[jira] [Commented] (MRELEASE-1103) decryption of server password in settings.xml failed (works with 2.5.3)
[ https://issues.apache.org/jira/browse/MRELEASE-1103?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17713271#comment-17713271 ] Michael Osipov commented on MRELEASE-1103: -- I fully agree with that. > decryption of server password in settings.xml failed (works with 2.5.3) > --- > > Key: MRELEASE-1103 > URL: https://issues.apache.org/jira/browse/MRELEASE-1103 > Project: Maven Release Plugin > Issue Type: Bug >Affects Versions: 3.0.0-M6 >Reporter: Robert Seidel >Priority: Blocker > Fix For: 3.0.1 > > > A server section was defined in the settings.xml at > with id, username and password to connect to a > Bitbucket server. > In the pom.xml the id was referenced in the properties via project.scm.id. > With 2.5.3 the build is running fine, but with 3.0.06-M6 the following > happens: > *11:35:40* [INFO] [WARNING] The requested profile "distribute" could not be > activated because it does not exist. > *11:35:40* [INFO] 11/17 prepare:scm-commit-release > *11:35:40* [INFO] Checking in modified POMs... > *11:35:40* [WARNING] Failed to decrypt password/passphrase for server > bitbucket-prod, using auth token as is: decrypt failed > and in the aftermath: > *11:35:41* [ERROR] Failed to execute goal > org.apache.maven.plugins:maven-release-plugin:3.0.0-M6:prepare (default-cli) > on project ExamplePom: Unable to commit files > *11:35:41* [ERROR] Provider message: > *11:35:41* [ERROR] The git-push command failed. > *11:35:41* [ERROR] Command output: > *11:35:41* [ERROR] fatal: Authentication failed for > '[https://prod.bitbucket/scm/cp/examplepom.git/|https://git.aeb.com/bitbucket/scm/cp/aebparentpom.git/]' > > JDK used was Adoptium 17 (but with 11 the same problem occured). > Maven used was 3.8.6. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MRELEASE-1103) decryption of server password in settings.xml failed (works with 2.5.3)
[ https://issues.apache.org/jira/browse/MRELEASE-1103?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17713270#comment-17713270 ] Alan Czajkowski commented on MRELEASE-1103: --- security through obscurity still satisfies the requirement, and so long as that Maven encryption guide exists on the Maven page, so should the plugins support it ... if Maven decides the encryption is useless and deprecates this feature, and removes the article, then I will happily say this plugin works fine ... until then, this plugin is broken, according to Maven's own documentation > decryption of server password in settings.xml failed (works with 2.5.3) > --- > > Key: MRELEASE-1103 > URL: https://issues.apache.org/jira/browse/MRELEASE-1103 > Project: Maven Release Plugin > Issue Type: Bug >Affects Versions: 3.0.0-M6 >Reporter: Robert Seidel >Priority: Blocker > Fix For: 3.0.1 > > > A server section was defined in the settings.xml at > with id, username and password to connect to a > Bitbucket server. > In the pom.xml the id was referenced in the properties via project.scm.id. > With 2.5.3 the build is running fine, but with 3.0.06-M6 the following > happens: > *11:35:40* [INFO] [WARNING] The requested profile "distribute" could not be > activated because it does not exist. > *11:35:40* [INFO] 11/17 prepare:scm-commit-release > *11:35:40* [INFO] Checking in modified POMs... > *11:35:40* [WARNING] Failed to decrypt password/passphrase for server > bitbucket-prod, using auth token as is: decrypt failed > and in the aftermath: > *11:35:41* [ERROR] Failed to execute goal > org.apache.maven.plugins:maven-release-plugin:3.0.0-M6:prepare (default-cli) > on project ExamplePom: Unable to commit files > *11:35:41* [ERROR] Provider message: > *11:35:41* [ERROR] The git-push command failed. > *11:35:41* [ERROR] Command output: > *11:35:41* [ERROR] fatal: Authentication failed for > '[https://prod.bitbucket/scm/cp/examplepom.git/|https://git.aeb.com/bitbucket/scm/cp/aebparentpom.git/]' > > JDK used was Adoptium 17 (but with 11 the same problem occured). > Maven used was 3.8.6. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MRELEASE-1103) decryption of server password in settings.xml failed (works with 2.5.3)
[ https://issues.apache.org/jira/browse/MRELEASE-1103?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17713264#comment-17713264 ] Michael Osipov commented on MRELEASE-1103: -- Alright, you are right, then the true master password is in Plexus source code. Yet another source if indirection. [~cstamas], very nice fooling. The image you create still contains all relevant information to decrypt both master and repo passwords. > decryption of server password in settings.xml failed (works with 2.5.3) > --- > > Key: MRELEASE-1103 > URL: https://issues.apache.org/jira/browse/MRELEASE-1103 > Project: Maven Release Plugin > Issue Type: Bug >Affects Versions: 3.0.0-M6 >Reporter: Robert Seidel >Priority: Blocker > Fix For: 3.0.1 > > > A server section was defined in the settings.xml at > with id, username and password to connect to a > Bitbucket server. > In the pom.xml the id was referenced in the properties via project.scm.id. > With 2.5.3 the build is running fine, but with 3.0.06-M6 the following > happens: > *11:35:40* [INFO] [WARNING] The requested profile "distribute" could not be > activated because it does not exist. > *11:35:40* [INFO] 11/17 prepare:scm-commit-release > *11:35:40* [INFO] Checking in modified POMs... > *11:35:40* [WARNING] Failed to decrypt password/passphrase for server > bitbucket-prod, using auth token as is: decrypt failed > and in the aftermath: > *11:35:41* [ERROR] Failed to execute goal > org.apache.maven.plugins:maven-release-plugin:3.0.0-M6:prepare (default-cli) > on project ExamplePom: Unable to commit files > *11:35:41* [ERROR] Provider message: > *11:35:41* [ERROR] The git-push command failed. > *11:35:41* [ERROR] Command output: > *11:35:41* [ERROR] fatal: Authentication failed for > '[https://prod.bitbucket/scm/cp/examplepom.git/|https://git.aeb.com/bitbucket/scm/cp/aebparentpom.git/]' > > JDK used was Adoptium 17 (but with 11 the same problem occured). > Maven used was 3.8.6. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MRELEASE-1103) decryption of server password in settings.xml failed (works with 2.5.3)
[
https://issues.apache.org/jira/browse/MRELEASE-1103?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17713262#comment-17713262
]
Alan Czajkowski commented on MRELEASE-1103:
---
[~michael-o] no, it is not:
https://maven.apache.org/guides/mini/guide-encryption.html
{quote}
This command will produce an encrypted version of the password, something like
{code}
{jSMOWnoPFgsHVpMvz5VrIt5kRbzGpI8u+9EF1iFQyJQ=}
{code}
Store this password in the ${user.home}/.m2/settings-security.xml; it should
look like
{code}
{jSMOWnoPFgsHVpMvz5VrIt5kRbzGpI8u+9EF1iFQyJQ=}
{code}
{quote}
> decryption of server password in settings.xml failed (works with 2.5.3)
> ---
>
> Key: MRELEASE-1103
> URL: https://issues.apache.org/jira/browse/MRELEASE-1103
> Project: Maven Release Plugin
> Issue Type: Bug
>Affects Versions: 3.0.0-M6
>Reporter: Robert Seidel
>Priority: Blocker
> Fix For: 3.0.1
>
>
> A server section was defined in the settings.xml at
> with id, username and password to connect to a
> Bitbucket server.
> In the pom.xml the id was referenced in the properties via project.scm.id.
