[MGNLEE-535] Project site is generated without license Created: 16/Feb/18  Updated: 27/Jul/18  Resolved: 24/Jul/18

Status: Closed
Project: Magnolia DX Core
Component/s: None
Affects Version/s: 5.6.1
Fix Version/s: 5.5.12, 5.6.8, 5.7.1

Type: Bug Priority: Neutral
Reporter: Federico Grilli Assignee: Dai Ha
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: 0d
Time Spent: 3.75d
Original Estimate: Not Specified

Attachments: PDF File MLA-Magnolia-5.4.pdf     PNG File Screen Shot 2018-07-18 at 5.20.26 PM.png     HTML File a.html     Zip Archive b.html.zip     HTML File license.html     HTML File license.html    
Issue Links:
Relates
relates to BUILD-322 Project site is generated without MNA... Open
dependency
Template:
Acceptance criteria:
Empty
Task DoD:
[ ]* Doc/release notes changes? Comment present?
[ ]* Downstream builds green?
[ ]* Solution information and context easily available?
[ ]* Tests
[ ]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Bug DoR:
[ ]* Steps to reproduce, expected, and actual results filled
[ ]* Affected version filled
Date of First Response:
Sprint: Saigon 149, Saigon 150
Story Points: 3

 Description   

Since 5.6.1 https://nexus.magnolia-cms.com/content/sites/magnolia.enterprise.sites/magnolia-enterprise-bundle/5.6.1/license.html
Worked fine in 5.6 https://nexus.magnolia-cms.com/content/sites/magnolia.enterprise.sites/magnolia-enterprise-bundle/5.6/license.html



 Comments   
Comment by Dai Ha [ 12/Jul/18 ]

As my investigation, the license info of 5.6 license comes from this definition:

<licenses>
    <license>
      <name>Magnolia Network Agreement</name>
      <url>http://www.magnolia-cms.com/mna.pdf</url>
    </license>
  </licenses>

in

/poms/enterprise/pom.xml

the url is pdf, so site plugin might not be able to parse it. The output saw on 5.6 is the result of magnolia-cms.com website, to tell that http resource was removed and replaced by https one. There must be some changes on magnolia-cms.com prevent that old behavior. Just tried with any other plain text url and that url would be parsed successfully.

mgeljic Could you please share your opinions on this issue? Thx in advanced

Comment by Mikaël Geljić [ 16/Jul/18 ]

Yes, dai.ha, license information is defined in parent poms, respectively at:

One should try to reproduce this with a simple maven command, with just the license report generation (likely via direct execution of the projects-info plugin). Then we can try with different maven/java versions, different environments/people, etc.

2. Also mind that the issue is not EE-specific, CE is "dually" licensed, and should also include the MNA license *below* the GPLv3 one. I can observe the same issue there between 5.6 and 5.6.1.

3. Lastly, it seems this has worked quite erratically in the past anyhow:

  • Both 4.5 and 5.3 were able to resolve the URL, but included the plain/dumb PDF binary response...
  • 5.4 to 5.6 included the redirect
  • 5.7 is now empty (like 5.6.1), although site is missing for EE

Overall, in my opinion, unless the project-info plugin supports PDF licenses, we should:

  1. Restore a plain text-based version of the license
  2. Use a URL which doesn't depend on the corporate website, but on the dev website (e.g. dev.magnolia-cms.com/mna.txt)
Comment by Dai Ha [ 17/Jul/18 ]

As I explained above, it is neither the difference of pom of 5.6 vs 5.6.1 nor the release process. The inconsistent thing is the way magnolia-cms.com behaved. Here are two output files (with curl):

+ from http://dev.magnolia-cms.com/mna.txt --> a.html

+ from http://www.magnolia-cms.com/mna.pdf --> b.html.zip

The first link return a redirect advice to a not existing url (https version)
The second link return nothing and b.html is blank.

Since we are now considering to another source which doesn't depend on magnolia-cms.com website, we can use local file instead of remote one.

+ For pdf file, the output is unreadable because maven project info plugin seems cannot parse pdf: license.html (file MLA-Magnolia-5.4.pdf )
+ txt file worked, but we need a proper version, here is the sample: license.html
 

Comment by Mikaël Geljić [ 17/Jul/18 ]

The inconsistent thing is the way magnolia-cms.com behaved

That could make more sense yes, but since we have the redirection from mna.html to the PDF download (works in the browser), I'm not sure why the project-info report doesn't include such redirection anymore.

from http://dev.magnolia-cms.com/mna.txt --> a.html

That's a URL I just made up, so it returns 404 anyhow for now. Do you mean the plugin generates a redirection for 404s?

Since we are now considering to another source which doesn't depend on magnolia-cms.com website, we can use local file instead of remote one.

I would say no, the license is mostly for external users/partners/customers; it should be available and reside at a public URL. Generally for all licenses, I think it's a good practice to have it as a plain text file (judging from the NOTICE.txt too)

Comment by Mikaël Geljić [ 18/Jul/18 ]

—would still consider producing an updated txt version of the MNA from the PDF; we can do that as a follow-up too.

Comment by Dai Ha [ 18/Jul/18 ]

2nd approach seems work, here is updated output:
my two concerns:

  • should we change the url to https?
  • this property set at parent pom and would probably affect other url renders, is it ok?
Comment by Mikaël Geljić [ 18/Jul/18 ]

should we change the url to https?

I would have said "not necessarily", it's up to the browser to negotiate the protocol anyway w/ tls/alpn. But some apparently recommend it anyway these days, e.g. this SO answer.

this property set at parent pom and would probably affect other url renders, is it ok?

1. Yes this is parent poms, meaning it cannot fully be fixed until the next ppom release (which might not be before a while); alternatively we could set it on ee-bundle level only for now.

2. As far as I saw, the linkOnly flag is only for the licenses report, so it should be safe.

Comment by Dai Ha [ 19/Jul/18 ]

Set linkOnly flag for only ee-bundle should be the safe, I will create PR for 5.5, 5.6, 5.7 and 6.0 branches.
For my 2nd concern, I actually think about other license urls which might be resolved and inlined ok till now. I did a search on git and observed some minor use cases of that scenario, so no worries

Generated at Mon Feb 12 05:30:56 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.