如何使用 sbt 访问安全的 Nexus?
我正在尝试访问需要一些基本身份验证的 Nexus 存储库管理器。 Maven2 一切正常,但当我尝试在 SBT 中配置内容时,它找不到工件。它使用自定义存储库模式(请参阅 此相关问题)但我认为这并不重要。无论如何,相关配置都在这里。
Project.scala:
val snapshotsName = "Repository Snapshots"
val snapshotsUrl = new java.net.URL("http://nexusHostIp:8081/nexus/content/repositories/snapshots")
val snapshotsPattern = "[organisation]/[module]/[revision]-SNAPSHOT/[artifact]-[revision](-[timestamp]).[ext]"
val snapshots = Resolver.url(snapshotsName, snapshotsUrl)(Patterns(snapshotsPattern))
Credentials(Path.userHome / ".ivy2" / ".credentials", log)
val dep = "group" % "artifact" % "0.0.1" extra("timestamp" -> "20101202.195418-3")
~/.ivy2/.credentials:
realm=Snapshots Nexus
host=nexusHostIp:8081
user=nexususername
password=nexuspassword
根据 a SBT 用户组中的类似讨论 这应该可以正常工作,但当我尝试构建时,我得到以下信息。
==== Repository Snapshots: tried
[warn] -- artifact group#artifact;0.0.1!artifact.jar:
[warn] http://nexusHostIp:8081/nexus/content/repositories/snapshots/group/artifact/0.0.1-SNAPSHOT/artifact-0.0.1-20101202.195418-3.jar
我相当确定这是一个凭据问题,而不是其他问题,因为我可以点击它所说的直接尝试下载 jar 的 URL(经过身份验证后)。
我还尝试过内联声明凭证(尽管它不太理想),如下所示:
Credentials.add("Repository Snapshots", "nexusHostIp", "nexususername", "nexuspassword")
I'm trying to access a Nexus repository manager which requires some basic authentication. Everything works fine from Maven2 but when I try to configure things in SBT it can't find the artifacts. It is using a custom repository pattern (see this related question) but I don't think that should matter. In any case the relevant configuration is here.
Project.scala:
val snapshotsName = "Repository Snapshots"
val snapshotsUrl = new java.net.URL("http://nexusHostIp:8081/nexus/content/repositories/snapshots")
val snapshotsPattern = "[organisation]/[module]/[revision]-SNAPSHOT/[artifact]-[revision](-[timestamp]).[ext]"
val snapshots = Resolver.url(snapshotsName, snapshotsUrl)(Patterns(snapshotsPattern))
Credentials(Path.userHome / ".ivy2" / ".credentials", log)
val dep = "group" % "artifact" % "0.0.1" extra("timestamp" -> "20101202.195418-3")
~/.ivy2/.credentials:
realm=Snapshots Nexus
host=nexusHostIp:8081
user=nexususername
password=nexuspassword
According to a similar discussion in the SBT user group this should work fine but I am getting the following when I try to build.
==== Repository Snapshots: tried
[warn] -- artifact group#artifact;0.0.1!artifact.jar:
[warn] http://nexusHostIp:8081/nexus/content/repositories/snapshots/group/artifact/0.0.1-SNAPSHOT/artifact-0.0.1-20101202.195418-3.jar
I'm fairly certain this is a credentials problem and not something else because I can hit the URL it says it is trying directly and download the jar (after authenticating).
I have also tried declaring the credentials inline (even though it is less than ideal) like so:
Credentials.add("Repository Snapshots", "nexusHostIp", "nexususername", "nexuspassword")
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(6)
这就是我所做的(sbt 0.13 + artifactory - 设置应该与nexus类似):
1)编辑文件〜/.sbt/repositories,如下所示:http://www.scala-sbt.org/0.13.0/docs/Detailed-Topics/Proxy-Repositories.html< /a>
2) 锁定我的工件以禁用匿名访问。
3)在 ~/.sbt/.credentials 中创建了一个凭据文件
4)在 ~/.sbt/0.13/plugins/credentials.sbt 下创建了一个连接默认凭据的文件
现在,当我的项目加载 sbt 时,会像平常一样点击神器。
我这样做的原因是将存储库定义等保留在项目文件之外,以使团队具有灵活性(他们可以设置内部服务器来服务正在进行的工件等)。
——奥斯汀
Here's what I did (sbt 0.13 + artifactory - setup should be similar for nexus):
1) Edited the file ~/.sbt/repositories as specified here: http://www.scala-sbt.org/0.13.0/docs/Detailed-Topics/Proxy-Repositories.html
2) Locked down my artifactory to disable anonymous access.
3) Created a credentials file in ~/.sbt/.credentials
4) Created a file under ~/.sbt/0.13/plugins/credentials.sbt that wires up the default credentials
Now when my project loads sbt hits artifactory like normal.