> With 2.5.3 the build is running fine, but with 3.0.06-M6 the following
> happens:
> *11:35:40* [INFO] [WARNING] The requested profile "distribute" could not be
> activated because it does not exist.
> *11:35:40* [INFO] 11/17 prepare:scm-commit-release
> *11:35:40* [INFO] Checking in modified POMs...
> *11:35:40* [WARNING] Failed to decrypt password/passphrase for server
> bitbucket-prod, using auth token as is: decrypt failed
> and in the aftermath:
> *11:35:41* [ERROR] Failed to execute goal
> org.apache.maven.plugins:maven-release-plugin:3.0.0-M6:prepare (default-cli)
> on project ExamplePom: Unable to commit files
> *11:35:41* [ERROR] Provider message:
> *11:35:41* [ERROR] The git-push command failed.
> *11:35:41* [ERROR] Command output:
> *11:35:41* [ERROR] fatal: Authentication failed for
> '[https://prod.bitbucket/scm/cp/examplepom.git/|https://git.aeb.com/bitbucket/scm/cp/aebparentpom.git/]'
>
> JDK used was Adoptium 17 (but with 11 the same problem occured).
> Maven used was 3.8.6.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Commented] (MRELEASE-1103) decryption of server password in settings.xml failed (works with 2.5.3)
[
https://issues.apache.org/jira/browse/MRELEASE-1103?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17713260#comment-17713260
]
Michael Osipov commented on MRELEASE-1103:
--
This is understand, but the master password is in plain text in
{{security-settings.xml}}. That's the point.
> decryption of server password in settings.xml failed (works with 2.5.3)
> ---
>
> Key: MRELEASE-1103
> URL: https://issues.apache.org/jira/browse/MRELEASE-1103
> Project: Maven Release Plugin
> Issue Type: Bug
>Affects Versions: 3.0.0-M6
>Reporter: Robert Seidel
>Priority: Blocker
> Fix For: 3.0.1
>
>
> A server section was defined in the settings.xml at
> with id, username and password to connect to a
> Bitbucket server.
> In the pom.xml the id was referenced in the properties via project.scm.id.
> With 2.5.3 the build is running fine, but with 3.0.06-M6 the following
> happens:
> *11:35:40* [INFO] [WARNING] The requested profile "distribute" could not be
> activated because it does not exist.
> *11:35:40* [INFO] 11/17 prepare:scm-commit-release
> *11:35:40* [INFO] Checking in modified POMs...
> *11:35:40* [WARNING] Failed to decrypt password/passphrase for server
> bitbucket-prod, using auth token as is: decrypt failed
> and in the aftermath:
> *11:35:41* [ERROR] Failed to execute goal
> org.apache.maven.plugins:maven-release-plugin:3.0.0-M6:prepare (default-cli)
> on project ExamplePom: Unable to commit files
> *11:35:41* [ERROR] Provider message:
> *11:35:41* [ERROR] The git-push command failed.
> *11:35:41* [ERROR] Command output:
> *11:35:41* [ERROR] fatal: Authentication failed for
> '[https://prod.bitbucket/scm/cp/examplepom.git/|https://git.aeb.com/bitbucket/scm/cp/aebparentpom.git/]'
>
> JDK used was Adoptium 17 (but with 11 the same problem occured).
> Maven used was 3.8.6.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Commented] (MRELEASE-1103) decryption of server password in settings.xml failed (works with 2.5.3)
[ https://issues.apache.org/jira/browse/MRELEASE-1103?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17713254#comment-17713254 ] Alan Czajkowski commented on MRELEASE-1103: --- [~michael-o] there is value to this encryption forget about Maven run-time, and how terrible this encryption is during run-time at rest, on disk, before any Maven command runs, the only files I have on the system are security-settings.xml and settings.xml, both encrypted, and this is my requirement that these files contain no plain text password whatever happens during run-time is another issue > decryption of server password in settings.xml failed (works with 2.5.3) > --- > > Key: MRELEASE-1103 > URL: https://issues.apache.org/jira/browse/MRELEASE-1103 > Project: Maven Release Plugin > Issue Type: Bug >Affects Versions: 3.0.0-M6 >Reporter: Robert Seidel >Priority: Blocker > Fix For: 3.0.1 > > > A server section was defined in the settings.xml at > with id, username and password to connect to a > Bitbucket server. > In the pom.xml the id was referenced in the properties via project.scm.id. > With 2.5.3 the build is running fine, but with 3.0.06-M6 the following > happens: > *11:35:40* [INFO] [WARNING] The requested profile "distribute" could not be > activated because it does not exist. > *11:35:40* [INFO] 11/17 prepare:scm-commit-release > *11:35:40* [INFO] Checking in modified POMs... > *11:35:40* [WARNING] Failed to decrypt password/passphrase for server > bitbucket-prod, using auth token as is: decrypt failed > and in the aftermath: > *11:35:41* [ERROR] Failed to execute goal > org.apache.maven.plugins:maven-release-plugin:3.0.0-M6:prepare (default-cli) > on project ExamplePom: Unable to commit files > *11:35:41* [ERROR] Provider message: > *11:35:41* [ERROR] The git-push command failed. > *11:35:41* [ERROR] Command output: > *11:35:41* [ERROR] fatal: Authentication failed for > '[https://prod.bitbucket/scm/cp/examplepom.git/|https://git.aeb.com/bitbucket/scm/cp/aebparentpom.git/]' > > JDK used was Adoptium 17 (but with 11 the same problem occured). > Maven used was 3.8.6. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MRELEASE-1103) decryption of server password in settings.xml failed (works with 2.5.3)
[ https://issues.apache.org/jira/browse/MRELEASE-1103?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17712763#comment-17712763 ] Michael Osipov commented on MRELEASE-1103: -- [~alan-czajkowski], it is important to know that the master password is still stored in clear text on disk. So basically the gain is almost zero. Good read: https://cwiki.apache.org/confluence/display/TOMCAT/Password > decryption of server password in settings.xml failed (works with 2.5.3) > --- > > Key: MRELEASE-1103 > URL: https://issues.apache.org/jira/browse/MRELEASE-1103 > Project: Maven Release Plugin > Issue Type: Bug >Affects Versions: 3.0.0-M6 >Reporter: Robert Seidel >Priority: Blocker > Fix For: 3.0.1 > > > A server section was defined in the settings.xml at > with id, username and password to connect to a > Bitbucket server. > In the pom.xml the id was referenced in the properties via project.scm.id. > With 2.5.3 the build is running fine, but with 3.0.06-M6 the following > happens: > *11:35:40* [INFO] [WARNING] The requested profile "distribute" could not be > activated because it does not exist. > *11:35:40* [INFO] 11/17 prepare:scm-commit-release > *11:35:40* [INFO] Checking in modified POMs... > *11:35:40* [WARNING] Failed to decrypt password/passphrase for server > bitbucket-prod, using auth token as is: decrypt failed > and in the aftermath: > *11:35:41* [ERROR] Failed to execute goal > org.apache.maven.plugins:maven-release-plugin:3.0.0-M6:prepare (default-cli) > on project ExamplePom: Unable to commit files > *11:35:41* [ERROR] Provider message: > *11:35:41* [ERROR] The git-push command failed. > *11:35:41* [ERROR] Command output: > *11:35:41* [ERROR] fatal: Authentication failed for > '[https://prod.bitbucket/scm/cp/examplepom.git/|https://git.aeb.com/bitbucket/scm/cp/aebparentpom.git/]' > > JDK used was Adoptium 17 (but with 11 the same problem occured). > Maven used was 3.8.6. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MRELEASE-1103) decryption of server password in settings.xml failed (works with 2.5.3)
