Thanks, they’re coming through now.
Being new to npm publishing I have not been able to modify the ant scripts to
make this work. So any help would be appreciated. The script fails on adduser
[1].
I’ve tried adding an .npmrc file under royale-asjs with
//registry.npmjs.org/:_authToken=<…>
But that didn’t help.
Any ideas?
[1]
[exec] Publishing to NPM: @apache-royale/royale-js version: 0.9.9...
[exec] info attempt registry request try #1 at 8:37:34 PM
[exec] http request PUT
https://registry.npmjs.org/-/user/org.couchdb.user:apache-royale-owner
[exec] info attempt registry request try #1 at 8:37:35 PM
[exec] http request PUT
https://registry.npmjs.org/@apache-royale%2froyale-js
[exec] http 401
https://registry.npmjs.org/-/user/org.couchdb.user:apache-royale-owner
[exec] WARN notice Please use the one-time password (OTP) from your
authenticator application
[exec] WARN adduser Incorrect username or password
[exec] WARN adduser You can reset your account by visiting:
[exec] WARN adduser
[exec] WARN adduser https://npmjs.org/forgot
[exec] WARN adduser
[exec] C:\dev\release_royale\royale-asjs\npm\release-scripts\publish.js:52
[exec] throw new Error(error);
[exec] ^
[exec]
[exec] Error: Error: failed to authenticate: Could not authenticate
apache-royale-owner: bad otp : -/user/org.couchdb.user:apache-royale-owner
[exec] at
C:\dev\release_royale\royale-asjs\npm\release-scripts\publish.js:52:14
[exec] at
C:\dev\release_royale\royale-asjs\npm\release-scripts\node_modules\npm-registry-client\lib\adduser.js:125:14
[exec] at
C:\dev\release_royale\royale-asjs\npm\release-scripts\node_modules\npm-registry-client\lib\adduser.js:73:16
[exec] at f
(C:\dev\release_royale\royale-asjs\npm\release-scripts\node_modules\once\once.js:25:25)
[exec] at
C:\dev\release_royale\royale-asjs\npm\release-scripts\node_modules\npm-registry-client\lib\request.js:91:10
[exec] at
C:\dev\release_royale\royale-asjs\npm\release-scripts\node_modules\npm-registry-client\lib\request.js:105:12
[exec] at f
(C:\dev\release_royale\royale-asjs\npm\release-scripts\node_modules\once\once.js:25:25)
[exec] at RegClient.<anonymous>
(C:\dev\release_royale\royale-asjs\npm\release-scripts\node_modules\npm-registry-client\lib\request.js:324:12)
[exec] at Request._callback
(C:\dev\release_royale\royale-asjs\npm\release-scripts\node_modules\npm-registry-client\lib\request.js:216:14)
[exec] at Request.self.callback
(C:\dev\release_royale\royale-asjs\npm\release-scripts\node_modules\request\request.js:185:22)
[exec] at Request.emit (events.js:315:20)
[exec] at Request.<anonymous>
(C:\dev\release_royale\royale-asjs\npm\release-scripts\node_modules\request\request.js:1154:10)
[exec] at Request.emit (events.js:315:20)
[exec] at IncomingMessage.<anonymous>
(C:\dev\release_royale\royale-asjs\npm\release-scripts\node_modules\request\request.js:1076:12)
[exec] at Object.onceWrapper (events.js:421:28)
[exec] at IncomingMessage.emit (events.js:327:22)
BUILD FAILED
C:\dev\release_royale\releasecandidate.xml:1363: exec returned: 1
From: Alex Harui<mailto:[email protected]>
Sent: Friday, April 1, 2022 12:25 AM
To: [email protected]<mailto:[email protected]>
Subject: Re: NPM Credentials Problem Blocking Release
Infra says the actual sender is not [email protected]. They have implemented a
custom solution. Yishay, can you try again?
Thanks,
-Alex
On 3/31/22, 1:39 PM, "Alex Harui" <[email protected]> wrote:
Yeah, not sure why that didn't work. I'll email infra.
On 3/31/22, 12:53 PM, "Harbs" <[email protected]> wrote:
I don’t know why it didn’t work.
We should probably ask Infra.
