Tuesday 7 August 2012

Trusting a secured Maven repository

There are two parts to this

Set up ~/.m2/settings.xml

<settings 
    xmlns="http://maven.apache.org/SETTINGS/1.1.0"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.1.0 http://maven.apache.org/xsd/settings-1.1.0.xsd"> 
  <servers> 
    <server> 
       <id>wwarn-read</id> 
       <username>mavenuser</username>
       <password>*****</password>
    </server>
<!-- for deployment -->
    <server>
      <id>wwarn</id>
      <username>user</username>
      <privateKey>/home/user/.ssh/id_rsa</privateKey>
      <passphrase>mypassphrase</passphrase>
      <directoryPermissions>775</directoryPermissions>
      <filePermissions>664</filePermissions>
    </server>
  </servers> 
  <profiles> 
    <profile> 
      <id>wwarn</id> 
      <activation> 
        <activeByDefault>true</activeByDefault> 
      </activation> 
      <repositories> 
        <repository> 
          <id>wwarn-read</id> 
          <url>https://maven.wwarn.org/</url> 
        </repository> 
      </repositories> 
    </profile> 
  </profiles>
</settings>

See http://maven.apache.org/guides/mini/guide-deployment-security-settings.html

Set up self-signed cert from maven.wwarn.org

The default password really is changeit. I would advise not changing it :)


sudo su
scp maven.wwarn.org:/etc/ssl/certs/server.crt .
cp /etc/ssl/certs/java/cacerts /etc/ssl/certs/java/cacerts.$$.bak
# The default password is changeit
# If this is the second time through
keytool -delete -alias wwarn-maven-repo -file server.crt \
  -keystore /etc/ssl/certs/java/cacerts
keytool -import -alias wwarn-maven-repo -file server.crt \ 
  -keystore /etc/ssl/certs/java/cacerts

Or on windows something like


keytool.exe -import -file c:\users\richardc\Desktop\stuff\server.crt -alias maven.wwarn.org -keystore "C:\Program Files\Java\jdk1.6.0_21\jre\lib\security\cacerts"