[ https://issues.apache.org/jira/browse/MRELEASE-1103?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17712758#comment-17712758 ] Michael Osipov commented on MRELEASE-1103: -- But it is, the clear text key is in the Plexus Cipher class file. Decompile and then you have it. > decryption of server password in settings.xml failed (works with 2.5.3) > --- > > Key: MRELEASE-1103 > URL: https://issues.apache.org/jira/browse/MRELEASE-1103 > Project: Maven Release Plugin > Issue Type: Bug >Affects Versions: 3.0.0-M6 >Reporter: Robert Seidel >Priority: Blocker > Fix For: 3.0.1 > > > A server section was defined in the settings.xml at > with id, username and password to connect to a > Bitbucket server. > In the pom.xml the id was referenced in the properties via project.scm.id. > With 2.5.3 the build is running fine, but with 3.0.06-M6 the following > happens: > *11:35:40* [INFO] [WARNING] The requested profile "distribute" could not be > activated because it does not exist. > *11:35:40* [INFO] 11/17 prepare:scm-commit-release > *11:35:40* [INFO] Checking in modified POMs... > *11:35:40* [WARNING] Failed to decrypt password/passphrase for server > bitbucket-prod, using auth token as is: decrypt failed > and in the aftermath: > *11:35:41* [ERROR] Failed to execute goal > org.apache.maven.plugins:maven-release-plugin:3.0.0-M6:prepare (default-cli) > on project ExamplePom: Unable to commit files > *11:35:41* [ERROR] Provider message: > *11:35:41* [ERROR] The git-push command failed. > *11:35:41* [ERROR] Command output: > *11:35:41* [ERROR] fatal: Authentication failed for > '[https://prod.bitbucket/scm/cp/examplepom.git/|https://git.aeb.com/bitbucket/scm/cp/aebparentpom.git/]' > > JDK used was Adoptium 17 (but with 11 the same problem occured). > Maven used was 3.8.6. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MRELEASE-1103) decryption of server password in settings.xml failed (works with 2.5.3)
[ https://issues.apache.org/jira/browse/MRELEASE-1103?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17712739#comment-17712739 ] Alan Czajkowski commented on MRELEASE-1103: --- [~michael-o] the requirement I have is that no password in my workflow can be in clear text on disk > decryption of server password in settings.xml failed (works with 2.5.3) > --- > > Key: MRELEASE-1103 > URL: https://issues.apache.org/jira/browse/MRELEASE-1103 > Project: Maven Release Plugin > Issue Type: Bug >Affects Versions: 3.0.0-M6 >Reporter: Robert Seidel >Priority: Blocker > Fix For: 3.0.1 > > > A server section was defined in the settings.xml at > with id, username and password to connect to a > Bitbucket server. > In the pom.xml the id was referenced in the properties via project.scm.id. > With 2.5.3 the build is running fine, but with 3.0.06-M6 the following > happens: > *11:35:40* [INFO] [WARNING] The requested profile "distribute" could not be > activated because it does not exist. > *11:35:40* [INFO] 11/17 prepare:scm-commit-release > *11:35:40* [INFO] Checking in modified POMs... > *11:35:40* [WARNING] Failed to decrypt password/passphrase for server > bitbucket-prod, using auth token as is: decrypt failed > and in the aftermath: > *11:35:41* [ERROR] Failed to execute goal > org.apache.maven.plugins:maven-release-plugin:3.0.0-M6:prepare (default-cli) > on project ExamplePom: Unable to commit files > *11:35:41* [ERROR] Provider message: > *11:35:41* [ERROR] The git-push command failed. > *11:35:41* [ERROR] Command output: > *11:35:41* [ERROR] fatal: Authentication failed for > '[https://prod.bitbucket/scm/cp/examplepom.git/|https://git.aeb.com/bitbucket/scm/cp/aebparentpom.git/]' > > JDK used was Adoptium 17 (but with 11 the same problem occured). > Maven used was 3.8.6. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MRELEASE-1103) decryption of server password in settings.xml failed (works with 2.5.3)
[ https://issues.apache.org/jira/browse/MRELEASE-1103?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17712612#comment-17712612 ] Michael Osipov commented on MRELEASE-1103: -- This is not what I meant. My question is: What security benefit do you expect to see here? > decryption of server password in settings.xml failed (works with 2.5.3) > --- > > Key: MRELEASE-1103 > URL: https://issues.apache.org/jira/browse/MRELEASE-1103 > Project: Maven Release Plugin > Issue Type: Bug >Affects Versions: 3.0.0-M6 >Reporter: Robert Seidel >Priority: Blocker > Fix For: 3.0.1 > > > A server section was defined in the settings.xml at > with id, username and password to connect to a > Bitbucket server. > In the pom.xml the id was referenced in the properties via project.scm.id. > With 2.5.3 the build is running fine, but with 3.0.06-M6 the following > happens: > *11:35:40* [INFO] [WARNING] The requested profile "distribute" could not be > activated because it does not exist. > *11:35:40* [INFO] 11/17 prepare:scm-commit-release > *11:35:40* [INFO] Checking in modified POMs... > *11:35:40* [WARNING] Failed to decrypt password/passphrase for server > bitbucket-prod, using auth token as is: decrypt failed > and in the aftermath: > *11:35:41* [ERROR] Failed to execute goal > org.apache.maven.plugins:maven-release-plugin:3.0.0-M6:prepare (default-cli) > on project ExamplePom: Unable to commit files > *11:35:41* [ERROR] Provider message: > *11:35:41* [ERROR] The git-push command failed. > *11:35:41* [ERROR] Command output: > *11:35:41* [ERROR] fatal: Authentication failed for > '[https://prod.bitbucket/scm/cp/examplepom.git/|https://git.aeb.com/bitbucket/scm/cp/aebparentpom.git/]' > > JDK used was Adoptium 17 (but with 11 the same problem occured). > Maven used was 3.8.6. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MRELEASE-1103) decryption of server password in settings.xml failed (works with 2.5.3)
[ https://issues.apache.org/jira/browse/MRELEASE-1103?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17712564#comment-17712564 ] Alan Czajkowski commented on MRELEASE-1103: --- [~michael-o] we are following this guide: https://maven.apache.org/guides/mini/guide-encryption.html and the Maven Release Plugin is not able to handle this all that I'm asking for is that the plugin work again, when this guide is followed > decryption of server password in settings.xml failed (works with 2.5.3) > --- > > Key: MRELEASE-1103 > URL: https://issues.apache.org/jira/browse/MRELEASE-1103 > Project: Maven Release Plugin > Issue Type: Bug >Affects Versions: 3.0.0-M6 >Reporter: Robert Seidel >Priority: Blocker > Fix For: 3.0.1 > > > A server section was defined in the settings.xml at > with id, username and password to connect to a > Bitbucket server. > In the pom.xml the id was referenced in the properties via project.scm.id. > With 2.5.3 the build is running fine, but with 3.0.06-M6 the following > happens: > *11:35:40* [INFO] [WARNING] The requested profile "distribute" could not be > activated because it does not exist. > *11:35:40* [INFO] 11/17 prepare:scm-commit-release > *11:35:40* [INFO] Checking in modified POMs... > *11:35:40* [WARNING] Failed to decrypt password/passphrase for server > bitbucket-prod, using auth token as is: decrypt failed > and in the aftermath: > *11:35:41* [ERROR] Failed to execute goal > org.apache.maven.plugins:maven-release-plugin:3.0.0-M6:prepare (default-cli) > on project ExamplePom: Unable to commit files > *11:35:41* [ERROR] Provider message: > *11:35:41* [ERROR] The git-push command failed. > *11:35:41* [ERROR] Command output: > *11:35:41* [ERROR] fatal: Authentication failed for > '[https://prod.bitbucket/scm/cp/examplepom.git/|https://git.aeb.com/bitbucket/scm/cp/aebparentpom.git/]' > > JDK used was Adoptium 17 (but with 11 the same problem occured). > Maven used was 3.8.6. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MRELEASE-1103) decryption of server password in settings.xml failed (works with 2.5.3)
[
https://issues.apache.org/jira/browse/MRELEASE-1103?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17712532#comment-17712532
]
Tamas Cservenak commented on MRELEASE-1103:
---
Another workaround: create file {{~/settings-security.xml}} (the one that code
looks due bug in your home directory) with content like this:
{noformat}
/abs/path/to/settings-security.xml
{noformat}
> decryption of server password in settings.xml failed (works with 2.5.3)
> ---
>
> Key: MRELEASE-1103
> URL: https://issues.apache.org/jira/browse/MRELEASE-1103
> Project: Maven Release Plugin
> Issue Type: Bug
>Affects Versions: 3.0.0-M6
>Reporter: Robert Seidel
>Priority: Blocker
> Fix For: 3.0.1
>
>
> A server section was defined in the settings.xml at
> with id, username and password to connect to a
> Bitbucket server.
