|Summary:||Maven repo: suspicious files present|
|Product:||[Retired] JBoss BRMS Platform 6||Reporter:||Petr Široký <psiroky>|
|Component:||Maven Repository||Assignee:||Petr Kočandrle <pkocandr>|
|Status:||VERIFIED ---||QA Contact:||Marek Winkler <mwinkler>|
|Version:||6.0.0||CC:||kverlaen, pkocandr, rrajasek|
|Fixed In Version:||Doc Type:||Bug Fix|
|Doc Text:||Story Points:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
|Cloudforms Team:||---||Target Upstream Version:|
Description Petr Široký 2014-02-04 13:07:59 UTC
Description of problem: The Maven repo contains a great number of suspicious files. For example zips, wars or XSDs. This issue is related to https://bugzilla.redhat.com/show_bug.cgi?id=1056184 but is more general, it lists more that just zip and war files. See https://jenkins.mw.lab.eng.bos.redhat.com/hudson/job/brms-maven-repo-wolf-validator/lastCompletedBuild/testReport/(root)/SuspiciousFileException/ for up-to-date list of the suspicious files. Some of the reported issues may be false positives, but IMO at least the war files and some of the zip files should be removed. Version-Release number of selected component (if applicable): 6.0.0-CR2
Comment 2 Rajesh Rajasekaran 2014-02-18 20:58:23 UTC
Now that BZ#1056184 is resolved with ER1 build, can you update this issue with the list of suspicious files that are still present?
Comment 3 Rajesh Rajasekaran 2014-03-20 16:46:48 UTC
A majority of the 'suspicious' files are *-tests.jar and *-tests-sources.jar which are requested to be removed in BZ#1074472 and *-scm-sources.zip and *-patches.zip which are requested to be removed in BZ#1056184 . It would be good to see what remains after those two bz's are addressed.
Comment 4 Petr Široký 2014-03-21 09:34:35 UTC
Created attachment 877182 [details] Filtered list of suspicious files. I was kind of waiting for the mentioned BZs to get fixed, so I don't have to do the filtering manually. However since the repo is still not available and I am not sure when it will be, I am attaching the list of 'suspicious' files after removing those from BZ#1074472 and BZ#1056184. Please note there is still a big number of false positives. If we for example decide to remove all UI related stuff (BZ#1056184) the list is down to 14 "failures".
Comment 6 Petr Kočandrle 2014-03-29 00:01:52 UTC
The files without primary jar seems to be residue after removing war files which they belonged to. The athers will be resolved by exclusion of all files with "xml", "xsd", "jdocbook", "jdocbook-style" and "properties" extensions. Or should some of them stay in the repo?
Comment 7 Petr Široký 2014-03-29 09:11:10 UTC
I guess we can remove the jdocbook and jdocbook-style ones. Not sure about the "xml" and "xsd" files. The XSD might come handy is some cases. But not sure if they should/can be part of the repo. Just a note: Suspicious does _not_ necessarily mean they should be removed. It just means they should be looked at and decided if want to remove them or keep them there.
Comment 9 Petr Široký 2014-12-09 00:30:36 UTC
There are still some files reported by wolf-validator, but they all seem to be false positives. I am closing this BZ as the major part (getting rid of zips and wars) was resolved. I will file new BZ for individual artifacts in future.