> On Mar 31, 2022, at 10:23 PM, Yishay Weiss <[email protected]>
wrote:
>
> I thought Alex fixed it so it doesn’t need you to approve… It’s
expired and you should see a couple of more such messages.
>
> From: Harbs<mailto:[email protected]>
> Sent: Thursday, March 31, 2022 10:06 PM
> To: Apache Royale Development<mailto:[email protected]>
> Subject: Re: NPM Credentials Problem Blocking Release
>
> I approved and should have added it again to the allow list.
>
> It came through. If it expired already, try again. Hopefully it’ll
work...
>
>> On Mar 31, 2022, at 10:01 PM, Yishay Weiss <[email protected]>
wrote:
>>
>> I just tried logging in, got the OTP sent message, but am not seeing
it in private.
>>
>> From: Alex Harui<mailto:[email protected]>
>> Sent: Thursday, March 31, 2022 7:44 PM
>> To: [email protected]<mailto:[email protected]>
>> Subject: Re: NPM Credentials Problem Blocking Release
>>
>> OK, [email protected] is now on the allow list. Yishay, if you try
to publish again, in theory the NPM messages will go straight to private@. Let
us know if that isn't happening. I'll try to look for moderator messages but
they often go to junk and I can't control settings for my corporate email.
>>
>> FWIW, Here's a link to some doc on the EZMLM robot that runs ASF
mailing lists.
https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Funtroubled.org%2Fezmlm%2Fmanual%2F&data=04%7C01%7Caharui%40adobe.com%7C68be0ee998c44830bdce08da13566c2f%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637843559769367587%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=cz8%2FJnSsJ3Qr8tgHva2xxVDhaS3AfnDLMU4m%2B9MjsbM%3D&reserved=0
>>
>> The command I sent was executed by sending an email to
[email protected]
>> Any list moderator can send to these sort of email addresses and the
robot will parse the address and execute a command. We can subscribe and
unsubscribe people, allow them to send and not receive, get a list of all
subscribers and more.
>>
>> HTH,
>> -Alex
>>
>> On 3/31/22, 8:44 AM, "Josh Tynjala" <[email protected]>
wrote:
>>
>> Do it.
>>
>> --
>> Josh Tynjala
>> Bowler Hat LLC
<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbowlerhat.dev%2F&data=04%7C01%7Caharui%40adobe.com%7C68be0ee998c44830bdce08da13566c2f%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637843559769367587%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=sNCfmhkjPQPw9drAX02YdqUUp7vRiSt26VMlczaLBTI%3D&reserved=0>
>>
>>
>> On Wed, Mar 30, 2022 at 11:24 PM Alex Harui
<[email protected]>
>> wrote:
>>
>>> Each mailing list has an "allow" subscriber list that is different
from
>>> the regular subscriber list. "allow" can send but can't receive.
The
>>> syntax can be extracted from the moderator emails. If we get
consensus to
>>> try it, I'll send the command.
>>>
>>> On 3/30/22, 11:17 PM, "Piotr Zarzycki" <[email protected]>
wrote:
>>>
>>> I don’t know how to whitelist that email but I will try to figure
it
>>> out
>>> soon.
>>>
>>> On Thu, 31 Mar 2022 at 06:06, Alex Harui
<[email protected]>
>>> wrote:
>>>
>>>> Yishay, maybe you can also be a moderator? It might also be
>>> possible to
>>>> allow emails from npm without moderation. I don't remember if we
>>> tried
>>>> that. It works on the other lists. There might be a restriction
on
>>>> private@.
>>>>
>>>> -Alex
>>>>
>>>> On 3/30/22, 7:55 PM, "Yishay Weiss" <[email protected]> wrote:
>>>>
>>>> Piotr, being the moderator, is receiving them but it’s hard for
>>> me to
>>>> do anything from my side because I can’t login without a OTP.
>>>>
>>>> I’m guessing we need to either create an automation token, or
>>> change
>>>> the module settings to not require 2FA [1].
