HADOOP-18590. Publish SBOM artifacts #5281

dongjoon-hyun · 2023-01-06T20:37:32Z

Description of PR

This PR aims to publish SBOM artifacts.

https://cwiki.apache.org/confluence/display/COMDEV/SBOM

Here is an article to give some context.

https://www.activestate.com/blog/why-the-us-government-is-mandating-software-bill-of-materials-sbom/

Software Bill of Materials (SBOM) are additional artifacts containing the aggregate of all direct and transitive dependencies of a project. The US Government (based on NIST recommendations) currently accepts only the three most popular SBOM standards as valid, namely: CycloneDX, Software Identification (SWID) tag, Software Package Data Exchange® (SPDX).

This PR uses CycloneDX maven plugin, a lightweight software bill of materials (SBOM) standard designed for use in application security contexts and supply chain component analysis.

How was this patch tested?

Manually. For example, hadoop-auth-3.4.0-SNAPSHOT.jar will have hadoop-auth-3.4.0-SNAPSHOT-cyclonedx.xml and hadoop-auth-3.4.0-SNAPSHOT-cyclonedx.json SBOM files additionally.

$ mvn install -DskipTests
...

$ ls -l ~/.m2/repository/org/apache/hadoop/hadoop-auth/3.4.0-SNAPSHOT
total 960
-rw-r--r--  1 dongjoon  staff     373 Jan  6 12:47 _remote.repositories
-rw-r--r--  1 dongjoon  staff   84913 Jan  6 12:47 hadoop-auth-3.4.0-SNAPSHOT-cyclonedx.json
-rw-r--r--  1 dongjoon  staff   73722 Jan  6 12:47 hadoop-auth-3.4.0-SNAPSHOT-cyclonedx.xml
-rw-r--r--  1 dongjoon  staff   84457 Jan  6 12:47 hadoop-auth-3.4.0-SNAPSHOT-sources.jar
-rw-r--r--  1 dongjoon  staff  114087 Jan  6 12:47 hadoop-auth-3.4.0-SNAPSHOT-tests.jar
-rw-r--r--  1 dongjoon  staff  106678 Jan  6 12:47 hadoop-auth-3.4.0-SNAPSHOT.jar
-rw-r--r--  1 dongjoon  staff    8707 Jun  7  2022 hadoop-auth-3.4.0-SNAPSHOT.pom
-rw-r--r--  1 dongjoon  staff    1537 Jan  6 12:47 maven-metadata-local.xml

For code changes:

Does the title or this PR starts with the corresponding JIRA issue id (e.g. 'HADOOP-17799. Your PR title ...')?
Object storage: have the integration tests been executed and the endpoint declared according to the connector-specific documentation?
If adding new dependencies to the code, are these dependencies licensed in a way that is compatible for inclusion under ASF 2.0?
If applicable, have you updated the LICENSE, LICENSE-binary, NOTICE-binary files?

dongjoon-hyun · 2023-01-06T20:40:27Z

cc @steveloughran , @sunchao , @snmvaughan

cnauroth

+1, pending CI.

Confirmed 2.7.3 is the latest version of the plugin.
Applied patch locally.
Ran mvn -B -T 8 clean install -DskipShade -DskipTests.
Verified presence of cyclonedx.json and cyclonedx.xml files under ~/.m2/repository.

@dongjoon-hyun , thanks for driving this! I'm going to hold off committing until next week in case some of the others you cc'd want to comment.

dongjoon-hyun · 2023-01-06T23:39:31Z

Thank you, @cnauroth !

sunchao

LGTM

dongjoon-hyun · 2023-01-07T03:08:03Z

Thank you, @sunchao !

