Maven Build Failure -- DependencyResolutionException
I'm installing a package that has Maven dependency and get a DependencyResolutionException when I try to clean it. After cloning it, I navigate to the directory and run the following to install it with no error:
mvn install:install-file -Dfile=./lib/massbank.jar -DgroupId=massbank -DartifactId=massbank -Dversion=1.0 -Dpackaging=jar
mvn install:install-file -Dfile=./lib/metfusion.jar -DgroupId=de.ipbhalle.msbi -DartifactId=metfusion -Dversion=1.0 -Dpackaging=jar
Then:
mvn clean package
with the following console output:
[INFO] Scanning for projects...
[INFO]
[INFO] --------------------< MassBank2NIST:MassBank2NIST >---------------------
[INFO] Building MassBank2NIST 0.0.2-SNAPSHOT
[INFO] --------------------------------[ jar ]---------------------------------
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 0.450 s
[INFO] Finished at: 2021-04-07T01:08:28-04:00
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal on project MassBank2NIST: Could not resolve dependencies for project MassBank2NIST:MassBank2NIST:jar:0.0.2-SNAPSHOT: Failed to collect dependencies at edu.ucdavis.fiehnlab.splash:core:jar:1.8: Failed to read artifact descriptor for edu.ucdavis.fiehnlab.splash:core:jar:1.8: Could not transfer artifact edu.ucdavis.fiehnlab.splash:core:pom:1.8 from/to maven-default-http-blocker (http://0.0.0.0/): Blocked mirror for repositories: [EBI (http://www.ebi.ac.uk/intact/maven/nexus/content/repositories/ebi-repo/, default, releases+snapshots), releases (http://gose.fiehnlab.ucdavis.edu:55000/content/groups/public, default, releases+snapshots)] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/DependencyResolutionException
I can post the output of the debug logging switch if necessary, but it's quite long. I can also post the pom.xml, however it refers to the repositories as required from what I can tell.
I've searched for similar posts, but none seem to contain the same series of errors or similar. Can someone help me decipher these errors?
Thanks!
Solution 1:
You don't have to downgrade Maven. What happens here is that since 3.8.1, Maven comes with a default configuration to block all HTTP (insecure) repositories. The best way would be to upgrade your repositories and make them secure (HTTPS).
However, you can tell Maven to allow downloading from your insecure repository by adding this mirror to your ~/.m2/settings.xml:
<mirror>
<id>insecure-repo</id>
<mirrorOf>external:http:*</mirrorOf>
<url>http://www.ebi.ac.uk/intact/maven/nexus/content/repositories/ebi-repo/</url>
<blocked>false</blocked>
</mirror>
Setting blocked to false will fix your issue. Note that above snippet assumes that the repository at www.ebi.ac.uk mirrors all insecure HTTP repositories (which is what external:http:* means).
You can also unblock individual repositories. For example, the JasperSoft repository is insecure, I unblock it with:
<mirror>
<id>jaspersoft-third-party-mirror</id>
<mirrorOf>jaspersoft-third-party</mirrorOf>
<url>http://jaspersoft.jfrog.io/jaspersoft/third-party-ce-artifacts/</url>
<blocked>false</blocked>
</mirror>
Solution 2:
If you do not have access to ~/.m2/settings.xml because your build is handled by cloud CI/CD or you want to share this solution with your team members. The best way is to create your own maven setting file in the project.
- Create
.mvnfolder in your project. - Create
custom-settings.xmlfile inside.mvnfolder with such content (in this example we unblock http connection forreleases.java.netmirror):
<settings xmlns="http://maven.apache.org/SETTINGS/1.2.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.2.0 http://maven.apache.org/xsd/settings-1.2.0.xsd">
<mirrors>
<mirror>
<id>releases-java-net-http-unblocker</id>
<mirrorOf>releases.java.net</mirrorOf>
<name>releases.java.net</name>
<url>http://maven.java.net/content/repositories/releases/</url>
<blocked>false</blocked>
</mirror>
</mirrors>
</settings>
- Create
maven.configfile inside.mvnfolder with such content:
--settings ../.mvn/custom-settings.xml
Or you can just run mvn clean install --settings .mvn/custom-settings.xml.
Solution 3:
The error "Blocked mirror for repositories" is referred to explicitly in Maven's release note for version 3.8.1:
How to fix when I get a HTTP repository blocked?
If the repository is defined in your pom.xml, please fix it in your source code.
If the repository is defined in one of your dependencies POM, you’ll get a message like:
[ERROR] Failed to execute goal on project test: Could not resolve dependencies for project xxx: Failed to collect dependencies at my.test:dependency:version -> my.test.transitive:transitive:version: Failed to read artifact descriptor for my.test.transitive:transitive:jar:version: Could not transfer artifact my.test.transitive:transitive:pom:version from/to maven-default-http-blocker (http://0.0.0.0/): Blocked mirror for repositories: [blocked-repository-id (http://blocked.repository.org, default, releases+snapshots)]
They go on to offer some ways to avoid the problem:
Options to fix are:
upgrade the dependency version to a newer version that replaced the obsolete HTTP repository URL with a HTTPS one,
keep the dependency version but define a mirror in your settings.
Plus, I suppose, the simpler, shorter-term option would be to roll back your version of Maven to anything prior to 3.8.1.