>>>>
>>>> [1] Securely Automating npm publish with the New npm Automation
>>> Tokens
>>>> - DEV Community<
>>>>
>>>
https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdev.to%2Fbnb%2Fsecurely-automating-npm-publish-with-the-new-npm-automation-tokens-oei&data=04%7C01%7Caharui%40adobe.com%7C68be0ee998c44830bdce08da13566c2f%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637843559769367587%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=RxuaAukhBNmIFrVV98TrPf3UQbSrmvWsnFmO4hIqPNg%3D&reserved=0
>>>>>
>>>>
>>>> From: Alex Harui<mailto:[email protected]>
>>>> Sent: Tuesday, March 29, 2022 7:05 PM
>>>> To: [email protected]<mailto:[email protected]>
>>>> Cc: OmPrakash Muppirala<mailto:[email protected]>
>>>> Subject: Re: NPM Credentials Problem Blocking Release
>>>>
>>>> I get some emails from NPM to apache-royale-owner. I can
>>> forward them
>>>> to [email protected] if they aren't also going there.
>>>>
>>>> One has the subject: [npm] OTP for logging in to your account:
>>>> apache-royale-owner
>>>> The other: Your npm password reset
>>>>
>>>> -Alex
>>>>
>>>> On 3/29/22, 3:37 AM, "Yishay Weiss" <[email protected]>
>>> wrote:
>>>>
>>>> Ok, looks like we’ve figured it out for now with a temp
>>> password.
>>>> 2FA does not seem to be a requirement. We will update the private
>>> list with
>>>> the new credentials when that’s ready.
>>>>
>>>> From: Piotr Zarzycki<mailto:[email protected]>
>>>> Sent: Tuesday, March 29, 2022 11:18 AM
>>>> To: Apache Royale Development<mailto:[email protected]>
>>>> Cc: OmPrakash Muppirala<mailto:[email protected]>
>>>> Subject: Re: NPM Credentials Problem Blocking Release
>>>>
>>>> Yes it goes to private as I see...
>>>>
>>>> wt., 29 mar 2022 o 09:47 Yishay Weiss <
>>> [email protected]>
>>>> napisał(a):
>>>>
>>>>> I’m not sure which email the new password gets sent to.
>>> Does it
>>>> go to
>>>>> [email protected]<mailto:
>>> [email protected]> ?
>>>>>
>>>>> Also, I see some npm requests to do 2FA which we have
>>> ignored.
>>>> It’s
>>>>> probably best to avoid that if possible to keep the release
>>>> scriptable.
>>>>>
>>>>> @OmPrakash Muppirala<mailto:[email protected]>, are
>>> you the
>>>> one who
>>>>> set this up? Can you help out?
>>>>>
>>>>> Thanks.
>>>>>
>>>>> [exec] http request PUT
>>>>>
>>>>
>>>
https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fregistry.npmjs.org%2F-%2Fuser%2Forg.couchdb.user%3Aapache-royale-owner&data=04%7C01%7Caharui%40adobe.com%7C68be0ee998c44830bdce08da13566c2f%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637843559769367587%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=UAIsMatRC%2BEaz0LcwnwGVgeeYOn7F2NyMmFBms6wBOg%3D&reserved=0
>>>>> [exec] info attempt registry request try #1 at
>>> 10:39:44 AM
>>>>> [exec] http request PUT
>>>>>
>>>>
>>>
https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fregistry.npmjs.org%2F%40apache-royale%252froyale-js&data=04%7C01%7Caharui%40adobe.com%7C68be0ee998c44830bdce08da13566c2f%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637843559769367587%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=E989p%2F9L3cLtaJUw116JjaB%2BOWIv7PQBE4XI8QeFcfU%3D&reserved=0
>>>>> [exec] http 401
>>>>>
>>>>
>>>
https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fregistry.npmjs.org%2F-%2Fuser%2Forg.couchdb.user%3Aapache-royale-owner&data=04%7C01%7Caharui%40adobe.com%7C68be0ee998c44830bdce08da13566c2f%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637843559769367587%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=UAIsMatRC%2BEaz0LcwnwGVgeeYOn7F2NyMmFBms6wBOg%3D&reserved=0
