September 2014 - shrinkwrap-issues

[JBoss JIRA] (SHRINKRES-146) Encrypted password support forces presence of settings-security.xml

by Rafał Gała (JIRA)

[ https://issues.jboss.org/browse/SHRINKRES-146?page=com.atlassian.jira.plu... ] Rafał Gała edited comment on SHRINKRES-146 at 9/1/14 10:57 AM: --------------------------------------------------------------- Yes, Maven documentation says only about escaping curly brackets inside. However, Shrinkwrap cannot correctly parse XML files that have only opening and closing brackets, like the one below for example: <password>\{/XFp4jLOtEMHmqV6niPdSZ1cf/ck/gxDk0PBgjgZkLY=}</password> If you place the above line in <server> section in settings.xml, Shrinkwrap will fail. Example: <server> <id>server001</id> <username>my_login</username> <password>\{/XFp4jLOtEMHmqV6niPdSZ1cf/ck/gxDk0PBgjgZkLY=}</password> </server> was (Author: wujaszek): Yes, Maven documentation says only about escaping curly brackets inside. However, Shrinkwrap cannot correctly parse XML files that have only opening and closing brackets, like the one below for example: <password>{/XFp4jLOtEMHmqV6niPdSZ1cf/ck/gxDk0PBgjgZkLY=}</password> If you place the above line in <server> section in settings.xml, Shrinkwrap will fail. Example: <server> <id>server001</id> <username>my_login</username> <password>{/XFp4jLOtEMHmqV6niPdSZ1cf/ck/gxDk0PBgjgZkLY=}</password> </server> > Encrypted password support forces presence of settings-security.xml > ------------------------------------------------------------------- > > Key: SHRINKRES-146 > URL: https://issues.jboss.org/browse/SHRINKRES-146 > Project: ShrinkWrap Resolvers > Issue Type: Bug > Security Level: Public(Everyone can see) > Affects Versions: 2.0.0-beta-4, 2.0.0 > Reporter: Falko M. > Assignee: Andrew Rubinger > > This problem is caused by SHRINKRES-38 "Support encrypted passwords for password protected repositories". > As soon {{MavenSettingsBuilder}} finds passwords in the settings file, it apprently assumes that they are encrypted with the master password which is defined in {{settings-security.xml}}. When the file cannot be found an exception is thrown: > {code} > org.jboss.shrinkwrap.resolver.api.InvalidConfigurationFileException: Unable to get security configuration from C:\Users\U115417\.m2\settings-security.xml. Please define path to the settings-security.xml file via -Dorg.apache.maven.security-settings, or put it the the default location defined by Maven. > at org.jboss.shrinkwrap.resolver.impl.maven.internal.decrypt.MavenSecurityDispatcher.getMaster(MavenSecurityDispatcher.java:171) > at org.jboss.shrinkwrap.resolver.impl.maven.internal.decrypt.MavenSecurityDispatcher.decrypt(MavenSecurityDispatcher.java:96) > at org.jboss.shrinkwrap.resolver.impl.maven.internal.decrypt.MavenSettingsDecrypter.decrypt(MavenSettingsDecrypter.java:92) > at org.jboss.shrinkwrap.resolver.impl.maven.internal.decrypt.MavenSettingsDecrypter.decrypt(MavenSettingsDecrypter.java:60) > at org.jboss.shrinkwrap.resolver.impl.maven.bootstrap.MavenSettingsBuilder.decryptPasswords(MavenSettingsBuilder.java:223) > at org.jboss.shrinkwrap.resolver.impl.maven.bootstrap.MavenSettingsBuilder.buildSettings(MavenSettingsBuilder.java:186) > at org.jboss.shrinkwrap.resolver.impl.maven.bootstrap.MavenSettingsBuilder.buildDefaultSettings(MavenSettingsBuilder.java:113) > at org.jboss.shrinkwrap.resolver.impl.maven.MavenWorkingSessionImpl.<init>(MavenWorkingSessionImpl.java:123) > at org.jboss.shrinkwrap.resolver.impl.maven.MavenResolverSystemImpl.<init>(MavenResolverSystemImpl.java:43) > ... 80 more > {code} > This is not correct as passwords can be defined without encryption and in this case no {{settings-security.xml}} file is needed. > As we use server-side hashed passwords (without client-side encryption), this is a deal breaker for our project as you cannot work around this problem by just creating an empty file or a dummy password. -- This message was sent by Atlassian JIRA (v6.3.1#6329)