> In the pom.xml the id was referenced in the properties via project.scm.id.
> With 2.5.3 the build is running fine, but with 3.0.06-M6 the following
> happens:
> *11:35:40* [INFO] [WARNING] The requested profile "distribute" could not be
> activated because it does not exist.
> *11:35:40* [INFO] 11/17 prepare:scm-commit-release
> *11:35:40* [INFO] Checking in modified POMs...
> *11:35:40* [WARNING] Failed to decrypt password/passphrase for server
> bitbucket-prod, using auth token as is: decrypt failed
> and in the aftermath:
> *11:35:41* [ERROR] Failed to execute goal
> org.apache.maven.plugins:maven-release-plugin:3.0.0-M6:prepare (default-cli)
> on project ExamplePom: Unable to commit files
> *11:35:41* [ERROR] Provider message:
> *11:35:41* [ERROR] The git-push command failed.
> *11:35:41* [ERROR] Command output:
> *11:35:41* [ERROR] fatal: Authentication failed for
> '[https://prod.bitbucket/scm/cp/examplepom.git/|https://git.aeb.com/bitbucket/scm/cp/aebparentpom.git/]'
>
> JDK used was Adoptium 17 (but with 11 the same problem occured).
> Maven used was 3.8.6.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Commented] (MRELEASE-1103) decryption of server password in settings.xml failed (works with 2.5.3)
[ https://issues.apache.org/jira/browse/MRELEASE-1103?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17712524#comment-17712524 ] Michael Osipov commented on MRELEASE-1103: -- [~alan-czajkowski], independent of the regressions which should be addressed, of course, I'd like to understand what security enhancement you see with the encryption. Basically, there is none. It just adds a level of indirection and the plaintext key is in Java source. > decryption of server password in settings.xml failed (works with 2.5.3) > --- > > Key: MRELEASE-1103 > URL: https://issues.apache.org/jira/browse/MRELEASE-1103 > Project: Maven Release Plugin > Issue Type: Bug >Affects Versions: 3.0.0-M6 >Reporter: Robert Seidel >Priority: Blocker > > A server section was defined in the settings.xml at > with id, username and password to connect to a > Bitbucket server. > In the pom.xml the id was referenced in the properties via project.scm.id. > With 2.5.3 the build is running fine, but with 3.0.06-M6 the following > happens: > *11:35:40* [INFO] [WARNING] The requested profile "distribute" could not be > activated because it does not exist. > *11:35:40* [INFO] 11/17 prepare:scm-commit-release > *11:35:40* [INFO] Checking in modified POMs... > *11:35:40* [WARNING] Failed to decrypt password/passphrase for server > bitbucket-prod, using auth token as is: decrypt failed > and in the aftermath: > *11:35:41* [ERROR] Failed to execute goal > org.apache.maven.plugins:maven-release-plugin:3.0.0-M6:prepare (default-cli) > on project ExamplePom: Unable to commit files > *11:35:41* [ERROR] Provider message: > *11:35:41* [ERROR] The git-push command failed. > *11:35:41* [ERROR] Command output: > *11:35:41* [ERROR] fatal: Authentication failed for > '[https://prod.bitbucket/scm/cp/examplepom.git/|https://git.aeb.com/bitbucket/scm/cp/aebparentpom.git/]' > > JDK used was Adoptium 17 (but with 11 the same problem occured). > Maven used was 3.8.6. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MRELEASE-1103) decryption of server password in settings.xml failed (works with 2.5.3)
[
https://issues.apache.org/jira/browse/MRELEASE-1103?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17712516#comment-17712516
]
Tamas Cservenak commented on MRELEASE-1103:
---
Actually, out of those two workarounds, I'd bet on this combo: add
{{-Dsettings.security=~/.m2/settings-security.xml}} to Maven, as Maven will
push those into system properties. Or naturally, use jvm.config or any other
means to "properly" set Java System properties, not abuse Maven user properties
(that ARE pushed to system properties currently).
> decryption of server password in settings.xml failed (works with 2.5.3)
> ---
>
> Key: MRELEASE-1103
> URL: https://issues.apache.org/jira/browse/MRELEASE-1103
> Project: Maven Release Plugin
> Issue Type: Bug
>Affects Versions: 3.0.0-M6
>Reporter: Robert Seidel
>Priority: Blocker
>
> A server section was defined in the settings.xml at
> with id, username and password to connect to a
> Bitbucket server.
> In the pom.xml the id was referenced in the properties via project.scm.id.
> With 2.5.3 the build is running fine, but with 3.0.06-M6 the following
> happens:
> *11:35:40* [INFO] [WARNING] The requested profile "distribute" could not be
> activated because it does not exist.
> *11:35:40* [INFO] 11/17 prepare:scm-commit-release
> *11:35:40* [INFO] Checking in modified POMs...
> *11:35:40* [WARNING] Failed to decrypt password/passphrase for server
> bitbucket-prod, using auth token as is: decrypt failed
> and in the aftermath:
> *11:35:41* [ERROR] Failed to execute goal
> org.apache.maven.plugins:maven-release-plugin:3.0.0-M6:prepare (default-cli)
> on project ExamplePom: Unable to commit files
> *11:35:41* [ERROR] Provider message:
> *11:35:41* [ERROR] The git-push command failed.
> *11:35:41* [ERROR] Command output:
> *11:35:41* [ERROR] fatal: Authentication failed for
> '[https://prod.bitbucket/scm/cp/examplepom.git/|https://git.aeb.com/bitbucket/scm/cp/aebparentpom.git/]'
>
> JDK used was Adoptium 17 (but with 11 the same problem occured).
> Maven used was 3.8.6.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Commented] (MRELEASE-1103) decryption of server password in settings.xml failed (works with 2.5.3)
[
https://issues.apache.org/jira/browse/MRELEASE-1103?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17712514#comment-17712514
]
Tamas Cservenak commented on MRELEASE-1103:
---
Another tries would be to set {{settings.security=~/.m2/settings-security.xml}}
as {*}Java System Property{*}.
