file size check on pom.xml (or thing specified by --file opt) should only apply to regular files (patch attached)

Details

Type: Bug
Status: Closed
Priority: Minor
Resolution: Won't Fix
Affects Version/s: 2.0.4
Fix Version/s: None
Component/s: Command Line, General
Labels:
None

Complexity:
Intermediate
Patch Submitted:

Yes
Number of attachments :
3

Description

The file size check in maven-core/.../org/apache/maven/DefaultMaven.java is applied too aggressively. In particular, it should only be applied to regular files; when reading from a unix named pipe (probably other platform-specific devices, too) we may not be able to determine the file size prior to reading the data.

The real-world motiviation from this is the attached 'mvn-get-plugin' bash script, which wants to pipe a dummy pom.xml file to mvn on stdin (by specifying /dev/stdin as the argument to the mvn --file command line option).

Once I submit this issue and have the issue number, I'll attach two patches, one against the maven svn trunk, and one against the maven-2.0.4 tag.

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Download All

Attachments

MNG-2399-maven-core-2.0.4.patch

21/Jun/06 10:59 AM

0.9 kB

Alan D. Salewski
MNG-2399-maven-core-trunk.patch

21/Jun/06 10:59 AM

0.9 kB

Alan D. Salewski
mvn-get-plugin

21/Jun/06 10:46 AM

10 kB

Alan D. Salewski

Activity

Ascending order - Click to sort in descending order

Hide

Permalink

Alan D. Salewski added a comment - 21/Jun/06 10:59 AM

Attaching two patches indicated in original bug report (one against the trunk, one against the maven-2.0.4 tag).

When using mvn-2.0.4 without the patch, maven attempts to fail early by detecting an empty pom.xml. However, this check is only valid for "regular" files. Here's the output when used with stock mvn-2.0.4:

/tmp/mtmp2$ echo $M2_HOME
/usr/local/maven-2.0.4
/tmp/mtmp2$ type -all mvn
mvn is /usr/local/maven-2.0.4/bin/mvn
/tmp/mtmp2$ rm -fr ~/.m2/repository/org/apache/maven/plugins/maven-idea-plugin
/tmp/mtmp2$ cat /tmp/dummy-pom.xml
<?xml version="1.0" ?>
<project>
  <modelVersion>4.0.0</modelVersion>
  <groupId>foo.bar.baz</groupId>
  <artifactId>fooshizzle</artifactId>
  <name>Dummy Project for Retrieving and Installing maven-idea-plugin</name>
  <version>does-not-matter</version>
  <build>
    <plugins>
      <plugin>
        <groupId>org.apache.maven.plugins</groupId>
        <artifactId>maven-idea-plugin</artifactId>
      </plugin>
    </plugins>
  </build>
</project>
/tmp/mtmp2$ cat /tmp/dummy-pom.xml | mvn --file /dev/stdin validate
[INFO] Scanning for projects...
[INFO] ------------------------------------------------------------------------
[ERROR] FATAL ERROR
[INFO] ------------------------------------------------------------------------
[INFO] Error building POM (may not be this project's POM).


Project ID: unknown

Reason: The file /dev/stdin you specified has zero length.


[INFO] ------------------------------------------------------------------------
[INFO] Trace
org.apache.maven.reactor.MavenExecutionException: The file /dev/stdin you specified has zero length.
	at org.apache.maven.DefaultMaven.getProjects(DefaultMaven.java:365)
	at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:278)
	at org.apache.maven.DefaultMaven.execute(DefaultMaven.java:115)
	at org.apache.maven.cli.MavenCli.main(MavenCli.java:256)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
	at java.lang.reflect.Method.invoke(Method.java:585)
	at org.codehaus.classworlds.Launcher.launchEnhanced(Launcher.java:315)
	at org.codehaus.classworlds.Launcher.launch(Launcher.java:255)
	at org.codehaus.classworlds.Launcher.mainWithExitCode(Launcher.java:430)
	at org.codehaus.classworlds.Launcher.main(Launcher.java:375)
Caused by: org.apache.maven.project.ProjectBuildingException: The file /dev/stdin you specified has zero length.
	at org.apache.maven.DefaultMaven.getProject(DefaultMaven.java:510)
	at org.apache.maven.DefaultMaven.collectProjects(DefaultMaven.java:447)
	at org.apache.maven.DefaultMaven.getProjects(DefaultMaven.java:351)
	... 11 more
[INFO] ------------------------------------------------------------------------
[INFO] Total time: < 1 second
[INFO] Finished at: Wed Jun 21 10:54:28 EDT 2006
[INFO] Final Memory: 1M/2M
[INFO] ------------------------------------------------------------------------
/tmp/mtmp2$