hadoop-yetus · 2023-01-07T19:49:14Z

💔 -1 overall

Vote	Subsystem	Runtime	Logfile	Comment
+0 🆗	reexec	1m 4s		Docker mode activated.
			_ Prechecks _
+1 💚	dupname	0m 0s		No case conflicting files found.
+0 🆗	codespell	0m 0s		codespell was not available.
+0 🆗	detsecrets	0m 0s		detect-secrets was not available.
+0 🆗	xmllint	0m 0s		xmllint was not available.
+1 💚	@author	0m 0s		The patch does not contain any @author tags.
-1 ❌	test4tests	0m 0s		The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch.
			_ trunk Compile Tests _
+1 💚	mvninstall	41m 8s		trunk passed
+1 💚	compile	25m 35s		trunk passed with JDK Ubuntu-11.0.17+8-post-Ubuntu-1ubuntu220.04
+1 💚	compile	21m 50s		trunk passed with JDK Private Build-1.8.0_352-8u352-ga-1~20.04-b08
+1 💚	mvnsite	20m 12s		trunk passed
-1 ❌	javadoc	1m 26s	/branch-javadoc-root-jdkUbuntu-11.0.17+8-post-Ubuntu-1ubuntu220.04.txt	root in trunk failed with JDK Ubuntu-11.0.17+8-post-Ubuntu-1ubuntu220.04.
+1 💚	javadoc	7m 26s		trunk passed with JDK Private Build-1.8.0_352-8u352-ga-1~20.04-b08
+1 💚	shadedclient	140m 30s		branch has no errors when building and testing our client artifacts.
			_ Patch Compile Tests _
+1 💚	mvninstall	29m 57s		the patch passed
+1 💚	compile	24m 35s		the patch passed with JDK Ubuntu-11.0.17+8-post-Ubuntu-1ubuntu220.04
+1 💚	javac	24m 35s		the patch passed
+1 💚	compile	21m 45s		the patch passed with JDK Private Build-1.8.0_352-8u352-ga-1~20.04-b08
+1 💚	javac	21m 45s		the patch passed
+1 💚	blanks	0m 0s		The patch has no blanks issues.
+1 💚	mvnsite	19m 55s		the patch passed
-1 ❌	javadoc	1m 13s	/patch-javadoc-root-jdkUbuntu-11.0.17+8-post-Ubuntu-1ubuntu220.04.txt	root in the patch failed with JDK Ubuntu-11.0.17+8-post-Ubuntu-1ubuntu220.04.
+1 💚	javadoc	8m 22s		the patch passed with JDK Private Build-1.8.0_352-8u352-ga-1~20.04-b08
+1 💚	shadedclient	56m 19s		patch has no errors when building and testing our client artifacts.
			_ Other Tests _
-1 ❌	unit	1112m 0s	/patch-unit-root.txt	root in the patch passed.
+1 💚	asflicense	1m 41s		The patch does not generate ASF License warnings.
		1390m 24s

Reason	Tests
Failed junit tests	hadoop.mapreduce.v2.app.TestRuntimeEstimators
	hadoop.yarn.server.timelineservice.security.TestTimelineAuthFilterForV2
	hadoop.hdfs.TestLeaseRecovery2
	hadoop.tools.TestHdfsConfigFields

Subsystem	Report/Notes
Docker	ClientAPI=1.41 ServerAPI=1.41 base: https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-5281/1/artifact/out/Dockerfile
GITHUB PR	#5281
Optional Tests	dupname asflicense compile javac javadoc mvninstall mvnsite unit shadedclient codespell detsecrets xmllint
uname	Linux d9dbdb3b1882 4.15.0-200-generic #211-Ubuntu SMP Thu Nov 24 18:16:04 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
Build tool	maven
Personality	dev-support/bin/hadoop.sh
git revision	trunk / `4f4b52f`
Default Java	Private Build-1.8.0_352-8u352-ga-1~20.04-b08
Multi-JDK versions	/usr/lib/jvm/java-11-openjdk-amd64:Ubuntu-11.0.17+8-post-Ubuntu-1ubuntu220.04 /usr/lib/jvm/java-8-openjdk-amd64:Private Build-1.8.0_352-8u352-ga-1~20.04-b08
Test Results	https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-5281/1/testReport/
Max. process+thread count	2946 (vs. ulimit of 5500)
modules	C: . U: .
Console output	https://ci-hadoop.apache.org/job/hadoop-multibranch/job/PR-5281/1/console
versions	git=2.25.1 maven=3.6.3
Powered by	Apache Yetus 0.14.0 https://yetus.apache.org

This message was automatically generated.

dongjoon-hyun · 2023-01-08T10:19:26Z

Apache Yetus(Jenkins) error: unit job seems to pass although it has a red-x mark.

