[Geoserver-devel] 2.6 release blocker: missing commons-digester breaks app-schema

commons-digester-1.7.jar is missing in 2.6-RC1 (and 2.7-SNAPSHOT), breaking app-schema. It was present in 2.6-beta.

Investigating ...

--
Ben Caradoc-Davies <Ben.Caradoc-Davies@anonymised.com>
Software Engineer
CSIRO Mineral Resources Flagship
Australian Resources Research Centre

Discussed in July (see below). Now need to bundle commons-digester-1.7.jar with the app-schema plugin.

http://osgeo-org.1560.x6.nabble.com/Removing-commons-digester-dependency-from-gs-main-td5153255.html
https://jira.codehaus.org/browse/GEOS-6589
https://github.com/geoserver/geoserver/commit/d7969e5054600429fc27323cd2e685b77fcc54d7

On 03/09/14 12:22, Ben Caradoc-Davies wrote:

commons-digester-1.7.jar is missing in 2.6-RC1 (and 2.7-SNAPSHOT),
breaking app-schema. It was present in 2.6-beta.

Investigating ...

--
Ben Caradoc-Davies <Ben.Caradoc-Davies@anonymised.com>
Software Engineer
CSIRO Mineral Resources Flagship
Australian Resources Research Centre

Good catch - but why was this not picked up by maven dependency analysis? Is app-schema depending on commons-digester and not advertising that fact?

···

Jody Garnett

On Tue, Sep 2, 2014 at 9:37 PM, Ben Caradoc-Davies <Ben.Caradoc-Davies@anonymised.com> wrote:

Discussed in July (see below). Now need to bundle
commons-digester-1.7.jar with the app-schema plugin.

http://osgeo-org.1560.x6.nabble.com/Removing-commons-digester-dependency-from-gs-main-td5153255.html
https://jira.codehaus.org/browse/GEOS-6589
https://github.com/geoserver/geoserver/commit/d7969e5054600429fc27323cd2e685b77fcc54d7

On 03/09/14 12:22, Ben Caradoc-Davies wrote:

commons-digester-1.7.jar is missing in 2.6-RC1 (and 2.7-SNAPSHOT),
breaking app-schema. It was present in 2.6-beta.

Investigating …


Ben Caradoc-Davies Ben.Caradoc-Davies@anonymised.com
Software Engineer
CSIRO Mineral Resources Flagship
Australian Resources Research Centre


Slashdot TV.
Video for Nerds. Stuff that matters.
http://tv.slashdot.org/


Geoserver-devel mailing list
Geoserver-devel@anonymised.comsts.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel

The problem occurs at assembly time. gt-app-schema correctly declares its dependency on commons-digester, and gs-app-schema-test runs fine, but the assembly mechanism requires explicit naming of the jars to be included in the plugin. All I have to do is add it to src/release/ext-app-schema.xml and update the readme. Victor has just confirmed that app-schema works once this plugin is added (deployment based on 2.7-SNAPSHOT).

We have seen similar assembly problems with web-cas, so this is not new. The awful truth is that nobody tested RC1 with app-schema.

Super catch from Victor (who also provided the working demo of the WMS XSS vulnerability). He has been saving my neck this week. :slight_smile:

On 03/09/14 13:20, Jody Garnett wrote:

Good catch - but why was this not picked up by maven dependency
analysis? Is app-schema depending on commons-digester and not
advertising that fact?

Jody Garnett

--
Ben Caradoc-Davies <Ben.Caradoc-Davies@anonymised.com>
Software Engineer
CSIRO Mineral Resources Flagship
Australian Resources Research Centre

I have pushed a fix onto 2.6.x and master. Release is no longer blocked by this problem.

Kind regards,
Ben.

On 03/09/14 13:34, Ben Caradoc-Davies wrote:

The problem occurs at assembly time. gt-app-schema correctly declares
its dependency on commons-digester, and gs-app-schema-test runs fine,
but the assembly mechanism requires explicit naming of the jars to be
included in the plugin. All I have to do is add it to
src/release/ext-app-schema.xml and update the readme. Victor has just
confirmed that app-schema works once this plugin is added (deployment
based on 2.7-SNAPSHOT).

We have seen similar assembly problems with web-cas, so this is not new.
The awful truth is that nobody tested RC1 with app-schema.

Super catch from Victor (who also provided the working demo of the WMS
XSS vulnerability). He has been saving my neck this week. :slight_smile:

On 03/09/14 13:20, Jody Garnett wrote:

Good catch - but why was this not picked up by maven dependency
analysis? Is app-schema depending on commons-digester and not
advertising that fact?

Jody Garnett

--
Ben Caradoc-Davies <Ben.Caradoc-Davies@anonymised.com>
Software Engineer
CSIRO Mineral Resources Flagship
Australian Resources Research Centre

On Wed, Sep 3, 2014 at 7:34 AM, Ben Caradoc-Davies <
Ben.Caradoc-Davies@anonymised.com> wrote:

We have seen similar assembly problems with web-cas, so this is not new.
The awful truth is that nobody tested RC1 with app-schema.

Maybe there is a way out of this, to ensure some continous functional
testing of app-schema
and its artifacts: implement WFS complex feature CITE tests support.
The CITE tests are using the nightly builds, so they would have to unpack
the assembly,
merge it into geoserver, and then run the tests

Quite a bit of work, I realize it, it's just the only way I could think of
to give app-schema
some of the same coverage the other modules get via the CITE tests

Cheers
Andrea

--

GeoServer Professional Services from the experts! Visit
http://goo.gl/NWWaa2 for more information.

Ing. Andrea Aime
@geowolf
Technical Lead

GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 339 8844549

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

-------------------------------------------------------

On 03/09/14 14:22, Andrea Aime wrote:

On Wed, Sep 3, 2014 at 7:34 AM, Ben Caradoc-Davies
<Ben.Caradoc-Davies@anonymised.com <mailto:Ben.Caradoc-Davies@anonymised.com>> wrote:

    We have seen similar assembly problems with web-cas, so this is not new.
    The awful truth is that nobody tested RC1 with app-schema.

Maybe there is a way out of this, to ensure some continous functional
testing of app-schema
and its artifacts: implement WFS complex feature CITE tests support.
The CITE tests are using the nightly builds, so they would have to
unpack the assembly,
merge it into geoserver, and then run the tests

Quite a bit of work, I realize it, it's just the only way I could think
of to give app-schema
some of the same coverage the other modules get via the CITE tests

Andrea, that is a great idea. Are there any complex feature CITE suites?

Kind regards,

--
Ben Caradoc-Davies <Ben.Caradoc-Davies@anonymised.com>
Software Engineer
CSIRO Mineral Resources Flagship
Australian Resources Research Centre

On Wed, Sep 3, 2014 at 10:32 AM, Ben Caradoc-Davies <
Ben.Caradoc-Davies@anonymised.com> wrote:

Quite a bit of work, I realize it, it's just the only way I could think
of to give app-schema
some of the same coverage the other modules get via the CITE tests

Andrea, that is a great idea. Are there any complex feature CITE suites?

In the WFS ones there is a flag that can be enabled when starting the test
to enable also complex features tests, so yes, those :slight_smile:

Cheers
Andrea

--

GeoServer Professional Services from the experts! Visit
http://goo.gl/NWWaa2 for more information.

Ing. Andrea Aime
@geowolf
Technical Lead

GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 339 8844549

http://www.geo-solutions.it
http://twitter.com/geosolutions_it

-------------------------------------------------------