fix: resolve SSL runner export deps (pax-logging-log4j2, drop stale shiro pin)#49
Merged
Merged
Conversation
…hiro pin) The release.yml build-artifacts step failed at export.goss-core-ssl because the SSL runner bndrun required two dependencies unresolvable on a clean runner: 1. pax-logging-service:2.2.7 does not exist on Maven Central. The pax-logging 2.x line renamed the backend bundle: the correct artifact is pax-logging-log4j2:2.2.7 (bundle symbolic name org.ops4j.pax.logging.pax-logging-log4j2). pax-logging-service only published through the 1.x line. Updated central.maven, the libraries.bnd macro and runpath, and the goss-core.shared.bndrun osgi.identity runrequires filter. NOTE: this is a genuine logging-backend continuation, not a cosmetic rename. pax-logging-service (1.x) was the legacy aggregator; pax-logging-log4j2 (2.x) is the Log4j 2.x backend. Verify runner log output and config format post-merge if any logging-behavior question arises later. 2. shiro-core;version='[1.13.0,2)' was hardcoded in goss-core-ssl.bndrun but was both redundant and self-conflicting: the same bndrun already pulls shiro-core 2.0.0 via activemq-runpath (required by activemq-shiro 6.2.0), and the [1.13.0,2) range excludes 2.0.0. Removed the line; shiro-core 2.0.0 resolves via activemq-runpath. Verified locally: export.goss-core and export.goss-core-ssl both build green, producing goss-core.jar and goss-core-ssl.jar (the SSL jar embeds pax-logging-log4j2-2.2.7 and shiro-core-2.0.0). Fixes the second layer of the release-workflow breakage after the stale-launcher fix.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
The release workflow's build-artifacts step failed at
export.goss-core-ssl(layer 2 of the standing release breakage; layer 1 was the stale launcher jar, PR #48). The SSL runner bndrun required two dependencies unresolvable on a clean runner:pax-logging-service:2.2.7does not exist on Maven Central (HTTP 404). The pax-logging 2.x line renamed the backend bundle; the correct artifact ispax-logging-log4j2:2.2.7.shiro-core;version='[1.13.0,2)'was hardcoded but self-conflicting: the same bndrun already pulls shiro-core 2.0.0 viaactivemq-runpath(required by activemq-shiro 6.2.0), and the range excludes 2.0.0.Fix (4 files, 5 lines net)
central.maven:pax-logging-service:2.2.7topax-logging-log4j2:2.2.7.libraries.bnd: rename the macro and update the runpath.goss-core.shared.bndrun: update the-runrequiresosgi.identity filter to the new BSNorg.ops4j.pax.logging.pax-logging-log4j2.goss-core-ssl.bndrun: delete the redundant, conflicting shiro-core line.Backend note
pax-logging-log4j2is the correct name for the pax-logging 2.x backend, not a cosmetic rename: it is a genuine Log4j 2.x backend continuation of the legacy 1.xserviceaggregator (which never published a 2.x artifact). A follow-up tracks verifying the runner's Log4j-1.x-format logging config is still honored at runtime, or migrating it.Verification
Both
export.goss-coreandexport.goss-core-sslbuild green locally, producinggoss-core.jarandgoss-core-ssl.jar(the SSL jar embedspax-logging-log4j2-2.2.7andshiro-core-2.0.0). The fullassemble exportis green, and the downstream changelog and archive steps run on real content. Artifact existence independently verified against Maven Central. Reviewed and approved (Dutch): BSN confirmed by manifest inspection, no stragglers, shiro deletion safe.