9 years, 8 months

1
0
0 / 0

[JBoss JIRA] (SHRINKRES-146) Encrypted password support forces presence of settings-security.xml

by Rafał Gała (JIRA)

[ https://issues.jboss.org/browse/SHRINKRES-146?page=com.atlassian.jira.plu... ] Rafał Gała commented on SHRINKRES-146: -------------------------------------- Yes, Maven documentation says only about escaping curly brackets inside. However, Shrinkwrap cannot correctly parse XML files that have only opening and closing brackets, like the one below for example: <password>{/XFp4jLOtEMHmqV6niPdSZ1cf/ck/gxDk0PBgjgZkLY=}</password> If you place the above line in <server> section in settings.xml, Shrinkwrap will fail. Example: <server> <id>server001</id> <username>my_login</username> <password>{/XFp4jLOtEMHmqV6niPdSZ1cf/ck/gxDk0PBgjgZkLY=}</password> </server> > Encrypted password support forces presence of settings-security.xml > ------------------------------------------------------------------- > > Key: SHRINKRES-146 > URL: https://issues.jboss.org/browse/SHRINKRES-146 > Project: ShrinkWrap Resolvers > Issue Type: Bug > Security Level: Public(Everyone can see) > Affects Versions: 2.0.0-beta-4, 2.0.0 > Reporter: Falko M. > Assignee: Andrew Rubinger > > This problem is caused by SHRINKRES-38 "Support encrypted passwords for password protected repositories". > As soon {{MavenSettingsBuilder}} finds passwords in the settings file, it apprently assumes that they are encrypted with the master password which is defined in {{settings-security.xml}}. When the file cannot be found an exception is thrown: > {code} > org.jboss.shrinkwrap.resolver.api.InvalidConfigurationFileException: Unable to get security configuration from C:\Users\U115417\.m2\settings-security.xml. Please define path to the settings-security.xml file via -Dorg.apache.maven.security-settings, or put it the the default location defined by Maven. > at org.jboss.shrinkwrap.resolver.impl.maven.internal.decrypt.MavenSecurityDispatcher.getMaster(MavenSecurityDispatcher.java:171) > at org.jboss.shrinkwrap.resolver.impl.maven.internal.decrypt.MavenSecurityDispatcher.decrypt(MavenSecurityDispatcher.java:96) > at org.jboss.shrinkwrap.resolver.impl.maven.internal.decrypt.MavenSettingsDecrypter.decrypt(MavenSettingsDecrypter.java:92) > at org.jboss.shrinkwrap.resolver.impl.maven.internal.decrypt.MavenSettingsDecrypter.decrypt(MavenSettingsDecrypter.java:60) > at org.jboss.shrinkwrap.resolver.impl.maven.bootstrap.MavenSettingsBuilder.decryptPasswords(MavenSettingsBuilder.java:223) > at org.jboss.shrinkwrap.resolver.impl.maven.bootstrap.MavenSettingsBuilder.buildSettings(MavenSettingsBuilder.java:186) > at org.jboss.shrinkwrap.resolver.impl.maven.bootstrap.MavenSettingsBuilder.buildDefaultSettings(MavenSettingsBuilder.java:113) > at org.jboss.shrinkwrap.resolver.impl.maven.MavenWorkingSessionImpl.<init>(MavenWorkingSessionImpl.java:123) > at org.jboss.shrinkwrap.resolver.impl.maven.MavenResolverSystemImpl.<init>(MavenResolverSystemImpl.java:43) > ... 80 more > {code} > This is not correct as passwords can be defined without encryption and in this case no {{settings-security.xml}} file is needed. > As we use server-side hashed passwords (without client-side encryption), this is a deal breaker for our project as you cannot work around this problem by just creating an empty file or a dummy password. -- This message was sent by Atlassian JIRA (v6.3.1#6329)