[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary for Apache Hadoop Main 3.4.0-SNAPSHOT:
[INFO] 
[INFO] Apache Hadoop Main ................................. SUCCESS [  0.636 s]
[INFO] Apache Hadoop Build Tools .......................... SUCCESS [  2.289 s]
[INFO] Apache Hadoop Project POM .......................... SUCCESS [  0.747 s]
[INFO] Apache Hadoop Annotations .......................... SUCCESS [  1.687 s]
[INFO] Apache Hadoop Project Dist POM ..................... SUCCESS [  0.108 s]
[INFO] Apache Hadoop Assemblies ........................... SUCCESS [  0.120 s]
[INFO] Apache Hadoop Maven Plugins ........................ SUCCESS [  3.879 s]
[INFO] Apache Hadoop MiniKDC .............................. SUCCESS [ 11.639 s]
[INFO] Apache Hadoop Auth ................................. SUCCESS [02:53 min]
[INFO] Apache Hadoop Auth Examples ........................ SUCCESS [  1.478 s]
[INFO] Apache Hadoop Common ............................... SUCCESS [17:51 min]
[INFO] Apache Hadoop NFS .................................. SUCCESS [ 24.210 s]
[INFO] Apache Hadoop KMS .................................. SUCCESS [03:11 min]
[INFO] Apache Hadoop Registry ............................. SUCCESS [ 49.486 s]
[INFO] Apache Hadoop Common Project ....................... SUCCESS [  0.060 s]
[INFO] Apache Hadoop HDFS Client .......................... SUCCESS [02:04 min]
[INFO] Apache Hadoop HDFS ................................. SUCCESS [  06:27 h]
[INFO] Apache Hadoop HDFS Native Client ................... SUCCESS [  02:02 h]
[INFO] Apache Hadoop HttpFS ............................... SUCCESS [08:18 min]
[INFO] Apache Hadoop HDFS-NFS ............................. SUCCESS [02:47 min]
[INFO] Apache Hadoop YARN ................................. SUCCESS [  0.099 s]
[INFO] Apache Hadoop YARN API ............................. SUCCESS [ 37.699 s]
[INFO] Apache Hadoop YARN Common .......................... SUCCESS [05:02 min]
[INFO] Apache Hadoop YARN Server .......................... SUCCESS [  0.088 s]
[INFO] Apache Hadoop YARN Server Common ................... SUCCESS [02:50 min]
[INFO] Apache Hadoop YARN ApplicationHistoryService ....... SUCCESS [04:08 min]
[INFO] Apache Hadoop YARN Timeline Service ................ SUCCESS [01:13 min]
[INFO] Apache Hadoop YARN Web Proxy ....................... SUCCESS [ 51.925 s]
[INFO] Apache Hadoop YARN ResourceManager ................. SUCCESS [  01:42 h]
[INFO] Apache Hadoop YARN NodeManager ..................... SUCCESS [23:14 min]
[INFO] Apache Hadoop YARN Server Tests .................... SUCCESS [02:56 min]
[INFO] Apache Hadoop YARN Client .......................... SUCCESS [26:42 min]
[INFO] Apache Hadoop MapReduce Client ..................... SUCCESS [  0.983 s]
[INFO] Apache Hadoop MapReduce Core ....................... SUCCESS [06:37 min]
[INFO] Apache Hadoop MapReduce Common ..................... SUCCESS [ 44.306 s]
[INFO] Apache Hadoop MapReduce Shuffle .................... SUCCESS [ 25.382 s]
[INFO] Apache Hadoop MapReduce App ........................ SUCCESS [09:33 min]
[INFO] Apache Hadoop MapReduce HistoryServer .............. SUCCESS [05:05 min]
