1

Is there a way to automate the task of keeping the settings.xml (used by Maven) in sync with domain password changes? The list of repos in settings.xml is growing as more development migrates to maven, and so the task of updating is also growing.

We've recently started using maven with some internal (corporate) svn repositories that use each developer's domain user ID and password to control their repository access. Our domain passwords expire and must be changed frequently. Which means (frequently) updating ~/.m2/settings.xml with a new password-hash.

I would prefer a bash or csh solution that makes use of simple commands that already exist on my systems.

I saw references to Sonatype Nexus here on SO - looks like it might help, and I will suggest it to our CM staff. But I'm not optimistic that it will be adopted soon, if ever. And I have no time to maintain a private copy of yet-another tool.

Ideas?

Thanks, Ken

4

1 回答 1

2

我写了一个 bash 脚本,可以正常工作。它需要在 ~/.m2/settings.xml 中添加少量内容以获得支持(见下文)。该脚本采用一个可选参数:一个正则表达式字符串,用于匹配与 xml 文件中的一个或多个密码哈希关联的可选标签。我用它来表示域名,但它可以是任何东西(或者什么都不是,因为它是可选的)。

该脚本提示对新密码进行哈希处理,它将新生成的哈希限制为纯字母数字(以避免在其他地方出现意外的 shell 转义的潜在问题),它制作了 settings.xml 文件的备份副本,并且然后它会更新 settings.xml 中选定的哈希值。这是脚本:

#!/bin/bash
# Update instances of password-hashes in ~/.m2/settings.xml for a given password [and domain]
# Usage:  ./mvnpwd.sh  [domain-name-regex-string]

# Force domain-string to upper-case to keep things simple ...
mvnDomainNameRegexString=`echo $1 | tr '[a-z]' '[A-Z]'`

echo -n "New Password: "
read -s mvnPassword
echo

# Prefer pure alpha-numeric hash ...
mvnPasswordHash=""
while [ -z "$mvnPasswordHash" ]
do
    mvnHashMash=`mvn --encrypt-password "$mvnPassword"`
    mvnPasswordHash=`echo "$mvnHashMash" | egrep -o "\{[[:alnum:]]+\=\}"`
done

cp ~/.m2/settings.xml ~/.m2/settings.xml.old

oldPasswordHash=`egrep -o "<changingPasswordHash_*$mvnDomainNameRegexString>\{[a-zA-Z0-9]+\=\}</changingPasswordHash_*$mvnDomainNameRegexString>" ~/.m2/settings.xml | egrep -o "\{[a-zA-Z0-9]+\=\}"`
set $oldPasswordHash
for p do
    sed --in-place -e "s/$p/$mvnPasswordHash/g" ~/.m2/settings.xml
done

我在 settings.xml 文件顶部附近添加了一个注释块来支持我的脚本。我正在使用类似 xml 的标签来识别(对于脚本)在 xml 文件中其他地方使用的密码哈希值,并将任何 [可选] 域名与给定的哈希值相关联。由于所有这些都发生在注释块中,因此 maven 应该忽略它。这是一个示例 settings.xml:

<settings>
    <!--  Info below is to aid in updating passwords that change periodically (e.g., domain password) ...
    <changingPasswordHash>{SomeHashWithoutADomainxYzZyHaShGiBbErIsHsTuFf=}</changingPasswordHash>
    <changingPasswordHash_MYDOMAIN>{SomeHashForMyDomainxYzZyHaShGiBbErIsHsTuFf=}</changingPasswordHash_MYDOMAIN>
    <changingPasswordHash_ANOTHERDOMAIN>{SomeHashForAnotherDomainxYzZyHaShGiBbErIsHsTuFf=}</changingPasswordHash_ANOTHERDOMAIN>
    -->
    <proxies>
        <proxy>
            <active>true</active>
            <protocol>http</protocol>
            <host>myProxy.rightHere.com</host>
            <port>80</port>
            <username>justMe</username>
            <password>{SomeHashWithoutADomainxYzZyHaShGiBbErIsHsTuFf=}</password>
            <nonProxyHosts>*.rightHere.com|*.whereIWork.com</nonProxyHosts>
        </proxy>
    </proxies>
    <servers>
        <server>
            <id>mySVNrepo1.rightHere.com</id>
            <username>justMe</username>
            <password>{SomeHashForMyDomainxYzZyHaShGiBbErIsHsTuFf=}</password>
        </server>
        <server>
            <id>corpSVNrepo2.whereIWork.com</id>
            <username>justMe</username>
            <password>{SomeHashForAnotherDomainxYzZyHaShGiBbErIsHsTuFf=}</password>
        </server>
        <server>
            <id>anotherSVNrepo3.notHere.com</id>
            <username>myOtherUserID</username>
            <password>{SomeHashWithoutADomainxYzZyHaShGiBbErIsHsTuFf=}</password>
        </server>
    </servers>
</settings>
于 2013-08-09T19:19:09.900 回答