Here is the output of doing the same thing with a version of maven-2.0.4 with the attached patch applied:

/tmp/mtmp2$ export M2_HOME=/tmp/maven-2.0.4-patched
/tmp/mtmp2$ export PATH=${M2_HOME}/bin:$PATH
/tmp/mtmp2$ type -all mvn
mvn is /tmp/maven-2.0.4-patched/bin/mvn
mvn is /usr/local/maven-2.0.4/bin/mvn
/tmp/mtmp2$ 
/tmp/mtmp2$ rm -fr ~/.m2/repository/org/apache/maven/plugins/maven-idea-plugin
/tmp/mtmp2$ 
/tmp/mtmp2$ cat /tmp/dummy-pom.xml 
<?xml version="1.0" ?>
<project>
  <modelVersion>4.0.0</modelVersion>
  <groupId>foo.bar.baz</groupId>
  <artifactId>fooshizzle</artifactId>
  <name>Dummy Project for Retrieving and Installing maven-idea-plugin</name>
  <version>does-not-matter</version>
  <build>
    <plugins>
      <plugin>
        <groupId>org.apache.maven.plugins</groupId>
        <artifactId>maven-idea-plugin</artifactId>
      </plugin>
    </plugins>
  </build>
</project>
/tmp/mtmp2$ 
/tmp/mtmp2$ cat /tmp/dummy-pom.xml | mvn --file /dev/stdin validate
[INFO] Scanning for projects...
[INFO] ----------------------------------------------------------------------------
[INFO] Building Dummy Project for Retrieving and Installing maven-idea-plugin
[INFO]    task-segment: [validate]
[INFO] ----------------------------------------------------------------------------
[INFO] artifact org.apache.maven.plugins:maven-idea-plugin: checking for updates from central
Downloading: http://my.mvn.proxy.server/maven2Proxy/repository/org/apache/maven/plugins/maven-idea-plugin/2.0/maven-idea-plugin-2.0.pom
2/2K
2K downloaded
Downloading: http://my.mvn.proxy.server/maven2Proxy/repository/org/apache/maven/plugins/maven-idea-plugin/2.0/maven-idea-plugin-2.0.jar
4/37K
8/37K
12/37K
16/37K
20/37K
24/37K
28/37K
32/37K
36/37K
37/37K
37K downloaded
[INFO] No goals needed for project - skipping
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESSFUL
[INFO] ------------------------------------------------------------------------
[INFO] Total time: < 1 second
[INFO] Finished at: Wed Jun 21 11:05:07 EDT 2006
[INFO] Final Memory: 1M/3M
[INFO] ------------------------------------------------------------------------
/tmp/mtmp2$