[INFO] Apache Hadoop MapReduce JobClient .................. SUCCESS [  02:14 h]
[INFO] Apache Hadoop Distributed Copy ..................... SUCCESS [44:58 min]
[INFO] Apache Hadoop Mini-Cluster ......................... SUCCESS [  2.013 s]
[INFO] Apache Hadoop Federation Balance ................... SUCCESS [20:21 min]
[INFO] Apache Hadoop HDFS-RBF ............................. SUCCESS [39:35 min]
[INFO] Apache Hadoop HDFS Project ......................... SUCCESS [  0.067 s]
[INFO] Apache Hadoop YARN SharedCacheManager .............. SUCCESS [ 25.708 s]
[INFO] Apache Hadoop YARN Timeline Plugin Storage ......... SUCCESS [04:44 min]
[INFO] Apache Hadoop YARN TimelineService HBase Backend ... SUCCESS [  0.061 s]
[INFO] Apache Hadoop YARN TimelineService HBase Common .... SUCCESS [ 13.852 s]
[INFO] Apache Hadoop YARN TimelineService HBase Client .... SUCCESS [ 17.091 s]
[INFO] Apache Hadoop YARN TimelineService HBase Servers ... SUCCESS [  0.053 s]
[INFO] Apache Hadoop YARN TimelineService HBase Server 1.7  SUCCESS [  4.283 s]
[INFO] Apache Hadoop YARN TimelineService HBase tests ..... SUCCESS [15:56 min]
[INFO] Apache Hadoop YARN Router .......................... SUCCESS [ 10.480 s]
[INFO] Apache Hadoop YARN TimelineService DocumentStore ... SUCCESS [ 30.523 s]
[INFO] Apache Hadoop YARN Applications .................... SUCCESS [  0.062 s]
[INFO] Apache Hadoop YARN DistributedShell ................ SUCCESS [21:52 min]
[INFO] Apache Hadoop YARN Unmanaged Am Launcher ........... SUCCESS [ 33.038 s]
[INFO] Apache Hadoop YARN Services ........................ SUCCESS [  0.054 s]
[INFO] Apache Hadoop YARN Services Core ................... SUCCESS [20:33 min]
[INFO] Apache Hadoop YARN Services API .................... SUCCESS [01:45 min]
[INFO] Apache Hadoop YARN Application Catalog ............. SUCCESS [  0.051 s]
[INFO] Apache Hadoop YARN Application Catalog Webapp ...... SUCCESS [ 39.140 s]
[INFO] Apache Hadoop YARN Application Catalog Docker Image  SUCCESS [  0.149 s]
[INFO] Apache Hadoop YARN Application MaWo ................ SUCCESS [  0.086 s]
[INFO] Apache Hadoop YARN Application MaWo Core ........... SUCCESS [  4.808 s]
[INFO] Apache Hadoop YARN Site ............................ SUCCESS [  0.049 s]
[INFO] Apache Hadoop YARN Registry ........................ SUCCESS [  0.666 s]
[INFO] Apache Hadoop YARN UI .............................. SUCCESS [03:30 min]
[INFO] Apache Hadoop YARN CSI ............................. SUCCESS [ 24.692 s]
[INFO] Apache Hadoop YARN Project ......................... SUCCESS [  1.431 s]
[INFO] Apache Hadoop MapReduce HistoryServer Plugins ...... SUCCESS [  5.340 s]
[INFO] Apache Hadoop MapReduce NativeTask ................. SUCCESS [11:01 min]
[INFO] Apache Hadoop MapReduce Uploader ................... SUCCESS [ 15.041 s]
[INFO] Apache Hadoop MapReduce Examples ................... SUCCESS [ 31.592 s]
[INFO] Apache Hadoop MapReduce ............................ SUCCESS [  1.447 s]
[INFO] Apache Hadoop MapReduce Streaming .................. SUCCESS [06:49 min]