> decryption of server password in settings.xml failed (works with 2.5.3)
> ---
>
> Key: MRELEASE-1103
> URL: https://issues.apache.org/jira/browse/MRELEASE-1103
> Project: Maven Release Plugin
> Issue Type: Bug
>Affects Versions: 3.0.0-M6
>Reporter: Robert Seidel
>Priority: Blocker
>
> A server section was defined in the settings.xml at
> with id, username and password to connect to a
> Bitbucket server.
> In the pom.xml the id was referenced in the properties via project.scm.id.
> With 2.5.3 the build is running fine, but with 3.0.06-M6 the following
> happens:
> *11:35:40* [INFO] [WARNING] The requested profile "distribute" could not be
> activated because it does not exist.
> *11:35:40* [INFO] 11/17 prepare:scm-commit-release
> *11:35:40* [INFO] Checking in modified POMs...
> *11:35:40* [WARNING] Failed to decrypt password/passphrase for server
> bitbucket-prod, using auth token as is: decrypt failed
> and in the aftermath:
> *11:35:41* [ERROR] Failed to execute goal
> org.apache.maven.plugins:maven-release-plugin:3.0.0-M6:prepare (default-cli)
> on project ExamplePom: Unable to commit files
> *11:35:41* [ERROR] Provider message:
> *11:35:41* [ERROR] The git-push command failed.
> *11:35:41* [ERROR] Command output:
> *11:35:41* [ERROR] fatal: Authentication failed for
> '[https://prod.bitbucket/scm/cp/examplepom.git/|https://git.aeb.com/bitbucket/scm/cp/aebparentpom.git/]'
>
> JDK used was Adoptium 17 (but with 11 the same problem occured).
> Maven used was 3.8.6.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Commented] (MRELEASE-1103) decryption of server password in settings.xml failed (works with 2.5.3)
[
https://issues.apache.org/jira/browse/MRELEASE-1103?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17712513#comment-17712513
]
Tamas Cservenak commented on MRELEASE-1103:
---
[~alan-czajkowski] as a workaround attempt, can you try following: pass
{{-D_configurationFile=~/.m2/settings-security.xml}} to Maven.
> decryption of server password in settings.xml failed (works with 2.5.3)
> ---
>
> Key: MRELEASE-1103
> URL: https://issues.apache.org/jira/browse/MRELEASE-1103
> Project: Maven Release Plugin
> Issue Type: Bug
>Affects Versions: 3.0.0-M6
>Reporter: Robert Seidel
>Priority: Blocker
>
> A server section was defined in the settings.xml at
> with id, username and password to connect to a
> Bitbucket server.
> In the pom.xml the id was referenced in the properties via project.scm.id.
> With 2.5.3 the build is running fine, but with 3.0.06-M6 the following
> happens:
> *11:35:40* [INFO] [WARNING] The requested profile "distribute" could not be
> activated because it does not exist.
> *11:35:40* [INFO] 11/17 prepare:scm-commit-release
> *11:35:40* [INFO] Checking in modified POMs...
> *11:35:40* [WARNING] Failed to decrypt password/passphrase for server
> bitbucket-prod, using auth token as is: decrypt failed
> and in the aftermath:
> *11:35:41* [ERROR] Failed to execute goal
> org.apache.maven.plugins:maven-release-plugin:3.0.0-M6:prepare (default-cli)
> on project ExamplePom: Unable to commit files
> *11:35:41* [ERROR] Provider message:
> *11:35:41* [ERROR] The git-push command failed.
> *11:35:41* [ERROR] Command output:
> *11:35:41* [ERROR] fatal: Authentication failed for
> '[https://prod.bitbucket/scm/cp/examplepom.git/|https://git.aeb.com/bitbucket/scm/cp/aebparentpom.git/]'
>
> JDK used was Adoptium 17 (but with 11 the same problem occured).
> Maven used was 3.8.6.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Commented] (MRELEASE-1103) decryption of server password in settings.xml failed (works with 2.5.3)
[ https://issues.apache.org/jira/browse/MRELEASE-1103?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17712511#comment-17712511 ] Alan Czajkowski commented on MRELEASE-1103: --- [~michael-o] I do not understand what you mean by "fake security" ... the underlying problem here is, as identified by [~robert.sei...@aeb.com] above, that the Maven Release Plugin "has removed the calculation of the correct settings file" ... essentially the plugin is critically broken if you want it to reference the correct settings file we are not asking for the plugin to do anything more than what it already did in the past: properly resolve the settings files > decryption of server password in settings.xml failed (works with 2.5.3) > --- > > Key: MRELEASE-1103 > URL: https://issues.apache.org/jira/browse/MRELEASE-1103 > Project: Maven Release Plugin > Issue Type: Bug >Affects Versions: 3.0.0-M6 >Reporter: Robert Seidel >Priority: Blocker > > A server section was defined in the settings.xml at > with id, username and password to connect to a > Bitbucket server. > In the pom.xml the id was referenced in the properties via project.scm.id. > With 2.5.3 the build is running fine, but with 3.0.06-M6 the following > happens: > *11:35:40* [INFO] [WARNING] The requested profile "distribute" could not be > activated because it does not exist. > *11:35:40* [INFO] 11/17 prepare:scm-commit-release > *11:35:40* [INFO] Checking in modified POMs... > *11:35:40* [WARNING] Failed to decrypt password/passphrase for server > bitbucket-prod, using auth token as is: decrypt failed > and in the aftermath: > *11:35:41* [ERROR] Failed to execute goal > org.apache.maven.plugins:maven-release-plugin:3.0.0-M6:prepare (default-cli) > on project ExamplePom: Unable to commit files > *11:35:41* [ERROR] Provider message: > *11:35:41* [ERROR] The git-push command failed. > *11:35:41* [ERROR] Command output: > *11:35:41* [ERROR] fatal: Authentication failed for > '[https://prod.bitbucket/scm/cp/examplepom.git/|https://git.aeb.com/bitbucket/scm/cp/aebparentpom.git/]' > > JDK used was Adoptium 17 (but with 11 the same problem occured). > Maven used was 3.8.6. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MRELEASE-1103) decryption of server password in settings.xml failed (works with 2.5.3)
[ https://issues.apache.org/jira/browse/MRELEASE-1103?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17712505#comment-17712505 ] Michael Osipov commented on MRELEASE-1103: -- [~alan-czajkowski], can you explain what benefit you see from this fake security? > decryption of server password in settings.xml failed (works with 2.5.3) > --- > > Key: MRELEASE-1103 > URL: https://issues.apache.org/jira/browse/MRELEASE-1103 > Project: Maven Release Plugin > Issue Type: Bug >Affects Versions: 3.0.0-M6 >Reporter: Robert Seidel >Priority: Blocker > > A server section was defined in the settings.xml at > with id, username and password to connect to a > Bitbucket server. > In the pom.xml the id was referenced in the properties via project.scm.id. > With 2.5.3 the build is running fine, but with 3.0.06-M6 the following > happens: > *11:35:40* [INFO] [WARNING] The requested profile "distribute" could not be > activated because it does not exist. > *11:35:40* [INFO] 11/17 prepare:scm-commit-release > *11:35:40* [INFO] Checking in modified POMs... > *11:35:40* [WARNING] Failed to decrypt password/passphrase for server > bitbucket-prod, using auth token as is: decrypt failed > and in the aftermath: > *11:35:41* [ERROR] Failed to execute goal > org.apache.maven.plugins:maven-release-plugin:3.0.0-M6:prepare (default-cli) > on project ExamplePom: Unable to commit files > *11:35:41* [ERROR] Provider message: > *11:35:41* [ERROR] The git-push command failed. > *11:35:41* [ERROR] Command output: > *11:35:41* [ERROR] fatal: Authentication failed for > '[https://prod.bitbucket/scm/cp/examplepom.git/|https://git.aeb.com/bitbucket/scm/cp/aebparentpom.git/]' > > JDK used was Adoptium 17 (but with 11 the same problem occured). > Maven used was 3.8.6. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MRELEASE-1103) decryption of server password in settings.xml failed (works with 2.5.3)
