Uploaded image for project: 'Camel'
  1. Camel
  2. CAMEL-12474

Remove servicemix repository

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.22.0
    • Component/s: camel-script
    • Labels:
      None
    • Estimated Complexity:
      Unknown

      Description

      I did research on insecure development practises and tripped of the usage of

      <url>http://svn.apache.org/repos/asf/servicemix/m2-repo</url>

      in camel-script.

      I checked servicemix repositories: It either contains duplicates of maven central (some with invalid poms) or original content.

      Network traces while compiling camel suggest that mvn only pulls these artifacts from servicemix maven repository:

      1525026026.300329	CW4Snp4aVItMFgPff9	172.17.0.2	38354	209.188.14.144	80	1	GET	svn.apache.org	/repos/asf/servicemix/m2-repo/org/mozilla/rhino/1.7.7.1/rhino-1.7.7.1.pom	-	1.1	Apache-Maven/3.5.2 (Java 1.8.0_151; Linux 4.9.87-linuxkit-aufs)	0	270	404	Not Found	-	-	(empty)	-	-Fl1CyF3Qpey4VRjMaf	-	text/html
      1525026026.756122	CzWVcz4DWIH77Wsfg2	172.17.0.2	38356	209.188.14.144	80	1	GET	svn.apache.org	/repos/asf/servicemix/m2-repo/org/python/jython/2.5.3/jython-2.5.3.pom	-	1.1	Apache-Maven/3.5.2 (Java 1.8.0_151; Linux 4.9.87-linuxkit-aufs)	0	267	404	Not Found	-	-	(empty)	-	-FE4nRr2km9bJj89ff6	-	text/html
      1525026027.180905	CFlRQ818nO5cbbbsTl	172.17.0.2	38358	209.188.14.144	80	1	GET	svn.apache.org	/repos/asf/servicemix/m2-repo/org/codehaus/groovy/groovy-jsr223/2.4.12/groovy-jsr223-2.4.12.pom	-	1.1	Apache-Maven/3.5.2 (Java 1.8.0_151; Linux 4.9.87-linuxkit-aufs)	0	292	404	Not Found	-	-(empty)	-	-	-	-	-	-	F1QpLz2VRydzyYntF4	-	text/html
      1525026027.647593	CX5M1E1hyxPYAoyL8i	172.17.0.2	38360	209.188.14.144	80	1	GET	svn.apache.org	/repos/asf/servicemix/m2-repo/org/apache-extras/beanshell/bsh/2.0b6/bsh-2.0b6.pom	-	1.1	Apache-Maven/3.5.2 (Java 1.8.0_151; Linux 4.9.87-linuxkit-aufs)	0	278	404	Not Found	-	-	(empty)	-FuD9RLFHEi17eOUkh	-	text/html
      1525026028.094818	CiIO7oAUfj4tscfX5	172.17.0.2	38366	209.188.14.144	80	1	GET	svn.apache.org	/repos/asf/servicemix/m2-repo/org/codehaus/groovy/groovy-jsr223/2.4.12/groovy-jsr223-2.4.12.jar	-	1.1	Apache-Maven/3.5.2 (Java 1.8.0_151; Linux 4.9.87-linuxkit-aufs)	0	292	404	Not Found	-	-(empty)	-	-	-	-	-	-	FyVPyfu1Y3DFkNgJ2	-	text/html
      1525026028.099453	CUh1fW3Dl62XKXPLX2	172.17.0.2	38364	209.188.14.144	80	1	GET	svn.apache.org	/repos/asf/servicemix/m2-repo/org/python/jython/2.5.3/jython-2.5.3.jar	-	1.1	Apache-Maven/3.5.2 (Java 1.8.0_151; Linux 4.9.87-linuxkit-aufs)	0	267	404	Not Found	-	-	(empty)	-	-F7x74522BvGw3zS7Eh	-	text/html
      1525026028.099309	ClETpU2KKP8Ne1p6yh	172.17.0.2	38362	209.188.14.144	80	1	GET	svn.apache.org	/repos/asf/servicemix/m2-repo/org/mozilla/rhino/1.7.7.1/rhino-1.7.7.1.jar	-	1.1	Apache-Maven/3.5.2 (Java 1.8.0_151; Linux 4.9.87-linuxkit-aufs)	0	270	404	Not Found	-	-	(empty)	-	-FbZ0xi2NtRzDdBk0Bb	-	text/html
      1525026028.102116	CFCPI51JMEeZ5XVLz	172.17.0.2	38368	209.188.14.144	80	1	GET	svn.apache.org	/repos/asf/servicemix/m2-repo/org/apache-extras/beanshell/bsh/2.0b6/bsh-2.0b6.jar	-	1.1	Apache-Maven/3.5.2 (Java 1.8.0_151; Linux 4.9.87-linuxkit-aufs)	0	278	404	Not Found	-	-	(empty)	-Fahqzk1hqZbMkcZZY5	-	text/html

      In a nutshell: rhino js engine, jython and beanshell.  This is provided by maven central as well.

       

      So I suggest to remove that repository here.

      Will provide a patch by a github pull request 

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                acosentino Andrea Cosentino
                Reporter:
                oflebbe Olaf Flebbe
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: