Uploaded image for project: 'Maven Archetype'
  1. Maven Archetype
  2. ARCHETYPE-521

Cannot specify remote repository for generate project from archetype

    Details

    • Type: Question
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.0.0
    • Fix Version/s: 3.0.1
    • Component/s: Generator
    • Environment:
      cmd

      Description

      I wanted to create new project using mvn archetype:generate command.
      Desired archetype was absent in the central repo, so I tried to use -DarchetypeRepository=repo.url param. But this param is out of date in 3.0.0 version of plugin.
      So I needed to use mvn org.apache.maven.plugins:maven-archetype-plugin:2.4:generate command.
      Question: How can I specify specific repository for generating project (without editing settings.xml file)?
      (-DarchetypeCatalog=repo.url doesn't work too)

        Activity

        Hide
        rfscholte Robert Scholte added a comment -

        Question: How can I specify specific repository for generating project (without editing settings.xml file)?

        Allowing to set a URL via commandline is considered to be a security leak, so specifying the repository (id: archetype) in the settings.xml is the right way.

        Show
        rfscholte Robert Scholte added a comment - Question: How can I specify specific repository for generating project (without editing settings.xml file)? Allowing to set a URL via commandline is considered to be a security leak, so specifying the repository (id: archetype) in the settings.xml is the right way.
        Hide
        nthomas Nathan Thomas added a comment -

        Robert Scholte There doesn't seem to be any documentation surrounding specifying the repository (id: archetype) in the settings.xml, I did the obvious and under my active profile created a repository with the id set to archetype and the url pointed to my archetype-catalog.xml, when that didn't work I tried just pointing to my repository, both were not successful. What am I missing here? Any example or documentation I can see related to this?
        Is there a parameter similar to <releases> or <snapshot> that needs to be enabled?

        Show
        nthomas Nathan Thomas added a comment - Robert Scholte There doesn't seem to be any documentation surrounding specifying the repository (id: archetype) in the settings.xml, I did the obvious and under my active profile created a repository with the id set to archetype and the url pointed to my archetype-catalog.xml, when that didn't work I tried just pointing to my repository, both were not successful. What am I missing here? Any example or documentation I can see related to this? Is there a parameter similar to <releases> or <snapshot> that needs to be enabled?
        Hide
        rfscholte Robert Scholte added a comment -
        Show
        rfscholte Robert Scholte added a comment - Confirmed with ee96192df88a50cf90726ddfb95a72be4bdf2df0
        Hide
        hudson Hudson added a comment -

        SUCCESS: Integrated in Jenkins build maven-archetype-m3 #268 (See https://builds.apache.org/job/maven-archetype-m3/268/)
        ARCHETYPE-521 Cannot specify remote repository for generate project (rfscholte: rev ee96192df88a50cf90726ddfb95a72be4bdf2df0)

        • (add) maven-archetype-plugin/src/it/mrm/archetype-repository/3rdparty-archetype-1.0.pom
        • (edit) maven-archetype-plugin/src/it/mrm/settings.xml
        • (add) maven-archetype-plugin/src/it/mrm/archetype-repository/3rdparty-archetype-1.0.jar/archetype-resources/pom.xml
        • (edit) maven-archetype-plugin/pom.xml
        • (add) maven-archetype-plugin/src/it/projects/ARCHETYPE-521_archetype-repo/verify.groovy
        • (add) maven-archetype-plugin/src/it/mrm/archetype-repository/3rdparty-archetype-1.0.jar/META-INF/maven/archetype-metadata.xml
        • (add) maven-archetype-plugin/src/it/mrm/archetype-repository/archetype-catalog.xml
        • (add) maven-archetype-plugin/src/it/projects/ARCHETYPE-521_archetype-repo/invoker.properties
        • (add) maven-archetype-plugin/src/it/projects/ARCHETYPE-521_archetype-repo/test.properties
        Show
        hudson Hudson added a comment - SUCCESS: Integrated in Jenkins build maven-archetype-m3 #268 (See https://builds.apache.org/job/maven-archetype-m3/268/ ) ARCHETYPE-521 Cannot specify remote repository for generate project (rfscholte: rev ee96192df88a50cf90726ddfb95a72be4bdf2df0) (add) maven-archetype-plugin/src/it/mrm/archetype-repository/3rdparty-archetype-1.0.pom (edit) maven-archetype-plugin/src/it/mrm/settings.xml (add) maven-archetype-plugin/src/it/mrm/archetype-repository/3rdparty-archetype-1.0.jar/archetype-resources/pom.xml (edit) maven-archetype-plugin/pom.xml (add) maven-archetype-plugin/src/it/projects/ ARCHETYPE-521 _archetype-repo/verify.groovy (add) maven-archetype-plugin/src/it/mrm/archetype-repository/3rdparty-archetype-1.0.jar/META-INF/maven/archetype-metadata.xml (add) maven-archetype-plugin/src/it/mrm/archetype-repository/archetype-catalog.xml (add) maven-archetype-plugin/src/it/projects/ ARCHETYPE-521 _archetype-repo/invoker.properties (add) maven-archetype-plugin/src/it/projects/ ARCHETYPE-521 _archetype-repo/test.properties
        Hide
        vguna Veit Guna added a comment - - edited

        Hi guys.

        That really sucks . How is specifying an url via cmdline considered a security risk ? Whether I specify it on cmdline or settings.xml is same "risky", no?
        Please describe how this can be used as an attack vector - for my better understanding.

        Besides that, I now can't just paste a cmdline and create a project from a non-central archetype repository anymore. I now have to add that custom archetype repository to my settings.xml first, before I can invoke the generate step. And I will do that most likely only once, maybe twice. So I have to remove it after the project has been generate. Yay! That's what I call making your life more difficult than it has to be.

        Sorry for sounding that harsh, but I'm currently not getting the reason for such a breaking change.

        BTW: tried org.apache.maven.plugins:maven-archetype-plugin:2.4:generate as a workaround, but then it seems that the post-groovy script isn't working anymore .

        BTW2: This still comes as a warning, which is also quite misleading:

        [WARNING] Archetype not found in any catalog. Falling back to central repository (http://repo.maven.apache.org/maven2).
        [WARNING] Use -DarchetypeRepository=<your repository> if archetype's repository is elsewhere.

        Show
        vguna Veit Guna added a comment - - edited Hi guys. That really sucks . How is specifying an url via cmdline considered a security risk ? Whether I specify it on cmdline or settings.xml is same "risky", no? Please describe how this can be used as an attack vector - for my better understanding. Besides that, I now can't just paste a cmdline and create a project from a non-central archetype repository anymore. I now have to add that custom archetype repository to my settings.xml first, before I can invoke the generate step. And I will do that most likely only once, maybe twice. So I have to remove it after the project has been generate. Yay! That's what I call making your life more difficult than it has to be. Sorry for sounding that harsh, but I'm currently not getting the reason for such a breaking change. BTW: tried org.apache.maven.plugins:maven-archetype-plugin:2.4:generate as a workaround, but then it seems that the post-groovy script isn't working anymore . BTW2: This still comes as a warning, which is also quite misleading: [WARNING] Archetype not found in any catalog. Falling back to central repository ( http://repo.maven.apache.org/maven2 ). [WARNING] Use -DarchetypeRepository=<your repository> if archetype's repository is elsewhere.

          People

          • Assignee:
            rfscholte Robert Scholte
            Reporter:
            limych Dmytro Sylaiev
          • Votes:
            1 Vote for this issue
            Watchers:
            6 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development