[INFO] Apache Hadoop Client Aggregator .................... SUCCESS [  1.430 s]
[INFO] Apache Hadoop Dynamometer Workload Simulator ....... SUCCESS [ 42.545 s]
[INFO] Apache Hadoop Dynamometer Cluster Simulator ........ SUCCESS [  8.119 s]
[INFO] Apache Hadoop Dynamometer Block Listing Generator .. SUCCESS [ 31.750 s]
[INFO] Apache Hadoop Dynamometer Dist ..................... SUCCESS [  1.556 s]
[INFO] Apache Hadoop Dynamometer .......................... SUCCESS [  0.054 s]
[INFO] Apache Hadoop Archives ............................. SUCCESS [01:17 min]
[INFO] Apache Hadoop Archive Logs ......................... SUCCESS [ 39.592 s]
[INFO] Apache Hadoop Rumen ................................ SUCCESS [ 10.717 s]
[INFO] Apache Hadoop Gridmix .............................. SUCCESS [17:13 min]
[INFO] Apache Hadoop Data Join ............................ SUCCESS [ 17.154 s]
[INFO] Apache Hadoop Extras ............................... SUCCESS [ 49.855 s]
[INFO] Apache Hadoop Pipes ................................ SUCCESS [  8.419 s]
[INFO] Apache Hadoop Amazon Web Services support .......... SUCCESS [02:21 min]
[INFO] Apache Hadoop Kafka Library support ................ SUCCESS [  5.846 s]
[INFO] Apache Hadoop Azure support ........................ SUCCESS [01:43 min]
[INFO] Apache Hadoop Aliyun OSS support ................... SUCCESS [  3.311 s]
[INFO] Apache Hadoop Scheduler Load Simulator ............. SUCCESS [12:06 min]
[INFO] Apache Hadoop Resource Estimator Service ........... SUCCESS [ 22.317 s]
[INFO] Apache Hadoop Azure Data Lake support .............. SUCCESS [ 35.326 s]
[INFO] Apache Hadoop Image Generation Tool ................ SUCCESS [ 13.299 s]
[INFO] Apache Hadoop Tools Dist ........................... SUCCESS [  1.050 s]
[INFO] Apache Hadoop OpenStack support .................... SUCCESS [  0.063 s]
[INFO] Apache Hadoop Common Benchmark ..................... SUCCESS [  2.812 s]
[INFO] Apache Hadoop Tools ................................ SUCCESS [  0.082 s]
[INFO] Apache Hadoop Client API ........................... SUCCESS [  1.517 s]
[INFO] Apache Hadoop Client Runtime ....................... SUCCESS [  1.296 s]
[INFO] Apache Hadoop Client Packaging Invariants .......... SUCCESS [  0.304 s]
[INFO] Apache Hadoop Client Test Minicluster .............. SUCCESS [  1.074 s]
[INFO] Apache Hadoop Client Packaging Invariants for Test . SUCCESS [  0.101 s]
[INFO] Apache Hadoop Client Packaging Integration Tests ... SUCCESS [  0.169 s]
[INFO] Apache Hadoop Distribution ......................... SUCCESS [  0.430 s]
[INFO] Apache Hadoop Client Modules ....................... SUCCESS [  0.045 s]
[INFO] Apache Hadoop Tencent COS Support .................. SUCCESS [  2.952 s]
[INFO] Apache Hadoop OBS support .......................... SUCCESS [  3.610 s]
[INFO] Apache Hadoop Cloud Storage ........................ SUCCESS [  0.709 s]
[INFO] Apache Hadoop Cloud Storage Project ................ SUCCESS [  0.049 s]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time:  18:31 h
[INFO] Finished at: 2023-01-07T19:47:11Z
[INFO] ------------------------------------------------------------------------

