You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@uima.apache.org by Marshall Schor <ms...@schor.com> on 2010/04/15 17:54:14 UTC

Change in password mgmt for deploying

The way we previously deployed used (from uimaj pom):

<!-- to deploy the artifacts to a Maven staging-repository you have to
configure
      the settings.xml file in your local Maven repository -->
  <distributionManagement>
    <repository>
      <id>staging-repository</id>
     
<url>scpexe://people.apache.org/www/people.apache.org/repo/m2-incubating-repository/</url>
    </repository>
...

and in your private .m2/settings.xml, something like:

      <id>staging-repository</id>
      <username>YOUR_NAME</username-->
      <!--password>YOUR_PASSWORD</password   <<< instead of this , we
did: -->
      <privateKey>PATH TO PRIVATE KEY, or NOT PRESENT - if using Putty
"agent" pagent</privateKey>
      <configuration>
        <sshExecutable>C:/SysApps/PuTTY/plink</sshExecutable>
        <scpExecutable>C:/SysApps/PuTTY/pscp</scpExecutable>
      </configuration>

...

for "putty" style remote transfer.

NEXUS doesn't seem to support this, and the documentation says to use
the method of putting credentials in your settings file.

These can be encrypted, with a master PW.  The pw for that is in another
file, .m2/settings-security.xml.  see
http://maven.apache.org/guides/mini/guide-encryption.html

The settings-security file can contain an indirection to a mountable
drive (e.g. a "thumb" drive that you plug in when needed to your
machine's USB port).  This seems the secure way to do things...

Hudson (the Continuous Server integration) has a special path into
Nexus, but only for snapshots.

Here's background info from Jukka:

On Thu, Apr 15, 2010 at 4:59 PM, Marshall Schor <ms...@schor.com> wrote:

> > I can't get this scheme to work (tried various things) for Nexus, and I
> > think that might be because it doesn't support the ssh style of
> > connecting for authentication.  But I can't really find any info about it.
>   
Nexus uses WebDAV for deployments, and your Maven client needs your
username and password for the HTTP authentication.


> > Also, the suggested scheme for authentication - passwords /
> > master-password / relocation to a removable thumb-drive --  how can that
> > work for Hudson - when it publishes things to Nexus?  Do users put
> > passwords for connecting to the Nexus staging repo, for instance?
>   
There's a custom deployment account configured on Hudson that has
enough write access to deploy snapshots of any Apache projects. The
release manager needs to build and deploy all release candidates that
to the staging repo. This is necessary also because Hudson can't
create the required PGP signatures for you.

I'm at the point of trying to "deploy" a "SNAPSHOT" of the new nexus-enabled top-level uima pom, to debug the pipeline...  and will be posting things as I discover them...

-Marshall