9 years, 8 months

1
0
0 / 0

[JBoss JIRA] (SHRINKRES-146) Encrypted password support forces presence of settings-security.xml

by Karel Piwko (JIRA)

[ https://issues.jboss.org/browse/SHRINKRES-146?page=com.atlassian.jira.plu... ] Karel Piwko edited comment on SHRINKRES-146 at 9/1/14 10:46 AM: ---------------------------------------------------------------- [~wujaszek] can you please create a separate issue for that and discuss details there? I don't understand the details, as escaping curly braces is a Maven thing, not related for ShrinkWrap. According to the documentation, you should escape curly braces in between curly braces. There is no reason to escape demarking curly braces: http://maven.apache.org/guides/mini/guide-encryption.html#Tips Please note that password can contain any information outside of the curly brackets, so that the following will still work: was (Author: kpiwko): [~wujaszek] can you please create a separate issue for that and discuss details there? I don't understand the details, as escaping curly braces is a Maven thing, not related for ShrinkWrap. Thanks. > Encrypted password support forces presence of settings-security.xml > ------------------------------------------------------------------- > > Key: SHRINKRES-146 > URL: https://issues.jboss.org/browse/SHRINKRES-146 > Project: ShrinkWrap Resolvers > Issue Type: Bug > Security Level: Public(Everyone can see) > Affects Versions: 2.0.0-beta-4, 2.0.0 > Reporter: Falko M. > Assignee: Andrew Rubinger > > This problem is caused by SHRINKRES-38 "Support encrypted passwords for password protected repositories". > As soon {{MavenSettingsBuilder}} finds passwords in the settings file, it apprently assumes that they are encrypted with the master password which is defined in {{settings-security.xml}}. When the file cannot be found an exception is thrown: > {code} > org.jboss.shrinkwrap.resolver.api.InvalidConfigurationFileException: Unable to get security configuration from C:\Users\U115417\.m2\settings-security.xml. Please define path to the settings-security.xml file via -Dorg.apache.maven.security-settings, or put it the the default location defined by Maven. > at org.jboss.shrinkwrap.resolver.impl.maven.internal.decrypt.MavenSecurityDispatcher.getMaster(MavenSecurityDispatcher.java:171) > at org.jboss.shrinkwrap.resolver.impl.maven.internal.decrypt.MavenSecurityDispatcher.decrypt(MavenSecurityDispatcher.java:96) > at org.jboss.shrinkwrap.resolver.impl.maven.internal.decrypt.MavenSettingsDecrypter.decrypt(MavenSettingsDecrypter.java:92) > at org.jboss.shrinkwrap.resolver.impl.maven.internal.decrypt.MavenSettingsDecrypter.decrypt(MavenSettingsDecrypter.java:60) > at org.jboss.shrinkwrap.resolver.impl.maven.bootstrap.MavenSettingsBuilder.decryptPasswords(MavenSettingsBuilder.java:223) > at org.jboss.shrinkwrap.resolver.impl.maven.bootstrap.MavenSettingsBuilder.buildSettings(MavenSettingsBuilder.java:186) > at org.jboss.shrinkwrap.resolver.impl.maven.bootstrap.MavenSettingsBuilder.buildDefaultSettings(MavenSettingsBuilder.java:113) > at org.jboss.shrinkwrap.resolver.impl.maven.MavenWorkingSessionImpl.<init>(MavenWorkingSessionImpl.java:123) > at org.jboss.shrinkwrap.resolver.impl.maven.MavenResolverSystemImpl.<init>(MavenResolverSystemImpl.java:43) > ... 80 more > {code} > This is not correct as passwords can be defined without encryption and in this case no {{settings-security.xml}} file is needed. > As we use server-side hashed passwords (without client-side encryption), this is a deal breaker for our project as you cannot work around this problem by just creating an empty file or a dummy password. -- This message was sent by Atlassian JIRA (v6.3.1#6329)