dongjoon-hyun · 2023-01-10T00:42:30Z

Thank you so much, @cnauroth and @sunchao !

Signed-off-by: Chris Nauroth <cnauroth@apache.org> (cherry picked from commit 6f99558)

Signed-off-by: Chris Nauroth <cnauroth@apache.org> (cherry picked from commit 6f99558) (cherry picked from commit b6fd322)

cnauroth · 2023-01-10T00:51:01Z

I merged this to trunk. I also cherry-picked to branch-3.3 and branch-3.2 after resolving a minor merge conflict. @dongjoon-hyun , thank you for the contribution! @sunchao , thank you for the code review. (Sorry, I forgot to mention you in the Signed-off-by tag.)

steveloughran · 2023-01-10T07:56:48Z

How does this work for shaded things the Hadoop build itself pulls in?
IMO this BOM should somehow be included in the released JARs as some well known resource name to allow some introspection at runtime....

dongjoon-hyun · 2023-01-10T09:23:33Z

Hi, @steveloughran . Basically, these are SBOM for jars. So, this PR aims to use Maven Central as the SBOM repository along with the release jars. As I described in the PR description, hadoop-auth-3.4.0-SNAPSHOT.jar will have hadoop-auth-3.4.0-SNAPSHOT-cyclonedx.xml and hadoop-auth-3.4.0-SNAPSHOT-cyclonedx.json.

-rw-r--r--  1 dongjoon  staff   84913 Jan  6 12:47 hadoop-auth-3.4.0-SNAPSHOT-cyclonedx.json
-rw-r--r--  1 dongjoon  staff   73722 Jan  6 12:47 hadoop-auth-3.4.0-SNAPSHOT-cyclonedx.xml
-rw-r--r--  1 dongjoon  staff   84457 Jan  6 12:47 hadoop-auth-3.4.0-SNAPSHOT-sources.jar
-rw-r--r--  1 dongjoon  staff  114087 Jan  6 12:47 hadoop-auth-3.4.0-SNAPSHOT-tests.jar
-rw-r--r--  1 dongjoon  staff  106678 Jan  6 12:47 hadoop-auth-3.4.0-SNAPSHOT.jar

dongjoon-hyun · 2023-01-10T11:41:33Z

FYI, here is Apache ORC 1.8.2 RC1 vote artifact, @steveloughran .

https://repository.apache.org/content/repositories/orgapacheorc-1064/org/apache/orc/orc-core/1.8.2/

steveloughran · 2023-01-16T15:37:44Z

got it. will add to 3.3.5 too as this will be our first release with this

Signed-off-by: Chris Nauroth <cnauroth@apache.org> (cherry picked from commit 6f99558)

dongjoon-hyun · 2023-01-17T00:13:15Z

Thank you, @steveloughran .

steveloughran · 2023-01-17T19:23:56Z

ok, verified the artifacts get into the local mvn repo. i do like the xml version BTW, including all the signatures. makes it easier to spot tampering, doesn't it?

also highlights how hadoop-common has way too many dependencies. we should see what we can do to prune back stuff, such as my #4996. every jar we cut saves many, many integration problems

dongjoon-hyun · 2023-01-17T19:30:08Z

ok, verified the artifacts get into the local mvn repo.

It's great. :)

i do like the xml version BTW, including all the signatures. makes it easier to spot tampering, doesn't it?

We already did like the other official Apache artifacts. Please see the official Apache ORC 1.8.2.

https://repo1.maven.org/maven2/org/apache/orc/orc-core/1.8.2/

Causes HADOOP-18641. cyclonedx maven plugin breaks on recent maven releases This reverts branch-3.3 commit b6fd322.

Causes HADOOP-18641. cyclonedx maven plugin breaks on recent maven releases This reverts commit 61f6628.

Causes HADOOP-18641. cyclonedx maven plugin breaks on recent maven releases This reverts commit 6f99558.