The reason I did it this way is to keep the repository definitions, etc, out of the project files to enable teams to have flexibility (they can set up an internal server to serve in-progress artifacts, etc).
-Austen
更新:这个答案在最近的 sbt 版本中不起作用 - 请参阅奥斯汀的答案。
好吧,我终于解决了这个问题。
snapshotsName可以是任何内容。 .credentials 中的realm必须是尝试访问存储库的 URL 时显示的 HTTP 身份验证领域(在我的例子中为 nexus)。realm也是Credentials.add的第一个参数。所以该行应该是主机名只是 ip 或 DNS 名称。因此,在 .credentials 中,
host只是nexusHostIp,没有端口号。因此,工作项目配置是:
使用如下所示的 .credentials 文件:
其中“Sonatype Nexus Repository Manager”是 HTTP 身份验证领域。
UPDATE: This answer does not work in recent sbt versions - see Austen's answer instead.
Alright I finally got this sorted out.
snapshotsNamecan be anything.realmin .credentials must be the HTTP Authentication realm that shows up when trying to hit the URL of the repository (nexus in my case).realmis also the first parameter ofCredentials.add. So that line should have beenThe host name is just the ip or DNS name. So in .credentials
hostis justnexusHostIpwithout the port number.So the working Project configuration is:
With a .credentials file that looks like:
Where "Sonatype Nexus Repository Manager" is the HTTP Authentication realm.
遵循 SBT 文档:
有两种指定凭据的方法对于这样的存储库:
内联
credentials += Credentials("Some Nexus Repository Manager", "my.artifact.repo.net", "admin", "password123")外部文件
.凭证文件是一个属性文件,其中包含密钥领域、主机、用户和密码。例如:Following the SBT Documetation:
There are two ways to specify credentials for such a repository:
Inline
credentials += Credentials("Some Nexus Repository Manager", "my.artifact.repo.net", "admin", "password123")External File
The
.credentialsfile is a properties file with keys realm, host, user, and password. For example:如果 SBT 启动程序无法从您的代理下载新版本的 SBT,并且
~/.sbt/boot/update.log显示您收到 401 身份验证错误,您可以使用环境变量 SBT_CREDENTIALS 指定 ivy 凭证文件的位置。其中任何一个都应该可以工作并下载新的 sbt 版本:
SBT_CREDENTIALS='/home/YOUR_USER_NAME/.ivy2/.credentials' sbtexport SBT_CREDENTIALS="/home/YOUR_USER_NAME/.ivy2/ .credentials"在您的.bashrc(或.zshrc)中,启动一个新的 shell 会话,然后运行 sbt(您'需要有
~/.ivy2/.credentials文件设置,就像这里的其他答案所示)来源:https://github.com/sbt/sbt/commit/96e5a7957c830430f85b6b89d7bbe07824ebfc4b
If SBT launcher is failing to download a new version of SBT from your proxy, and that
~/.sbt/boot/update.logis showing that you're getting 401 authentication errors, you can use the environment variable SBT_CREDENTIALS to specify where the ivy credential file is.Either of these should work and download the new sbt version:
SBT_CREDENTIALS='/home/YOUR_USER_NAME/.ivy2/.credentials' sbtexport SBT_CREDENTIALS="/home/YOUR_USER_NAME/.ivy2/.credentials"in your.bashrc(or.zshrc), start a new shell session and then runsbt(You'll need have the
~/.ivy2/.credentialsfile setup like other answers here has shown)Source: https://github.com/sbt/sbt/commit/96e5a7957c830430f85b6b89d7bbe07824ebfc4b
这对我有用。我正在使用 SBT 版本 0.13.15:
~/.ivy2/.my-credentials(不带端口的主机):build.sbt(带端口的 nexus url):This worked for me. I'm using SBT version 0.13.15:
~/.ivy2/.my-credentials(host without port):build.sbt(nexus url with port):检查包含凭据的所有文件。
对我来说,我在 sbt 1.0(而不是旧的 0.13)中有一个新项目,其中有一个包含我的凭据的
~/.sbt/1.0/global.sbt文件,但我忘记了。因此,在强制更改密码后,人工下载被破坏并锁定了我的帐户。如果可以轻松检查凭证链和填充凭证的文件,那就太好了。如果 SBT 能更小心一点,在开始下载 X 文件并在 3 次错误身份验证尝试后锁定我的帐户之前首先检查身份验证/授权是否正确,那就太好了。
Check for all files containing credentials.
For me I had a new project in sbt 1.0 (instead of good old 0.13), where I had a
~/.sbt/1.0/global.sbtfile containing my credentials, which I forgot about. So after a mandatory password change, the artifactory downloads was broken and locking my account.Would be nice if the chain of credentials and files filling them can be easily inspected. Would also be nice if SBT was a bit more careful and first checking if authentication/authorization is correct, before starting tot download X files and locking my account after 3 misauthenticated attempts.