9 years, 8 months

1
0
0 / 0

[JBoss JIRA] (SHRINKRES-146) Encrypted password support forces presence of settings-security.xml

by Karel Piwko (JIRA)

[ https://issues.jboss.org/browse/SHRINKRES-146?page=com.atlassian.jira.plu... ] Karel Piwko commented on SHRINKRES-146: --------------------------------------- [~wujaszek] can you please create a separate issue for that and discuss details there? I don't understand the details, as escaping curly braces is a Maven thing, not related for ShrinkWrap. Thanks. > Encrypted password support forces presence of settings-security.xml > ------------------------------------------------------------------- > > Key: SHRINKRES-146 > URL: https://issues.jboss.org/browse/SHRINKRES-146 > Project: ShrinkWrap Resolvers > Issue Type: Bug > Security Level: Public(Everyone can see) > Affects Versions: 2.0.0-beta-4, 2.0.0 > Reporter: Falko M. > Assignee: Andrew Rubinger > > This problem is caused by SHRINKRES-38 "Support encrypted passwords for password protected repositories". > As soon {{MavenSettingsBuilder}} finds passwords in the settings file, it apprently assumes that they are encrypted with the master password which is defined in {{settings-security.xml}}. When the file cannot be found an exception is thrown: > {code} > org.jboss.shrinkwrap.resolver.api.InvalidConfigurationFileException: Unable to get security configuration from C:\Users\U115417\.m2\settings-security.xml. Please define path to the settings-security.xml file via -Dorg.apache.maven.security-settings, or put it the the default location defined by Maven. > at org.jboss.shrinkwrap.resolver.impl.maven.internal.decrypt.MavenSecurityDispatcher.getMaster(MavenSecurityDispatcher.java:171) > at org.jboss.shrinkwrap.resolver.impl.maven.internal.decrypt.MavenSecurityDispatcher.decrypt(MavenSecurityDispatcher.java:96) > at org.jboss.shrinkwrap.resolver.impl.maven.internal.decrypt.MavenSettingsDecrypter.decrypt(MavenSettingsDecrypter.java:92) > at org.jboss.shrinkwrap.resolver.impl.maven.internal.decrypt.MavenSettingsDecrypter.decrypt(MavenSettingsDecrypter.java:60) > at org.jboss.shrinkwrap.resolver.impl.maven.bootstrap.MavenSettingsBuilder.decryptPasswords(MavenSettingsBuilder.java:223) > at org.jboss.shrinkwrap.resolver.impl.maven.bootstrap.MavenSettingsBuilder.buildSettings(MavenSettingsBuilder.java:186) > at org.jboss.shrinkwrap.resolver.impl.maven.bootstrap.MavenSettingsBuilder.buildDefaultSettings(MavenSettingsBuilder.java:113) > at org.jboss.shrinkwrap.resolver.impl.maven.MavenWorkingSessionImpl.<init>(MavenWorkingSessionImpl.java:123) > at org.jboss.shrinkwrap.resolver.impl.maven.MavenResolverSystemImpl.<init>(MavenResolverSystemImpl.java:43) > ... 80 more > {code} > This is not correct as passwords can be defined without encryption and in this case no {{settings-security.xml}} file is needed. > As we use server-side hashed passwords (without client-side encryption), this is a deal breaker for our project as you cannot work around this problem by just creating an empty file or a dummy password. -- This message was sent by Atlassian JIRA (v6.3.1#6329)

9 years, 8 months

1
0
0 / 0

[JBoss JIRA] (SHRINKRES-196) FormatStage should work in a JDK8 friendly way

by Karel Piwko (JIRA)