[ https://issues.apache.org/jira/browse/MRELEASE-1103?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17712500#comment-17712500 ] Alan Czajkowski commented on MRELEASE-1103: --- someone really needs to fix this, 3.0.0 was released without incorporating this fix, pretty scandalous if you ask me > decryption of server password in settings.xml failed (works with 2.5.3) > --- > > Key: MRELEASE-1103 > URL: https://issues.apache.org/jira/browse/MRELEASE-1103 > Project: Maven Release Plugin > Issue Type: Bug >Affects Versions: 3.0.0-M6 >Reporter: Robert Seidel >Priority: Blocker > > A server section was defined in the settings.xml at > with id, username and password to connect to a > Bitbucket server. > In the pom.xml the id was referenced in the properties via project.scm.id. > With 2.5.3 the build is running fine, but with 3.0.06-M6 the following > happens: > *11:35:40* [INFO] [WARNING] The requested profile "distribute" could not be > activated because it does not exist. > *11:35:40* [INFO] 11/17 prepare:scm-commit-release > *11:35:40* [INFO] Checking in modified POMs... > *11:35:40* [WARNING] Failed to decrypt password/passphrase for server > bitbucket-prod, using auth token as is: decrypt failed > and in the aftermath: > *11:35:41* [ERROR] Failed to execute goal > org.apache.maven.plugins:maven-release-plugin:3.0.0-M6:prepare (default-cli) > on project ExamplePom: Unable to commit files > *11:35:41* [ERROR] Provider message: > *11:35:41* [ERROR] The git-push command failed. > *11:35:41* [ERROR] Command output: > *11:35:41* [ERROR] fatal: Authentication failed for > '[https://prod.bitbucket/scm/cp/examplepom.git/|https://git.aeb.com/bitbucket/scm/cp/aebparentpom.git/]' > > JDK used was Adoptium 17 (but with 11 the same problem occured). > Maven used was 3.8.6. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MRELEASE-1103) decryption of server password in settings.xml failed (works with 2.5.3)
[ https://issues.apache.org/jira/browse/MRELEASE-1103?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17636173#comment-17636173 ] Michael Osipov commented on MRELEASE-1103: -- [~cstamas], do you want to take a look at this? I fiddled last time with the code. > decryption of server password in settings.xml failed (works with 2.5.3) > --- > > Key: MRELEASE-1103 > URL: https://issues.apache.org/jira/browse/MRELEASE-1103 > Project: Maven Release Plugin > Issue Type: Bug >Affects Versions: 3.0.0-M6 >Reporter: Robert Seidel >Priority: Blocker > > A server section was defined in the settings.xml at > with id, username and password to connect to a > Bitbucket server. > In the pom.xml the id was referenced in the properties via project.scm.id. > With 2.5.3 the build is running fine, but with 3.0.06-M6 the following > happens: > *11:35:40* [INFO] [WARNING] The requested profile "distribute" could not be > activated because it does not exist. > *11:35:40* [INFO] 11/17 prepare:scm-commit-release > *11:35:40* [INFO] Checking in modified POMs... > *11:35:40* [WARNING] Failed to decrypt password/passphrase for server > bitbucket-prod, using auth token as is: decrypt failed > and in the aftermath: > *11:35:41* [ERROR] Failed to execute goal > org.apache.maven.plugins:maven-release-plugin:3.0.0-M6:prepare (default-cli) > on project ExamplePom: Unable to commit files > *11:35:41* [ERROR] Provider message: > *11:35:41* [ERROR] The git-push command failed. > *11:35:41* [ERROR] Command output: > *11:35:41* [ERROR] fatal: Authentication failed for > '[https://prod.bitbucket/scm/cp/examplepom.git/|https://git.aeb.com/bitbucket/scm/cp/aebparentpom.git/]' > > JDK used was Adoptium 17 (but with 11 the same problem occured). > Maven used was 3.8.6. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MRELEASE-1103) decryption of server password in settings.xml failed (works with 2.5.3)
[ https://issues.apache.org/jira/browse/MRELEASE-1103?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17635575#comment-17635575 ] Alan Czajkowski commented on MRELEASE-1103: --- 3.0.0-M7 was released on Nov 2, but still suffers from this bug > decryption of server password in settings.xml failed (works with 2.5.3) > --- > > Key: MRELEASE-1103 > URL: https://issues.apache.org/jira/browse/MRELEASE-1103 > Project: Maven Release Plugin > Issue Type: Bug >Affects Versions: 3.0.0-M6 >Reporter: Robert Seidel >Priority: Blocker > > A server section was defined in the settings.xml at > with id, username and password to connect to a > Bitbucket server. > In the pom.xml the id was referenced in the properties via project.scm.id. > With 2.5.3 the build is running fine, but with 3.0.06-M6 the following > happens: > *11:35:40* [INFO] [WARNING] The requested profile "distribute" could not be > activated because it does not exist. > *11:35:40* [INFO] 11/17 prepare:scm-commit-release > *11:35:40* [INFO] Checking in modified POMs... > *11:35:40* [WARNING] Failed to decrypt password/passphrase for server > bitbucket-prod, using auth token as is: decrypt failed > and in the aftermath: > *11:35:41* [ERROR] Failed to execute goal > org.apache.maven.plugins:maven-release-plugin:3.0.0-M6:prepare (default-cli) > on project ExamplePom: Unable to commit files > *11:35:41* [ERROR] Provider message: > *11:35:41* [ERROR] The git-push command failed. > *11:35:41* [ERROR] Command output: > *11:35:41* [ERROR] fatal: Authentication failed for > '[https://prod.bitbucket/scm/cp/examplepom.git/|https://git.aeb.com/bitbucket/scm/cp/aebparentpom.git/]' > > JDK used was Adoptium 17 (but with 11 the same problem occured). > Maven used was 3.8.6. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MRELEASE-1103) decryption of server password in settings.xml failed (works with 2.5.3)
[ https://issues.apache.org/jira/browse/MRELEASE-1103?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17626989#comment-17626989 ] Robert Seidel commented on MRELEASE-1103: - The change was already identified one and a half months before - https://github.com/apache/maven-release/commit/dafdd7f49d4f96f4d3c9e9b525d6150c40b4784b The problem is, that plexus uses a different default location for (see https://github.com/sonatype/plexus-sec-dispatcher/blob/master/src/main/java/org/sonatype/plexus/components/sec/dispatcher/DefaultSecDispatcher.java#L64) and the change above removed using maven default locations in maven-release-manager/src/main/java/org/apache/maven/shared/release/exec/AbstractMavenExecutor.java. > decryption of server password in settings.xml failed (works with 2.5.3) > --- > > Key: MRELEASE-1103 > URL: https://issues.apache.org/jira/browse/MRELEASE-1103 > Project: Maven Release Plugin > Issue Type: Bug >Affects Versions: 3.0.0-M6 >Reporter: Robert Seidel >Priority: Blocker > > A server section was defined in the settings.xml at > with id, username and password to connect to a > Bitbucket server. > In the pom.xml the id was referenced in the properties via project.scm.id. > With 2.5.3 the build is running fine, but with 3.0.06-M6 the following > happens: > *11:35:40* [INFO] [WARNING] The requested profile "distribute" could not be > activated because it does not exist. > *11:35:40* [INFO] 11/17 prepare:scm-commit-release > *11:35:40* [INFO] Checking in modified POMs... > *11:35:40* [WARNING] Failed to decrypt password/passphrase for server > bitbucket-prod, using auth token as is: decrypt failed > and in the aftermath: > *11:35:41* [ERROR] Failed to execute goal > org.apache.maven.plugins:maven-release-plugin:3.0.0-M6:prepare (default-cli) > on project ExamplePom: Unable to commit files > *11:35:41* [ERROR] Provider message: > *11:35:41* [ERROR] The git-push command failed. > *11:35:41* [ERROR] Command output: > *11:35:41* [ERROR] fatal: Authentication failed for > '[https://prod.bitbucket/scm/cp/examplepom.git/|https://git.aeb.com/bitbucket/scm/cp/aebparentpom.git/]' > > JDK used was Adoptium 17 (but with 11 the same problem occured). > Maven used was 3.8.6. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MRELEASE-1103) decryption of server password in settings.xml failed (works with 2.5.3)