Show

Alan D. Salewski added a comment - 21/Jun/06 10:59 AM Attaching two patches indicated in original bug report (one against the trunk, one against the maven-2.0.4 tag). When using mvn-2.0.4 without the patch, maven attempts to fail early by detecting an empty pom.xml . However, this check is only valid for "regular" files. Here's the output when used with stock mvn-2.0.4 : /tmp/mtmp2$ echo $M2_HOME /usr/local/maven-2.0.4 /tmp/mtmp2$ type -all mvn mvn is /usr/local/maven-2.0.4/bin/mvn /tmp/mtmp2$ rm -fr ~/.m2/repository/org/apache/maven/plugins/maven-idea-plugin /tmp/mtmp2$ cat /tmp/dummy-pom.xml <?xml version="1.0" ?> <project> <modelVersion>4.0.0</modelVersion> <groupId>foo.bar.baz</groupId> <artifactId>fooshizzle</artifactId> <name>Dummy Project for Retrieving and Installing maven-idea-plugin</name> <version>does-not-matter</version> <build> <plugins> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-idea-plugin</artifactId> </plugin> </plugins> </build> </project> /tmp/mtmp2$ cat /tmp/dummy-pom.xml | mvn --file /dev/stdin validate [INFO] Scanning for projects... [INFO] ------------------------------------------------------------------------ [ERROR] FATAL ERROR [INFO] ------------------------------------------------------------------------ [INFO] Error building POM (may not be this project's POM). Project ID: unknown Reason: The file /dev/stdin you specified has zero length. [INFO] ------------------------------------------------------------------------ [INFO] Trace org.apache.maven.reactor.MavenExecutionException: The file /dev/stdin you specified has zero length. at org.apache.maven.DefaultMaven.getProjects(DefaultMaven.java:365) at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:278) at org.apache.maven.DefaultMaven.execute(DefaultMaven.java:115) at org.apache.maven.cli.MavenCli.main(MavenCli.java:256) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:585) at org.codehaus.classworlds.Launcher.launchEnhanced(Launcher.java:315) at org.codehaus.classworlds.Launcher.launch(Launcher.java:255) at org.codehaus.classworlds.Launcher.mainWithExitCode(Launcher.java:430) at org.codehaus.classworlds.Launcher.main(Launcher.java:375) Caused by: org.apache.maven.project.ProjectBuildingException: The file /dev/stdin you specified has zero length. at org.apache.maven.DefaultMaven.getProject(DefaultMaven.java:510) at org.apache.maven.DefaultMaven.collectProjects(DefaultMaven.java:447) at org.apache.maven.DefaultMaven.getProjects(DefaultMaven.java:351) ... 11 more [INFO] ------------------------------------------------------------------------ [INFO] Total time: < 1 second [INFO] Finished at: Wed Jun 21 10:54:28 EDT 2006 [INFO] Final Memory: 1M/2M [INFO] ------------------------------------------------------------------------ /tmp/mtmp2$ Here is the output of doing the same thing with a version of maven-2.0.4 with the attached patch applied: /tmp/mtmp2$ export M2_HOME=/tmp/maven-2.0.4-patched /tmp/mtmp2$ export PATH=${M2_HOME}/bin:$PATH /tmp/mtmp2$ type -all mvn mvn is /tmp/maven-2.0.4-patched/bin/mvn mvn is /usr/local/maven-2.0.4/bin/mvn /tmp/mtmp2$ /tmp/mtmp2$ rm -fr ~/.m2/repository/org/apache/maven/plugins/maven-idea-plugin /tmp/mtmp2$ /tmp/mtmp2$ cat /tmp/dummy-pom.xml <?xml version="1.0" ?> <project> <modelVersion>4.0.0</modelVersion> <groupId>foo.bar.baz</groupId> <artifactId>fooshizzle</artifactId> <name>Dummy Project for Retrieving and Installing maven-idea-plugin</name> <version>does-not-matter</version> <build> <plugins> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-idea-plugin</artifactId> </plugin> </plugins> </build> </project> /tmp/mtmp2$ /tmp/mtmp2$ cat /tmp/dummy-pom.xml | mvn --file /dev/stdin validate [INFO] Scanning for projects... [INFO] ---------------------------------------------------------------------------- [INFO] Building Dummy Project for Retrieving and Installing maven-idea-plugin [INFO] task-segment: [validate] [INFO] ---------------------------------------------------------------------------- [INFO] artifact org.apache.maven.plugins:maven-idea-plugin: checking for updates from central Downloading: http://my.mvn.proxy.server/maven2Proxy/repository/org/apache/maven/plugins/maven-idea-plugin/2.0/maven-idea-plugin-2.0.pom 2/2K 2K downloaded Downloading: http://my.mvn.proxy.server/maven2Proxy/repository/org/apache/maven/plugins/maven-idea-plugin/2.0/maven-idea-plugin-2.0.jar 4/37K 8/37K 12/37K 16/37K 20/37K 24/37K 28/37K 32/37K 36/37K 37/37K 37K downloaded [INFO] No goals needed for project - skipping [INFO] ------------------------------------------------------------------------ [INFO] BUILD SUCCESSFUL [INFO] ------------------------------------------------------------------------ [INFO] Total time: < 1 second [INFO] Finished at: Wed Jun 21 11:05:07 EDT 2006 [INFO] Final Memory: 1M/3M [INFO] ------------------------------------------------------------------------ /tmp/mtmp2$

Hide

Permalink

Jason van Zyl added a comment - 31/May/07 8:58 PM

The pom.xml should be a file. Not sure why this would ever be useful like having a POM be a named pipe. You would create a different builder if you wanted to use a different source.

Show

Jason van Zyl added a comment - 31/May/07 8:58 PM The pom.xml should be a file. Not sure why this would ever be useful like having a POM be a named pipe. You would create a different builder if you wanted to use a different source.

Hide

Permalink

Alan D. Salewski added a comment - 01/Jun/07 8:48 PM

Well, one reason for reading the pom from a named pipe is that it facilitates using 'mvn' from within shell scripts for performing tasks that leverage built-in maven capabilities. For example, the attached 'mvn-get-plugin' script retrieves and installs one or more maven plugins using a shell "here" document for the POM:

...
    mvn --file /dev/stdin validate <<EOF
<project>
  <modelVersion>4.0.0</modelVersion>
  <groupId>foo.bar.baz</groupId>
  <artifactId>fooshizzle</artifactId>
  <name>Dummy Project for Retrieving and Installing ${plugin_name}</name>
  <version>does-not-matter</version>
  <build>
    <plugins>
      <plugin>
        <groupId>${plugin_group_id}</groupId>
        <artifactId>${plugin_name}</artifactId>
        ${plugin_version_elem}
      </plugin>
    </plugins>
  </build>
</project>
EOF
...