HADOOP-18590. Publish SBOM artifacts

4f4b52f

cnauroth approved these changes Jan 6, 2023

View reviewed changes

sunchao approved these changes Jan 7, 2023

View reviewed changes

cnauroth merged commit 6f99558 into apache:trunk Jan 10, 2023

dongjoon-hyun deleted the HADOOP-18590 branch January 10, 2023 00:42

cnauroth pushed a commit that referenced this pull request Jan 10, 2023

HADOOP-18590. Publish SBOM artifacts (#5281)

b6fd322

Signed-off-by: Chris Nauroth <cnauroth@apache.org> (cherry picked from commit 6f99558)

cnauroth pushed a commit that referenced this pull request Jan 10, 2023

HADOOP-18590. Publish SBOM artifacts (#5281)

c760188

Signed-off-by: Chris Nauroth <cnauroth@apache.org> (cherry picked from commit 6f99558) (cherry picked from commit b6fd322)

asfgit pushed a commit that referenced this pull request Jan 16, 2023

HADOOP-18590. Publish SBOM artifacts (#5281)

61f6628

Signed-off-by: Chris Nauroth <cnauroth@apache.org> (cherry picked from commit 6f99558)

lfrancke mentioned this pull request Feb 8, 2023

Create and publish Software Bill of Materials (SBOMs) for our operators, products and docker images stackabletech/issues#168

Closed

asfgit pushed a commit that referenced this pull request Feb 23, 2023

Revert "HADOOP-18590. Publish SBOM artifacts (#5281)"

92d6826

Causes HADOOP-18641. cyclonedx maven plugin breaks on recent maven releases This reverts branch-3.3 commit b6fd322.

asfgit pushed a commit that referenced this pull request Feb 23, 2023

Revert "HADOOP-18590. Publish SBOM artifacts (#5281)"

55254de

Causes HADOOP-18641. cyclonedx maven plugin breaks on recent maven releases This reverts commit 61f6628.

asfgit pushed a commit that referenced this pull request Feb 23, 2023

Revert "HADOOP-18590. Publish SBOM artifacts (#5281)"

e2d7919

Causes HADOOP-18641. cyclonedx maven plugin breaks on recent maven releases This reverts commit 6f99558.

dongjoon-hyun mentioned this pull request Apr 13, 2023

HADOOP-18590. Publish SBOM artifacts #5555

Merged

4 tasks

ferdelyi pushed a commit to ferdelyi/hadoop that referenced this pull request May 26, 2023

Revert "HADOOP-18590. Publish SBOM artifacts (apache#5281)"

41847b7

Causes HADOOP-18641. cyclonedx maven plugin breaks on recent maven releases This reverts commit 6f99558.

HADOOP-18590. Publish SBOM artifacts #5281

HADOOP-18590. Publish SBOM artifacts #5281

Uh oh!

Conversation

dongjoon-hyun commented Jan 6, 2023 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Description of PR

How was this patch tested?

For code changes:

Uh oh!

dongjoon-hyun commented Jan 6, 2023

Uh oh!

cnauroth left a comment

Choose a reason for hiding this comment

Uh oh!

dongjoon-hyun commented Jan 6, 2023

Uh oh!

sunchao left a comment

Choose a reason for hiding this comment

Uh oh!

dongjoon-hyun commented Jan 7, 2023

Uh oh!

hadoop-yetus commented Jan 7, 2023

Uh oh!

dongjoon-hyun commented Jan 8, 2023

Uh oh!

dongjoon-hyun commented Jan 10, 2023

Uh oh!

cnauroth commented Jan 10, 2023

Uh oh!

steveloughran commented Jan 10, 2023

Uh oh!

dongjoon-hyun commented Jan 10, 2023

Uh oh!

dongjoon-hyun commented Jan 10, 2023

Uh oh!

steveloughran commented Jan 16, 2023

Uh oh!

dongjoon-hyun commented Jan 17, 2023

Uh oh!

steveloughran commented Jan 17, 2023

Uh oh!

dongjoon-hyun commented Jan 17, 2023

Uh oh!

Uh oh!

dongjoon-hyun commented Jan 6, 2023 •

edited

Loading