>>>>> [exec] WARN notice Please check your email for a
>>> one-time
>>>> password
>>>>> (OTP)
>>>>> [exec] WARN adduser Incorrect username or password
>>>>> [exec] WARN adduser You can reset your account by
>>> visiting:
>>>>> [exec] WARN adduser
>>>>> [exec] WARN adduser
>>>>
>>>
https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fnpmjs.org%2Fforgot&data=04%7C01%7Caharui%40adobe.com%7C68be0ee998c44830bdce08da13566c2f%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C637843559769367587%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=2Dyvsj4gGWGBUKKxVbbbN6z2v5nwR%2FIMdOCivupjPC4%3D&reserved=0
>>>>> [exec] WARN adduser
>>>>> [exec]
>>>>>
>>>> C:\dev\release_royale\royale-asjs\npm\release-scripts\publish.js:51
>>>>> [exec] throw new Error(error);
>>>>> [exec] ^
>>>>> [exec]
>>>>> [exec] Error: Error: failed to authenticate: A One
>>> Time
>>>> Password
>>>>> (OTP) by email is required. :
>>>> -/user/org.couchdb.user:apache-royale-owner
>>>>> [exec] at
>>>>>
>>>>
>>>
C:\dev\release_royale\royale-asjs\npm\release-scripts\publish.js:51:14
>>>>> [exec] at
>>>>>
>>>>
>>>
C:\dev\release_royale\royale-asjs\npm\release-scripts\node_modules\npm-registry-client\lib\adduser.js:125:14
>>>>> [exec] at
>>>>>
>>>>
>>>
C:\dev\release_royale\royale-asjs\npm\release-scripts\node_modules\npm-registry-client\lib\adduser.js:73:16
>>>>> [exec] at f
>>>>>
>>>>
>>>
(C:\dev\release_royale\royale-asjs\npm\release-scripts\node_modules\once\once.js:25:25)
>>>>> [exec] at
>>>>>
>>>>
>>>
C:\dev\release_royale\royale-asjs\npm\release-scripts\node_modules\npm-registry-client\lib\request.js:91:10
>>>>> [exec] at
>>>>>
>>>>
>>>
C:\dev\release_royale\royale-asjs\npm\release-scripts\node_modules\npm-registry-client\lib\request.js:105:12
>>>>> [exec] at f
>>>>>
>>>>
>>>
(C:\dev\release_royale\royale-asjs\npm\release-scripts\node_modules\once\once.js:25:25)
>>>>> [exec] at RegClient.<anonymous>
>>>>>
>>>>
>>>
(C:\dev\release_royale\royale-asjs\npm\release-scripts\node_modules\npm-registry-client\lib\request.js:324:12)
>>>>> [exec] at Request._callback
>>>>>
>>>>
>>>
(C:\dev\release_royale\royale-asjs\npm\release-scripts\node_modules\npm-registry-client\lib\request.js:216:14)
>>>>> [exec] at Request.self.callback
>>>>>
>>>>
>>>
(C:\dev\release_royale\royale-asjs\npm\release-scripts\node_modules\request\request.js:185:22)
>>>>> [exec] at Request.emit (events.js:315:20)
>>>>> [exec] at Request.<anonymous>
>>>>>
>>>>
>>>
(C:\dev\release_royale\royale-asjs\npm\release-scripts\node_modules\request\request.js:1154:10)
>>>>> [exec] at Request.emit (events.js:315:20)
>>>>> [exec] at IncomingMessage.<anonymous>
>>>>>
>>>>
>>>
(C:\dev\release_royale\royale-asjs\npm\release-scripts\node_modules\request\request.js:1076:12)
>>>>> [exec] at Object.onceWrapper (events.js:421:28)
>>>>> [exec] at IncomingMessage.emit (events.js:327:22)
>>>>>
>>>>> BUILD FAILED
>>>>> C:\dev\release_royale\releasecandidate.xml:1116: The
>>> following
>>>> error
>>>>> occurred while executing this line:
>>>>> C:\dev\release_royale\releasecandidate.xml:1400: exec
>>> returned: 1
>>>>>
>>>>> Total time: 7 minutes 26 seconds
>>>>>
>>>>>
>>>>
>>>> --
>>>>
>>>> Piotr Zarzycki
>>>>
>>>>
>>>>
>>>> --
>>>
>>> Piotr Zarzycki
>>>
>>>
>>
>
