3

We are trying to create a third-party file that lists the licenses from the libraries we are using. For this, we are using the license maven plugin and it's add third party target.

It is working fine, for most of our libraries. Thing is, some of our dependencies are VERY old, and do not exist on Maven Central. for some others, we have made modifications. In both cases, we store those ourselves in the Third Party repo from our Nexus.

These libraries do contain license information, for example as follows :

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
  <modelVersion>4.0.0</modelVersion>
  <groupId>com.company.lib</groupId>
  <artifactId>lib-jcuda</artifactId>
  <version>0.4.2</version>
  <description>POM was created by Sonatype Nexus</description>
  <licenses>
    <license>
      <name>MIT License</name>
      <url>http://www.opensource.org/licenses/mit-license.php</url>
      <distribution>repo</distribution>
    </license>
  </licenses>
</project>

Thing is, when we run the target they are not recognized, and we get the following message :

[WARNING] There are 16 dependencies with no license :
[WARNING]  - com.spacemetric.lib--lib-jcublas--0.4.2
[WARNING]  - com.spacemetric.lib--lib-jcuda--0.4.2
(Unknown license) lib-jcuda (com.spacemetric.lib:lib-jcuda:0.4.2 - no url defined)

When switching the -X flag on, we get some additional information :

[DEBUG] Verifying availability of C:\Users\me\.m2\repository\com\company\lib\lib-jcuda\0.4.2\lib-jcuda-0.4.2.pom from [central (https://repo.maven.apache.org/maven2, default, releases)]

If I run some java code that I built to test, I can see the license information with no issue :

    MavenXpp3Reader mavenreader = new MavenXpp3Reader();
    String pomfile = "C:\\Users\\me\\.m2\\repository\\com\\company\\lib\\lib-jcuda\\0.4.2\\lib-jcuda-0.4.2.pom";
    try (FileReader reader = new FileReader(pomfile);) {
        Model model = mavenreader.read(reader);
        model.setPomFile(new File(pomfile));
        MavenProject project = new MavenProject(model);

        List<License> licenses = project.getLicenses();
        for (License l : licenses) {
            System.out.println(l.getUrl());
        }
    }
    catch (IOException | XmlPullParserException e) {
        e.printStackTrace();
    }

Is there anything obvious we are missing when grabbing our dependencies? The issue only seems to arise for the libraries that we had to add ourselves to Nexus so we are probably doing something wrong.

I have looked at the doc quite a lot, as well as the source of the plugin, but could not find why the license is not taken into account for those libraries.

Walery Strauch
  • 6,792
  • 8
  • 50
  • 57
jlengrand
  • 12,152
  • 14
  • 57
  • 87
  • Coming back to the availability check message, I am confused why the plugin checks for lib-jcuda in maven central directly. It of course won't find it, since it is only available in the third party repo from our internal Nexus. Could it be the issue? – jlengrand Jul 21 '16 at 06:27

1 Answers1

1

In light of your comment: Have you set up your settings.xml to point to the nexus (mirror) of maven central for the in-house maintained dependencies?

You can configure this something like this:

<settings>
...
  <mirrors>
    <mirror>
      <id>UK</id>
      <name>UK Central</name>
      <url>http://uk.maven.org/maven2</url>
      <mirrorOf>central</mirrorOf>
    </mirror>
  </mirrors>
  ...
</settings>
Jur_
  • 302
  • 5
  • 14