It does this without creating any temporary files, which simplifies the program (there are no temporary file security bugs to worry about; there is no temporary directory to clean up when the program ends or when a signal is received, etc).

More generally, though, not fixing the issue leaves an arbitrary limitation in the program, and violates the principle of least surprise (encountering an error when attempting to specify '/dev/stdin' as an argument to the '--file' option is what lead me to investigate the issue in the first place). One of the strengths of unix command line tools is that they are of general use and expected to be used in combination with other tools, even in ways that their original authors did not foresee. There is no benefit of leaving this easily addressed issue in maven, only an arbitrary limitation.

Some examples:

$ make -f /dev/stdin <<EOF
> all:
>       @echo "hello from stdin"
> EOF
hello from stdin

$ ant -buildfile /dev/stdin <<EOF
> <project><echo>hello from stdin</echo></project>
> EOF
Buildfile: /dev/stdin
     [echo] hello from stdin

BUILD SUCCESSFUL
Total time: 0 seconds

And in case it gives anyone a warm and fuzzy, over the past year I've run maven 2.0.4, 2.0.5, and now 2.0.6 with the originally attached (simple) patch without any problems.

Show

Alan D. Salewski added a comment - 01/Jun/07 8:48 PM Well, one reason for reading the pom from a named pipe is that it facilitates using ' mvn ' from within shell scripts for performing tasks that leverage built-in maven capabilities. For example, the attached ' mvn-get-plugin ' script retrieves and installs one or more maven plugins using a shell "here" document for the POM: ... mvn --file /dev/stdin validate <<EOF <project> <modelVersion>4.0.0</modelVersion> <groupId>foo.bar.baz</groupId> <artifactId>fooshizzle</artifactId> <name>Dummy Project for Retrieving and Installing ${plugin_name}</name> <version>does-not-matter</version> <build> <plugins> <plugin> <groupId>${plugin_group_id}</groupId> <artifactId>${plugin_name}</artifactId> ${plugin_version_elem} </plugin> </plugins> </build> </project> EOF ... It does this without creating any temporary files, which simplifies the program (there are no temporary file security bugs to worry about; there is no temporary directory to clean up when the program ends or when a signal is received, etc). More generally, though, not fixing the issue leaves an arbitrary limitation in the program, and violates the principle of least surprise (encountering an error when attempting to specify ' /dev/stdin ' as an argument to the ' --file ' option is what lead me to investigate the issue in the first place). One of the strengths of unix command line tools is that they are of general use and expected to be used in combination with other tools, even in ways that their original authors did not foresee. There is no benefit of leaving this easily addressed issue in maven, only an arbitrary limitation. Some examples: $ make -f /dev/stdin <<EOF > all: > @echo "hello from stdin" > EOF hello from stdin $ ant -buildfile /dev/stdin <<EOF > <project><echo>hello from stdin</echo></project> > EOF Buildfile: /dev/stdin [echo] hello from stdin BUILD SUCCESSFUL Total time: 0 seconds And in case it gives anyone a warm and fuzzy, over the past year I've run maven 2.0.4, 2.0.5, and now 2.0.6 with the originally attached (simple) patch without any problems.

Hide

Permalink

Brett Porter added a comment - 21/Aug/07 12:42 AM

I personally have no objection to making this work, but the patch doesn't appear to be enough for me. I get:

Project ID: unknown
POM Location: /dev/stdin

Reason: Not a v4.0.0 POM. for project unknown at /dev/stdin

And among other things, Maven assumes the basedir is /dev (instead of retaining user.dir).

I think the patch will need to be more comprehensive...

Show

Brett Porter added a comment - 21/Aug/07 12:42 AM I personally have no objection to making this work, but the patch doesn't appear to be enough for me. I get: Project ID: unknown POM Location: /dev/stdin Reason: Not a v4.0.0 POM. for project unknown at /dev/stdin And among other things, Maven assumes the basedir is /dev (instead of retaining user.dir). I think the patch will need to be more comprehensive...

Hide

Permalink

Jason van Zyl added a comment - 21/Aug/07 10:59 AM

Is it really that hard to generate the POM first? And I'm not sure this great usage pattern.

Show

Jason van Zyl added a comment - 21/Aug/07 10:59 AM Is it really that hard to generate the POM first? And I'm not sure this great usage pattern.

People

Assignee:

Unassigned

Reporter:

Alan D. Salewski

Vote (0)

Watch (0)

Dates

Created:

21/Jun/06 10:46 AM

Updated:

13/Jun/08 4:08 AM

Resolved:

31/May/07 8:58 PM