[ https://issues.apache.org/jira/browse/MRELEASE-1103?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17626068#comment-17626068 ] Michael Osipov commented on MRELEASE-1103: -- Please bisect down to the change. > decryption of server password in settings.xml failed (works with 2.5.3) > --- > > Key: MRELEASE-1103 > URL: https://issues.apache.org/jira/browse/MRELEASE-1103 > Project: Maven Release Plugin > Issue Type: Bug >Affects Versions: 3.0.0-M6 >Reporter: Robert Seidel >Priority: Blocker > > A server section was defined in the settings.xml at > with id, username and password to connect to a > Bitbucket server. > In the pom.xml the id was referenced in the properties via project.scm.id. > With 2.5.3 the build is running fine, but with 3.0.06-M6 the following > happens: > *11:35:40* [INFO] [WARNING] The requested profile "distribute" could not be > activated because it does not exist. > *11:35:40* [INFO] 11/17 prepare:scm-commit-release > *11:35:40* [INFO] Checking in modified POMs... > *11:35:40* [WARNING] Failed to decrypt password/passphrase for server > bitbucket-prod, using auth token as is: decrypt failed > and in the aftermath: > *11:35:41* [ERROR] Failed to execute goal > org.apache.maven.plugins:maven-release-plugin:3.0.0-M6:prepare (default-cli) > on project ExamplePom: Unable to commit files > *11:35:41* [ERROR] Provider message: > *11:35:41* [ERROR] The git-push command failed. > *11:35:41* [ERROR] Command output: > *11:35:41* [ERROR] fatal: Authentication failed for > '[https://prod.bitbucket/scm/cp/examplepom.git/|https://git.aeb.com/bitbucket/scm/cp/aebparentpom.git/]' > > JDK used was Adoptium 17 (but with 11 the same problem occured). > Maven used was 3.8.6. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MRELEASE-1103) decryption of server password in settings.xml failed (works with 2.5.3)
[ https://issues.apache.org/jira/browse/MRELEASE-1103?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17625942#comment-17625942 ] Alan Czajkowski commented on MRELEASE-1103: --- I can confirm that 3.0.0-M4 it works fine, someone above said 3.0.0-M5 is also fine, 3.0.0-M6 is definitely broken > decryption of server password in settings.xml failed (works with 2.5.3) > --- > > Key: MRELEASE-1103 > URL: https://issues.apache.org/jira/browse/MRELEASE-1103 > Project: Maven Release Plugin > Issue Type: Bug >Affects Versions: 3.0.0-M6 >Reporter: Robert Seidel >Priority: Blocker > > A server section was defined in the settings.xml at > with id, username and password to connect to a > Bitbucket server. > In the pom.xml the id was referenced in the properties via project.scm.id. > With 2.5.3 the build is running fine, but with 3.0.06-M6 the following > happens: > *11:35:40* [INFO] [WARNING] The requested profile "distribute" could not be > activated because it does not exist. > *11:35:40* [INFO] 11/17 prepare:scm-commit-release > *11:35:40* [INFO] Checking in modified POMs... > *11:35:40* [WARNING] Failed to decrypt password/passphrase for server > bitbucket-prod, using auth token as is: decrypt failed > and in the aftermath: > *11:35:41* [ERROR] Failed to execute goal > org.apache.maven.plugins:maven-release-plugin:3.0.0-M6:prepare (default-cli) > on project ExamplePom: Unable to commit files > *11:35:41* [ERROR] Provider message: > *11:35:41* [ERROR] The git-push command failed. > *11:35:41* [ERROR] Command output: > *11:35:41* [ERROR] fatal: Authentication failed for > '[https://prod.bitbucket/scm/cp/examplepom.git/|https://git.aeb.com/bitbucket/scm/cp/aebparentpom.git/]' > > JDK used was Adoptium 17 (but with 11 the same problem occured). > Maven used was 3.8.6. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MRELEASE-1103) decryption of server password in settings.xml failed (works with 2.5.3)
[ https://issues.apache.org/jira/browse/MRELEASE-1103?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17605656#comment-17605656 ] Robert Seidel commented on MRELEASE-1103: - Problematic commit is this one [https://github.com/apache/maven-release/commit/dafdd7f49d4f96f4d3c9e9b525d6150c40b4784b] it has removed the calculation of the correct settings file here maven-release-manager/src/main/java/org/apache/maven/shared/release/exec/AbstractMavenExecutor.java so it uses the wrong default from plexus... > decryption of server password in settings.xml failed (works with 2.5.3) > --- > > Key: MRELEASE-1103 > URL: https://issues.apache.org/jira/browse/MRELEASE-1103 > Project: Maven Release Plugin > Issue Type: Bug >Affects Versions: 3.0.0-M6 >Reporter: Robert Seidel >Priority: Major > > A server section was defined in the settings.xml at > with id, username and password to connect to a > Bitbucket server. > In the pom.xml the id was referenced in the properties via project.scm.id. > With 2.5.3 the build is running fine, but with 3.0.06-M6 the following > happens: > *11:35:40* [INFO] [WARNING] The requested profile "distribute" could not be > activated because it does not exist. > *11:35:40* [INFO] 11/17 prepare:scm-commit-release > *11:35:40* [INFO] Checking in modified POMs... > *11:35:40* [WARNING] Failed to decrypt password/passphrase for server > bitbucket-prod, using auth token as is: decrypt failed > and in the aftermath: > *11:35:41* [ERROR] Failed to execute goal > org.apache.maven.plugins:maven-release-plugin:3.0.0-M6:prepare (default-cli) > on project ExamplePom: Unable to commit files > *11:35:41* [ERROR] Provider message: > *11:35:41* [ERROR] The git-push command failed. > *11:35:41* [ERROR] Command output: > *11:35:41* [ERROR] fatal: Authentication failed for > '[https://prod.bitbucket/scm/cp/examplepom.git/|https://git.aeb.com/bitbucket/scm/cp/aebparentpom.git/]' > > JDK used was Adoptium 17 (but with 11 the same problem occured). > Maven used was 3.8.6. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MRELEASE-1103) decryption of server password in settings.xml failed (works with 2.5.3)