[ https://issues.jboss.org/browse/SHRINKRES-196?page=com.atlassian.jira.plu... ] Karel Piwko updated SHRINKRES-196: ---------------------------------- Assignee: John Ament > FormatStage should work in a JDK8 friendly way > ---------------------------------------------- > > Key: SHRINKRES-196 > URL: https://issues.jboss.org/browse/SHRINKRES-196 > Project: ShrinkWrap Resolvers > Issue Type: Feature Request > Security Level: Public(Everyone can see) > Components: api, impl-maven > Affects Versions: 2.2.0-alpha-1, 2.2.0-alpha-2 > Reporter: John Ament > Assignee: John Ament > Labels: api-change > Fix For: 2.2.0-alpha-3 > > > Currently, FormatStage only returns arrays. In JDK8 if I want to stream the results to merge JARs, I have to do this: > JavaArchive jar = ShrinkWrap.create(JavaArchive.class, "se-examples.jar").addPackage(UndertowComponent.class.getPackage()) > .addPackage(ExampleConfigSource.class.getPackage()).addPackage(GreeterServlet.class.getPackage()) > .addAsManifestResource(new StringAsset(beansXml),"beans.xml"); > Arrays.stream(Maven.resolver().loadPomFromFile("pom.xml") > .resolve("org.apache.deltaspike.core:deltaspike-core-api","org.apache.deltaspike.core:deltaspike-core-impl") > .withTransitivity().as(JavaArchive.class)).forEach(jar::merge); > The Arrays.stream here is ugly as sin, requires me to wrap the result. It would be better if there was an asList(Class<?>) method that did the appropriate type conversion and returned as a list of whatevers. -- This message was sent by Atlassian JIRA (v6.3.1#6329)

9 years, 8 months

1
0
0 / 0

[JBoss JIRA] (SHRINKRES-196) FormatStage should work in a JDK8 friendly way

by Karel Piwko (JIRA)

[ https://issues.jboss.org/browse/SHRINKRES-196?page=com.atlassian.jira.plu... ] Karel Piwko updated SHRINKRES-196: ---------------------------------- Status: Resolved (was: Pull Request Sent) Labels: api-change (was: ) Fix Version/s: 2.2.0-alpha-3 Resolution: Done Thanks John, I like the proposal. Landed in https://github.com/shrinkwrap/resolver/commit/fb9d64427db2f1cd3221ea1f6ad... . I've also added documentation into README to make usage of this feature more visible. > FormatStage should work in a JDK8 friendly way > ---------------------------------------------- > > Key: SHRINKRES-196 > URL: https://issues.jboss.org/browse/SHRINKRES-196 > Project: ShrinkWrap Resolvers > Issue Type: Feature Request > Security Level: Public(Everyone can see) > Components: api, impl-maven > Affects Versions: 2.2.0-alpha-1, 2.2.0-alpha-2 > Reporter: John Ament > Labels: api-change > Fix For: 2.2.0-alpha-3 > > > Currently, FormatStage only returns arrays. In JDK8 if I want to stream the results to merge JARs, I have to do this: > JavaArchive jar = ShrinkWrap.create(JavaArchive.class, "se-examples.jar").addPackage(UndertowComponent.class.getPackage()) > .addPackage(ExampleConfigSource.class.getPackage()).addPackage(GreeterServlet.class.getPackage()) > .addAsManifestResource(new StringAsset(beansXml),"beans.xml"); > Arrays.stream(Maven.resolver().loadPomFromFile("pom.xml") > .resolve("org.apache.deltaspike.core:deltaspike-core-api","org.apache.deltaspike.core:deltaspike-core-impl") > .withTransitivity().as(JavaArchive.class)).forEach(jar::merge); > The Arrays.stream here is ugly as sin, requires me to wrap the result. It would be better if there was an asList(Class<?>) method that did the appropriate type conversion and returned as a list of whatevers. -- This message was sent by Atlassian JIRA (v6.3.1#6329)

9 years, 8 months

1
0
0 / 0

[JBoss JIRA] (SHRINKRES-186) MavenResolverSystemBase deprecates offline() but JavaDoc refer to wrong new usage

by Karel Piwko (JIRA)

