Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

respect maven offline mode for keys downloading #249

Merged
merged 1 commit into from
Mar 19, 2021
Merged

Conversation

slawekjaranowski
Copy link
Member

fix: #245

github-actions[bot]
github-actions bot previously approved these changes Mar 18, 2021
@sonarqubecloud
Copy link

Kudos, SonarCloud Quality Gate passed!

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

86.0% 86.0% Coverage
0.0% 0.0% Duplication

@slawekjaranowski slawekjaranowski merged commit 81be955 into master Mar 19, 2021
@slawekjaranowski slawekjaranowski deleted the fix-245 branch March 19, 2021 00:01
@slawekjaranowski slawekjaranowski added the bug Something isn't working. label Mar 19, 2021
pzygielo pushed a commit to pzygielo/pgpverify-maven-plugin that referenced this pull request May 31, 2024
…u#249)

Long outstanding problem: GenericVersion since long time had issue with sorting some peculiar version strings (well, parsing them and the producing comparable Version instances to be precise). One kind of these peculiar strings are hex strings, that we even encourage should be used on this page https://maven.apache.org/maven-ci-friendly.html Problems happen, when Maven decides to sort these versions, like it happened to user using `versions-maven-plugin:set-property` that involves version sorting during version resolution https://issues.apache.org/jira/browse/MRESOLVER-314 (see stack trace). Again, this is nothing new, seems this was like it since ages, but again, we started promoting "CI friendly" not so long ago, and my guess is people started using those, and this issue will just spread more and more.

Origin of the problem is that GenericVersion instances, when parsed out of hex-like strings, produce instances that violate Comparable contract (comparison is transitive), hence Java throws `Caused by: java.lang.IllegalArgumentException: Comparison method violates its general contract!` just out of the blue. Moreover, this problem affects both set of users: those who produce hex-like versioned artifacts, but also those who consume them.

Problem was compare padding: when a number and non-number was about to be compared, the comparePadding was invoked, that simply stopped when a number was followed by a non-number. Proper fix is to make iteration all way to the end, otherwise here we end up with compare result 0 that means "equals", which in fact is not.

---

https://issues.apache.org/jira/browse/MRESOLVER-314
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working.
Development

Successfully merging this pull request may close these issues.

pgpverify:check doesn't honor mvn --offline option
1 participant