license-maven-plugin - download-licenses : tailored download directory and "unexpected sha1"

25 views
Skip to first unread message

Joachim Person

unread,
Dec 14, 2023, 2:24:36 AM12/14/23
to mojohaus-dev
Hi,

I am new to the license-maven-plugin and am currently playing around with the https://www.mojohaus.org/license-maven-plugin/ to try to understand how it works.
If possible, my end goal is to (1) download licenses (2) into a

licenses/<SPDX License ID>/LICENSE.txt

subfolder in our project.
The subfolder part (2) can be steered _somewhat_ with the licensesOutputDirectory, but I don't see how I could get a <SPDX license ID> folder into that path. Is it possible somehow?

Playing around with spdx IDs I found this configuration. 

          <licenseUrlFileNames>
            <spdx/>
          </licenseUrlFileNames>

But when using it I get e.g. this

[ERROR] Failed to execute goal org.codehaus.mojo:license-maven-plugin:2.3.0:download-licenses (default-cli) on project em-permission-one-common-case: URL 'http://glassfish.java.net/public/CDDL+GPL_1_1.html' returned content with unexpected sha1 '977f24cd0704c80f9558dffcc9ded18d84adf6ea'; expected '047abb20f37c1629c82db23d99783e41207c2564'. You may want to (a) re-run the current mojo with -Dlicense.forceDownload=true or (b) change the expected sha1 in the licenseUrlFileNames entry 'CDDL-1.1-047abb2.html' or (c) split the entry so that its URLs return content with different sha1 sums. -> [Help 1]

when running

mvn -X license:download-licenses

or 

mvn -X license:download-licenses  -Dlicense.forceDownload=true

My understanding is that the contents of the license from


has changed compared to what the license-maven-plugin expects. 

Where does the _expected_ sha1 come from?

Is it normal that licenses on these kinds (I suspect they are never _supposed_ to be changed..? If a new license version is needed then there would be a new URL, right?) of URLs change?

Thanks in advance,
Joachim

Slawomir Jaranowski

unread,
Dec 19, 2023, 8:43:22 AM12/19/23
to mojohaus-dev
Hi,

Please create issue on GitHub with simple project which reproduce your issue.

Joachim Person

unread,
Jan 5, 2024, 1:10:19 AMJan 5
to mojohaus-dev
It seems like the http://glassfish.java.net/public/CDDL+GPL_1_1.html link does not lead to the license anymore. It should be http://javaee.github.io/glassfish/LICENSE as far as I can understand.
So by putting the override of the dependency URL in licenses.xml and then adding the correct sha1 value in licenseUrlFileNames seemed to fix the issue.

  <CDDL-1.1-09e4019.html>
    sha1:156a933e0848d8b2818cffb6d850c36740dcda93
  </CDDL-1.1-09e4019.html>

Is this the way recommended to solve this issue using the license-maven-plugin?

BR

Reply all
Reply to author
Forward
0 new messages