Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 900914 (JBPAPP6-1046)

Summary: Maven repo zip is missing dependency for picketbox-bare
Product: [JBoss] JBoss Enterprise Application Platform 6 Reporter: Rostislav Svoboda <rsvoboda>
Component: BuildAssignee: Paul Gier <pgier>
Status: CLOSED NEXTRELEASE QA Contact:
Severity: urgent Docs Contact:
Priority: urgent    
Version: 6.0.0CC: atangrin, dwalluck, pgier, rsvoboda
Target Milestone: ---   
Target Release: EAP 6.0.1   
Hardware: Unspecified   
OS: Unspecified   
URL: http://jira.jboss.org/jira/browse/JBPAPP6-1046
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-11-08 10:11:13 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
test-pom.xml
none
test-settings.xml none

Description Rostislav Svoboda 2012-09-21 10:38:39 UTC 
project_key: JBPAPP6

Maven repo zip is missing dependency concurrent:concurrent:jar:1.3.4-jboss-update1.

It's dependency of org.picketbox:jbosssx-bare:jar:4.0.13.Final-redhat-1 which is dependency of org.picketbox:picketbox-bare:4.0.13.Final-redhat-1.

Picketbox-bare is important package for saecurity.


I have testing test-pom.xml file with just one dependency - org.picketbox:picketbox-bare:4.0.13.Final-redhat-1, see attached files.

{code}
mvn -s test-settings.xml -Dmaven.repo.local=test-local-repo -f test-pom.xml dependency:tree

...

[ERROR] Failed to execute goal on project test: Could not resolve dependencies for project org.jboss.test:test:jar:1.0.0-SNAPSHOT:
 Could not find artifact concurrent:concurrent:jar:1.3.4-jboss-update1 in jboss-eap (file:///home/rsvoboda/TESTING/601ER2/jboss-eap-6.0.1.ER2-maven-repository) -> [Help 1]

{code}
Comment 1 Rostislav Svoboda 2012-09-21 10:39:01 UTC 
Attachment: Added: test-pom.xml
Attachment: Added: test-settings.xml
Comment 2 Paul Gier 2012-09-26 02:30:13 UTC 
Is this a new dependency of picketbox?  AFAIK we didn't ship this jar with 6.0.0.

Added concurrent:concurrent to the manual include list for the maven repo because it's not in the AS dep tree ([8e49a841c|http://git.app.eng.bos.redhat.com/?p=jboss-eap/maven-repository-testsuite.git;a=commitdiff;h=8e49a841c7d1e006f3bc41dd7b44192a5cbde6c5]).

Assigned to David to do an unsigned rebuild of concurrent:concurrent so it can be included.
Comment 3 David Walluck 2012-09-26 03:03:45 UTC 
Built concurrent-1.3.4-11.redhat_1.ep6.el6 as concurrent-1.3.4-redhat-1.
Comment 4 Paul Gier 2012-09-26 03:15:32 UTC 
Re-opening because I think we don't want to ship this library with EAP since it is part of the JDK as of 1.5.  Probably the dependency should be marked optional in jbosssx-bare.

Anil, can you comment?
Comment 5 Paul Gier 2012-09-27 22:08:39 UTC 
The picketbox build and tests ran fine without the oswego concurrent dependency, so I updated the pom and rebuilt it.
https://brewweb.devel.redhat.com/buildinfo?buildID=235940

Peter, can you remove this dependency in upstream picketbox?
Comment 6 Paul Gier 2012-10-03 14:38:57 UTC 
This will be tracked upstream by SECURITY-699
Comment 7 Anne-Louise Tangring 2012-10-08 14:27:48 UTC 
Approved for EAP 6.0.1 (should it be re-opened)
Comment 8 Rostislav Svoboda 2012-10-30 11:41:07 UTC 
Verified on EAP 6.0.1 ER3 with picketbox-bare version 4.0.14.Final-redhat-1
Comment 9 Misty Stanley-Jones 2012-11-05 04:43:45 UTC 
Release Notes Docs Status: Added: Not Required
Comment 10 Anne-Louise Tangring 2012-11-13 20:18:21 UTC 
Release Notes Docs Status: Removed: Not Required 
Docs QE Status: Removed: NEW