[jira] [Commented] (MNG-8409) No upgrade path for settings-security.xml

Fri, 06 Dec 2024 11:43:20 -0800 


    [ 
https://issues.apache.org/jira/browse/MNG-8409?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17903737#comment-17903737
 ] 

Tamas Cservenak commented on MNG-8409:
--------------------------------------

This is not true. I have maven3 encoded password and this is what I get:
{noformat}
[cstamas@angeleyes ~]$ mvnenc diag
[WARNING] 
[WARNING] Some problems were encountered while building the effective settings
[WARNING] Pre-Maven 4 legacy encrypted password detected  - configure password 
encryption with the help of mvnenc to be compatible with Maven 4. @ 
/home/cstamas/.m2/settings.xml
[WARNING] 
Configuration validation of MavenSecDispatcher: VALID
  Configuration file present on path /home/cstamas/.m2/settings-security4.xml
  Default dispatcher configured
  Configured default dispatcher configuration is valid
  Legacy dispatcher present in system
  Legacy dispatcher is operational; transparent fallback possible
  Configuration validation of MasterDispatcher: VALID
    Configured Cipher supported
    Configured Source configuration valid
    Configuration validation of PinEntryMasterSource: VALID
      Configured pinentry command exists and is executable
  Configuration validation of LegacyDispatcher: VALID
    Legacy configuration found with encrypted master password
    Legacy master password successfully decrypted
[cstamas@angeleyes ~]$ 
{noformat}

Maven4 _warns_ about presence of Maven3 (obfuscated, non safe) passwords.

Your problem is this:
{noformat}
[ERROR] Caused by: Error building settings: [WARNING] Pre-Maven 4 legacy 
encrypted password detected  - configure password encryption with the help of 
mvnenc to be compatible with Maven 4. @ /Users/lprimak/.m2/settings.xml, 
[ERROR] Could not decrypt password (fix the corrupted password or remove it, if 
unused) 
{j+UOfoxrhI0HeHa6AdQ6bVmnq6iZg/ptTGSYBCfSYsVnQlW/fZLWBIk6sXEQsECIYvYk8DhsF874JOGiw0LTiQ==}
 @ /Users/lprimak/.m2/settings.xml,
{noformat}

This means you have a _non decodable password_ (even with Maven3). To continue, 
mvn4 requires you to remove this, as log tells.


> No upgrade path for settings-security.xml
> -----------------------------------------
>
>                 Key: MNG-8409
>                 URL: https://issues.apache.org/jira/browse/MNG-8409
>             Project: Maven
>          Issue Type: Bug
>    Affects Versions: 4.0.0-beta-5, 4.0.0-rc-1
>            Reporter: Lenny Primak
>            Priority: Blocker
>
> There is no upgrade path to mvnenc from current settings-security.xml
> Everything is failing if settings.xml has maven 3-type passwords.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to