[ https://issues.apache.org/jira/browse/MRELEASE-1103?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17605638#comment-17605638 ] Robert Seidel commented on MRELEASE-1103: - Unfortunately no, and -X does not yield any further information either. > decryption of server password in settings.xml failed (works with 2.5.3) > --- > > Key: MRELEASE-1103 > URL: https://issues.apache.org/jira/browse/MRELEASE-1103 > Project: Maven Release Plugin > Issue Type: Bug >Affects Versions: 3.0.0-M6 >Reporter: Robert Seidel >Priority: Major > > A server section was defined in the settings.xml at > with id, username and password to connect to a > Bitbucket server. > In the pom.xml the id was referenced in the properties via project.scm.id. > With 2.5.3 the build is running fine, but with 3.0.06-M6 the following > happens: > *11:35:40* [INFO] [WARNING] The requested profile "distribute" could not be > activated because it does not exist. > *11:35:40* [INFO] 11/17 prepare:scm-commit-release > *11:35:40* [INFO] Checking in modified POMs... > *11:35:40* [WARNING] Failed to decrypt password/passphrase for server > bitbucket-prod, using auth token as is: decrypt failed > and in the aftermath: > *11:35:41* [ERROR] Failed to execute goal > org.apache.maven.plugins:maven-release-plugin:3.0.0-M6:prepare (default-cli) > on project ExamplePom: Unable to commit files > *11:35:41* [ERROR] Provider message: > *11:35:41* [ERROR] The git-push command failed. > *11:35:41* [ERROR] Command output: > *11:35:41* [ERROR] fatal: Authentication failed for > '[https://prod.bitbucket/scm/cp/examplepom.git/|https://git.aeb.com/bitbucket/scm/cp/aebparentpom.git/]' > > JDK used was Adoptium 17 (but with 11 the same problem occured). > Maven used was 3.8.6. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MRELEASE-1103) decryption of server password in settings.xml failed (works with 2.5.3)
[ https://issues.apache.org/jira/browse/MRELEASE-1103?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17605442#comment-17605442 ] Michael Osipov commented on MRELEASE-1103: -- Are you able to bisect down to the offending commit? > decryption of server password in settings.xml failed (works with 2.5.3) > --- > > Key: MRELEASE-1103 > URL: https://issues.apache.org/jira/browse/MRELEASE-1103 > Project: Maven Release Plugin > Issue Type: Bug >Affects Versions: 3.0.0-M6 >Reporter: Robert Seidel >Priority: Major > > A server section was defined in the settings.xml at > with id, username and password to connect to a > Bitbucket server. > In the pom.xml the id was referenced in the properties via project.scm.id. > With 2.5.3 the build is running fine, but with 3.0.06-M6 the following > happens: > *11:35:40* [INFO] [WARNING] The requested profile "distribute" could not be > activated because it does not exist. > *11:35:40* [INFO] 11/17 prepare:scm-commit-release > *11:35:40* [INFO] Checking in modified POMs... > *11:35:40* [WARNING] Failed to decrypt password/passphrase for server > bitbucket-prod, using auth token as is: decrypt failed > and in the aftermath: > *11:35:41* [ERROR] Failed to execute goal > org.apache.maven.plugins:maven-release-plugin:3.0.0-M6:prepare (default-cli) > on project ExamplePom: Unable to commit files > *11:35:41* [ERROR] Provider message: > *11:35:41* [ERROR] The git-push command failed. > *11:35:41* [ERROR] Command output: > *11:35:41* [ERROR] fatal: Authentication failed for > '[https://prod.bitbucket/scm/cp/examplepom.git/|https://git.aeb.com/bitbucket/scm/cp/aebparentpom.git/]' > > JDK used was Adoptium 17 (but with 11 the same problem occured). > Maven used was 3.8.6. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MRELEASE-1103) decryption of server password in settings.xml failed (works with 2.5.3)
[ https://issues.apache.org/jira/browse/MRELEASE-1103?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17605348#comment-17605348 ] Robert Seidel commented on MRELEASE-1103: - I've checked the older versions between 2.5.3 and M6 and the problem is introduced with M6 (it works M5). I'm well aware of maven settings.xml security. In my case this is not an issue as only jenkins build agents using that specific settings.xml where only authorized users have access to. > decryption of server password in settings.xml failed (works with 2.5.3) > --- > > Key: MRELEASE-1103 > URL: https://issues.apache.org/jira/browse/MRELEASE-1103 > Project: Maven Release Plugin > Issue Type: Bug >Affects Versions: 3.0.0-M6 >Reporter: Robert Seidel >Priority: Major > > A server section was defined in the settings.xml at > with id, username and password to connect to a > Bitbucket server. > In the pom.xml the id was referenced in the properties via project.scm.id. > With 2.5.3 the build is running fine, but with 3.0.06-M6 the following > happens: > *11:35:40* [INFO] [WARNING] The requested profile "distribute" could not be > activated because it does not exist. > *11:35:40* [INFO] 11/17 prepare:scm-commit-release > *11:35:40* [INFO] Checking in modified POMs... > *11:35:40* [WARNING] Failed to decrypt password/passphrase for server > bitbucket-prod, using auth token as is: decrypt failed > and in the aftermath: > *11:35:41* [ERROR] Failed to execute goal > org.apache.maven.plugins:maven-release-plugin:3.0.0-M6:prepare (default-cli) > on project ExamplePom: Unable to commit files > *11:35:41* [ERROR] Provider message: > *11:35:41* [ERROR] The git-push command failed. > *11:35:41* [ERROR] Command output: > *11:35:41* [ERROR] fatal: Authentication failed for > '[https://prod.bitbucket/scm/cp/examplepom.git/|https://git.aeb.com/bitbucket/scm/cp/aebparentpom.git/]' > > JDK used was Adoptium 17 (but with 11 the same problem occured). > Maven used was 3.8.6. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (MRELEASE-1103) decryption of server password in settings.xml failed (works with 2.5.3)
[ https://issues.apache.org/jira/browse/MRELEASE-1103?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17605285#comment-17605285 ] Michael Osipov commented on MRELEASE-1103: -- No really helpful. I recommend to try out every milestone to figure out the first broken release. Side note: The so called encryption gives you a false sense of security. It is just an indirection. > decryption of server password in settings.xml failed (works with 2.5.3) > --- > > Key: MRELEASE-1103 > URL: https://issues.apache.org/jira/browse/MRELEASE-1103 > Project: Maven Release Plugin > Issue Type: Bug >Affects Versions: 3.0.0-M6 >Reporter: Robert Seidel >Priority: Major > > A server section was defined in the settings.xml at > with id, username and password to connect to a > Bitbucket server. > In the pom.xml the id was referenced in the properties via project.scm.id. > With 2.5.3 the build is running fine, but with 3.0.06-M6 the following > happens: > *11:35:40* [INFO] [WARNING] The requested profile "distribute" could not be > activated because it does not exist. > *11:35:40* [INFO] 11/17 prepare:scm-commit-release > *11:35:40* [INFO] Checking in modified POMs... > *11:35:40* [WARNING] Failed to decrypt password/passphrase for server > bitbucket-prod, using auth token as is: decrypt failed > and in the aftermath: > *11:35:41* [ERROR] Failed to execute goal > org.apache.maven.plugins:maven-release-plugin:3.0.0-M6:prepare (default-cli) > on project ExamplePom: Unable to commit files > *11:35:41* [ERROR] Provider message: > *11:35:41* [ERROR] The git-push command failed. > *11:35:41* [ERROR] Command output: *11:35:41* [ERROR] fatal: Authentication > failed for > '[https://prod.bitbucket/scm/cp/examplepom.git/|https://git.aeb.com/bitbucket/scm/cp/aebparentpom.git/]' > > JDK used was Adoptium 17 (but with 11 the same problem occured). > Maven used was 3.8.6. -- This message was sent by Atlassian Jira (v8.20.10#820010)