[ https://issues.jboss.org/browse/SHRINKRES-186?page=com.atlassian.jira.plu... ] Karel Piwko updated SHRINKRES-186: ---------------------------------- Status: Resolved (was: Pull Request Sent) Resolution: Done > MavenResolverSystemBase deprecates offline() but JavaDoc refer to wrong new usage > ---------------------------------------------------------------------------------- > > Key: SHRINKRES-186 > URL: https://issues.jboss.org/browse/SHRINKRES-186 > Project: ShrinkWrap Resolvers > Issue Type: Bug > Security Level: Public(Everyone can see) > Components: api-maven > Affects Versions: 2.1.1 > Reporter: Aslak Knutsen > Assignee: Michal Matloka > Fix For: 2.2.0-alpha-3 > > > MavenResolverSystemBase deprecates the methods offline() and offline(boolean), but the JavaDoc suggests the new way to set this flag is via ConfigurableMavenResolverSystem#workOffline(). The link is correct, but the suggest path seems off; Maven.resolver().workOffline() > Maven.resolver() will return a MavenResolverSystem, while Maven.configureResolver() returns the ConfigurableMavenResolverSystem which has the new methods.. > Either the JavaDoc needs update, or the Maven.resolver() methods needs to return the new interface? -- This message was sent by Atlassian JIRA (v6.3.1#6329)

9 years, 8 months

1
0
0 / 0

[JBoss JIRA] (SHRINKRES-186) MavenResolverSystemBase deprecates offline() but JavaDoc refer to wrong new usage

by Karel Piwko (JIRA)

[ https://issues.jboss.org/browse/SHRINKRES-186?page=com.atlassian.jira.plu... ] Karel Piwko commented on SHRINKRES-186: --------------------------------------- Landed in https://github.com/shrinkwrap/resolver/commit/51c6429cae0187892b255580eac..., thanks [~mmatloka] > MavenResolverSystemBase deprecates offline() but JavaDoc refer to wrong new usage > ---------------------------------------------------------------------------------- > > Key: SHRINKRES-186 > URL: https://issues.jboss.org/browse/SHRINKRES-186 > Project: ShrinkWrap Resolvers > Issue Type: Bug > Security Level: Public(Everyone can see) > Components: api-maven > Affects Versions: 2.1.1 > Reporter: Aslak Knutsen > Assignee: Michal Matloka > Fix For: 2.2.0-alpha-3 > > > MavenResolverSystemBase deprecates the methods offline() and offline(boolean), but the JavaDoc suggests the new way to set this flag is via ConfigurableMavenResolverSystem#workOffline(). The link is correct, but the suggest path seems off; Maven.resolver().workOffline() > Maven.resolver() will return a MavenResolverSystem, while Maven.configureResolver() returns the ConfigurableMavenResolverSystem which has the new methods.. > Either the JavaDoc needs update, or the Maven.resolver() methods needs to return the new interface? -- This message was sent by Atlassian JIRA (v6.3.1#6329)

9 years, 8 months

1
0
0 / 0

[JBoss JIRA] (SHRINKWRAP-478) Wrong exception message if no service was found

by Karel Piwko (JIRA)

[ https://issues.jboss.org/browse/SHRINKWRAP-478?page=com.atlassian.jira.pl... ] Karel Piwko commented on SHRINKWRAP-478: ---------------------------------------- [~pawandubey] definitely 2 branches, one with == 0 and the other one with > 1. > Wrong exception message if no service was found > ----------------------------------------------- > > Key: SHRINKWRAP-478 > URL: https://issues.jboss.org/browse/SHRINKWRAP-478 > Project: ShrinkWrap > Issue Type: Bug > Security Level: Public(Everyone can see) > Components: spi > Affects Versions: 1.2.1 > Reporter: Karel Piwko > Labels: starter > > If there is no service available, SWR complains there is more then one service available: > https://github.com/shrinkwrap/resolver/blob/master/spi/src/main/java/org/... -- This message was sent by Atlassian JIRA (v6.3.1#6329)

9 years, 8 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

shrinkwrap-issues September 2014