Skip to content

fix: resolve SSL runner export deps (pax-logging-log4j2, drop stale shiro pin)#49

Merged
craigpnnl merged 1 commit into
developfrom
fix/gadp029-ssl-runner-deps
Jul 10, 2026
Merged

fix: resolve SSL runner export deps (pax-logging-log4j2, drop stale shiro pin)#49
craigpnnl merged 1 commit into
developfrom
fix/gadp029-ssl-runner-deps

Conversation

@craigpnnl

Copy link
Copy Markdown
Contributor

Problem

The release workflow's build-artifacts step failed at export.goss-core-ssl (layer 2 of the standing release breakage; layer 1 was the stale launcher jar, PR #48). The SSL runner bndrun required two dependencies unresolvable on a clean runner:

  • pax-logging-service:2.2.7 does not exist on Maven Central (HTTP 404). The pax-logging 2.x line renamed the backend bundle; the correct artifact is pax-logging-log4j2:2.2.7.
  • shiro-core;version='[1.13.0,2)' was hardcoded but self-conflicting: the same bndrun already pulls shiro-core 2.0.0 via activemq-runpath (required by activemq-shiro 6.2.0), and the range excludes 2.0.0.

Fix (4 files, 5 lines net)

  • central.maven: pax-logging-service:2.2.7 to pax-logging-log4j2:2.2.7.
  • libraries.bnd: rename the macro and update the runpath.
  • goss-core.shared.bndrun: update the -runrequires osgi.identity filter to the new BSN org.ops4j.pax.logging.pax-logging-log4j2.
  • goss-core-ssl.bndrun: delete the redundant, conflicting shiro-core line.

Backend note

pax-logging-log4j2 is the correct name for the pax-logging 2.x backend, not a cosmetic rename: it is a genuine Log4j 2.x backend continuation of the legacy 1.x service aggregator (which never published a 2.x artifact). A follow-up tracks verifying the runner's Log4j-1.x-format logging config is still honored at runtime, or migrating it.

Verification

Both export.goss-core and export.goss-core-ssl build green locally, producing goss-core.jar and goss-core-ssl.jar (the SSL jar embeds pax-logging-log4j2-2.2.7 and shiro-core-2.0.0). The full assemble export is green, and the downstream changelog and archive steps run on real content. Artifact existence independently verified against Maven Central. Reviewed and approved (Dutch): BSN confirmed by manifest inspection, no stragglers, shiro deletion safe.

…hiro pin)

The release.yml build-artifacts step failed at export.goss-core-ssl because the
SSL runner bndrun required two dependencies unresolvable on a clean runner:

1. pax-logging-service:2.2.7 does not exist on Maven Central. The pax-logging 2.x
   line renamed the backend bundle: the correct artifact is
   pax-logging-log4j2:2.2.7 (bundle symbolic name
   org.ops4j.pax.logging.pax-logging-log4j2). pax-logging-service only published
   through the 1.x line. Updated central.maven, the libraries.bnd macro and
   runpath, and the goss-core.shared.bndrun osgi.identity runrequires filter.

   NOTE: this is a genuine logging-backend continuation, not a cosmetic rename.
   pax-logging-service (1.x) was the legacy aggregator; pax-logging-log4j2 (2.x)
   is the Log4j 2.x backend. Verify runner log output and config format post-merge
   if any logging-behavior question arises later.

2. shiro-core;version='[1.13.0,2)' was hardcoded in goss-core-ssl.bndrun but was
   both redundant and self-conflicting: the same bndrun already pulls shiro-core
   2.0.0 via activemq-runpath (required by activemq-shiro 6.2.0), and the
   [1.13.0,2) range excludes 2.0.0. Removed the line; shiro-core 2.0.0 resolves
   via activemq-runpath.

Verified locally: export.goss-core and export.goss-core-ssl both build green,
producing goss-core.jar and goss-core-ssl.jar (the SSL jar embeds
pax-logging-log4j2-2.2.7 and shiro-core-2.0.0). Fixes the second layer of the
release-workflow breakage after the stale-launcher fix.
@craigpnnl craigpnnl merged commit d633e3b into develop Jul 10, 2026
8 checks passed
@craigpnnl craigpnnl deleted the fix/gadp029-ssl-runner-deps branch July 10, 2026 22:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant