Community
Participate
Working Groups
this is a followup on bug 360628. I am trying to deploy SNAPSHOT versions of the tycho project to the maven repository on http://maven.eclipse.org/nexus/ My build fails with HTTP 401 unauthorized [1] I have found some hints in the eclipse parent POM [2] and the settings.xml which is used by the dash project [3]. [3] has a commented out section which proposes to put my committer credentials in clear text into settings.xml. This is clearly not an option. Which credentials should I use to deploy nightly builds to http://maven.eclipse.org/nexus/content/repositories/nightly-juno/ ? How do I make sure I am not leaking passwords? If there is no solution yet, I would propose to add the encrypted password of a "deployer" user to the global settings.xml used by all maven jobs on hudson and put one settings-security.xml with the right filesystem permissions on the build machine(s) (see [4] on how encrypted passwords in settings.xml can be created). This would solve the problem once for all maven jobs. [1] https://hudson.eclipse.org/hudson/job/tycho-nightly/66/console [2] http://maven.eclipse.org/nexus/content/groups/public/org/eclipse/eclipse-parent/3/eclipse-parent-3.pom [3] https://hudson.eclipse.org/hudson/job/dash-maven-ci/ws/settings.xml [4] http://maven.apache.org/guides/mini/guide-encryption.html
Perhaps we need a Bugzilla entry for maven.eclipse.org? CC'ing the admins for comment.
@Denis: Please add a section for maven.eclipse.org because there will be more coming. @Jan: I agree with what you're saying. I'm pretty occupied by my work right now. Can someone else have a look, please?
I didn't realize we already had Dash > Maven... that will do. I'll just reroute any maven.eclipse.org requests here. Perhaps http://maven.eclipse.org/ could contain "Open bug requests here" link to https://bugs.eclipse.org/bugs/enter_bug.cgi?product=Dash&component=Maven
(In reply to comment #3) > Perhaps http://maven.eclipse.org/ could contain "Open bug requests here" link > to > > https://bugs.eclipse.org/bugs/enter_bug.cgi?product=Dash&component=Maven Done.
(In reply to comment #2) > I'm pretty occupied by my work right now. Can someone else have a look, please? Effectively I can't use maven.eclipse.org to deploy maven artifacts if this is not fixed. In other words, I can't release a new version of tycho using the eclipse.org infrastructure. I may as well use the Sonatype OSS service to deploy to maven central [1] if we do not intend to provide deployment support for maven.eclipse.org . Effectively eclipse would then depend on Sonatype in terms of maven deployment infrastructure. Or maybe I got the whole idea wrong and maven.eclipse.org is not intended to be the official maven repository to be used by eclipse projects? I am willing to do my part to help get this working but if you agree to my proposal, right now we need someone with administration permissions on the nexus instance/hudson build servers to configure what has been proposed in the bug description. Regards, Jan [1] https://docs.sonatype.org/display/Repository/Sonatype+OSS+Maven+Repository+Usage+Guide
So, there is no-one feeling responsible for setting up maven.eclipse.org for use by Eclipse projects?
(In reply to comment #0) > Which credentials should I use to deploy nightly builds to > http://maven.eclipse.org/nexus/content/repositories/nightly-juno/ ? > How do I make sure I am not leaking passwords? I can't log into Nexus. Should I be able to do so using my committer credentials, or has that been set up? > If there is no solution yet, I would propose to add the encrypted password of a > "deployer" user to the global settings.xml used by all maven jobs on hudson and > put one settings-security.xml with the right filesystem permissions on the > build machine(s) (see [4] on how encrypted passwords in settings.xml can be > created). I think that webmaster has traditionally been against this sort of thing with regard to the downloads server. Are there alternatives, or is the best way to get it done? Jan and/or Tobias, do you have time to spend on this project? Does it make sense to have you join the team?
(In reply to comment #7) Same as per bug 356202 comment 8 , I think we can take another approach: Please create dedicated repositories for tycho SNAPSHOTS and releases on maven.eclipse.org. Instead of reusing my committer credentials, please create new credentials for me on maven.eclipse.org which will allow SNAPSHOT and release deployments of tycho to the newly created repositories. user id: jsievers. Send the password to me in a separate email. Is this the way to go?
Some background: I'd love to see someone set up a secure Maven repo on maven.eclipse.org because that's one of the main reasons I got the ball running. My problem: I can't do it. I simply lack the knowledge and the time to learn the knowledge. So if no one objects, I can set up a user for you that you can use for deployment in three days. But I'd like someone to step up to secure the server before something happens (like someone uses it to spread virus-infected versions of the artifacts) plus it would be great to give the server an SSL certificate so we can run it on HTTPS to make everything a little bit more secure overall.
(In reply to comment #8) > > user id: jsievers. Send the password to me in a separate email. > > Is this the way to go? +1 (In reply to comment #9) > So if no one objects, I can set up a user for you that you can use for > deployment in three days. No objection from me.
(In reply to comment #9) > So if no one objects, I can set up a user for you that you can use for > deployment in three days. Given that deploying to maven.eclipse.org is our only option for vendor neutrality reasons as stated by Wayne [1], I would like a SNAPSHOT and a release repository created for tycho along with deployment credentials. If you decide to change the general deployment setup for maven.eclipse.org later, we will adapt accordingly. [1] http://dev.eclipse.org/mhonarc/lists/cross-project-issues-dev/msg06861.html
(In reply to comment #11) > (In reply to comment #9) > > So if no one objects, I can set up a user for you that you can use for > > deployment in three days. > > Given that deploying to maven.eclipse.org is our only option for vendor > neutrality reasons as stated by Wayne [1], I would like a SNAPSHOT and a > release repository created for tycho along with deployment credentials. If you > decide to change the general deployment setup for maven.eclipse.org later, we > will adapt accordingly. > What's the point in having Tycho release repo at maven.eclipse.org? It won't be synced to Maven Central, so we still need to go through oss.sonatype.org, or any other forge synched to Central, to get Tycho release binaries available from Central.
maven.eclipse.org is superseded by repo.eclipse.org
