originally attached (simple) patch without any problems.
        Hide
        Brett Porter added a comment -

        I personally have no objection to making this work, but the patch doesn't appear to be enough for me. I get:

        Project ID: unknown
        POM Location: /dev/stdin

        Reason: Not a v4.0.0 POM. for project unknown at /dev/stdin

        And among other things, Maven assumes the basedir is /dev (instead of retaining user.dir).

        I think the patch will need to be more comprehensive...

        Show
        Brett Porter added a comment - I personally have no objection to making this work, but the patch doesn't appear to be enough for me. I get: Project ID: unknown POM Location: /dev/stdin Reason: Not a v4.0.0 POM. for project unknown at /dev/stdin And among other things, Maven assumes the basedir is /dev (instead of retaining user.dir). I think the patch will need to be more comprehensive...
        Hide
        Jason van Zyl added a comment -

        Is it really that hard to generate the POM first? And I'm not sure this great usage pattern.

        Show
        Jason van Zyl added a comment - Is it really that hard to generate the POM first? And I'm not sure this great usage pattern.

          People

          • Assignee:
            Unassigned
            Reporter:
            Alan D. Salewski
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: