From c648a31c59b542f3c679a04cb7d46d8bff4cb0df Mon Sep 17 00:00:00 2001 From: Eugene Yokota Date: Fri, 22 Aug 2014 05:16:34 -0400 Subject: [PATCH 1/5] #1541. Launcher uses HTTPS Maven Central by default --- launch/src/main/scala/xsbt/boot/Update.scala | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/launch/src/main/scala/xsbt/boot/Update.scala b/launch/src/main/scala/xsbt/boot/Update.scala index 5c8492cae..c856562b0 100644 --- a/launch/src/main/scala/xsbt/boot/Update.scala +++ b/launch/src/main/scala/xsbt/boot/Update.scala @@ -344,20 +344,20 @@ final class Update(config: UpdateConfiguration) { /** Creates a maven-style resolver.*/ private def mavenResolver(name: String, root: String) = { - val resolver = defaultMavenResolver(name) + val resolver = new IBiblioResolver + resolver.setName(name) + resolver.setM2compatible(true) resolver.setRoot(root) resolver } + private def useSecureResolvers = sys.props.get("sbt.repository.secure") map { _.toLowerCase == "true" } getOrElse true + private def centralRepositoryRoot(secure: Boolean) = (if (secure) "https" else "http") + "://repo1.maven.org/maven2/" + /** Creates a resolver for Maven Central.*/ private def mavenMainResolver = defaultMavenResolver("Maven Central") /** Creates a maven-style resolver with the default root.*/ private def defaultMavenResolver(name: String) = - { - val resolver = new IBiblioResolver - resolver.setName(name) - resolver.setM2compatible(true) - resolver - } + mavenResolver(name, centralRepositoryRoot(useSecureResolvers)) private def localResolver(ivyUserDirectory: String) = { val localIvyRoot = ivyUserDirectory + "/local" From 1e180cc030ad1fd63be17177a3a1bab46ced1baf Mon Sep 17 00:00:00 2001 From: Eugene Yokota Date: Fri, 22 Aug 2014 20:00:10 -0400 Subject: [PATCH 2/5] Deprecate JavaNet1Repository. #1541 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit I don’t think there’s an alternative for java.net Maven 1 repository. --- ivy/src/main/scala/sbt/ConvertResolver.scala | 2 ++ ivy/src/main/scala/sbt/Resolver.scala | 2 ++ 2 files changed, 4 insertions(+) diff --git a/ivy/src/main/scala/sbt/ConvertResolver.scala b/ivy/src/main/scala/sbt/ConvertResolver.scala index a36d7430c..8097ae5b9 100644 --- a/ivy/src/main/scala/sbt/ConvertResolver.scala +++ b/ivy/src/main/scala/sbt/ConvertResolver.scala @@ -112,6 +112,8 @@ private object ConvertResolver { resolver.setPatterns() // has to be done after initializeMavenStyle, which calls methods that overwrite the patterns resolver } + // TODO: HTTP repository is no longer recommended. #1541 + // Remove `JavaNet1Repository` when we bump up the API. case r: JavaNet1Repository => { // Thanks to Matthias Pfau for posting how to use the Maven 1 repository on java.net with Ivy: diff --git a/ivy/src/main/scala/sbt/Resolver.scala b/ivy/src/main/scala/sbt/Resolver.scala index 52fbf0fb8..9c98fc0fa 100644 --- a/ivy/src/main/scala/sbt/Resolver.scala +++ b/ivy/src/main/scala/sbt/Resolver.scala @@ -138,7 +138,9 @@ import Resolver._ object DefaultMavenRepository extends MavenRepository("public", centralRepositoryRoot(useSecureResolvers)) object JavaNet2Repository extends MavenRepository(JavaNet2RepositoryName, JavaNet2RepositoryRoot) object JCenterRepository extends MavenRepository(JCenterRepositoryName, JCenterRepositoryRoot) +@deprecated("HTTP repository is no longer recommended.", "0.13.6") object JavaNet1Repository extends JavaNet1Repository +@deprecated("HTTP repository is no longer recommended.", "0.13.6") sealed trait JavaNet1Repository extends Resolver { def name = "java.net Maven1 Repository" } From 9b42a1899d9d02122ecffe116bdfaf09c592f814 Mon Sep 17 00:00:00 2001 From: Eugene Yokota Date: Fri, 22 Aug 2014 20:13:51 -0400 Subject: [PATCH 3/5] Fixes #1549. Use HTTPS for Java.net Maven 2 repository --- ivy/src/main/scala/sbt/Resolver.scala | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/ivy/src/main/scala/sbt/Resolver.scala b/ivy/src/main/scala/sbt/Resolver.scala index 9c98fc0fa..b0971950c 100644 --- a/ivy/src/main/scala/sbt/Resolver.scala +++ b/ivy/src/main/scala/sbt/Resolver.scala @@ -152,11 +152,16 @@ object Resolver { val SbtPluginRepositoryRoot = "http://repo.scala-sbt.org/scalasbt" val SonatypeRepositoryRoot = "https://oss.sonatype.org/content/repositories" val JavaNet2RepositoryName = "java.net Maven2 Repository" - val JavaNet2RepositoryRoot = "http://download.java.net/maven/2" + val JavaNet2RepositoryRoot = javanet2RepositoryRoot(useSecureResolvers) val JCenterRepositoryName = "jcenter" val JCenterRepositoryRoot = "https://jcenter.bintray.com/" val DefaultMavenRepositoryRoot = "https://repo1.maven.org/maven2/" + // TODO: This switch is only kept for backward compatibility. Hardcode to HTTPS in the future. private[sbt] def centralRepositoryRoot(secure: Boolean) = (if (secure) "https" else "http") + "://repo1.maven.org/maven2/" + // TODO: This switch is only kept for backward compatibility. Hardcode to HTTPS in the future. + private[sbt] def javanet2RepositoryRoot(secure: Boolean) = + if (secure) "https://maven.java.net/content/repositories/public/" + else "http://download.java.net/maven/2" // obsolete: kept only for launcher compatibility private[sbt] val ScalaToolsReleasesName = "Sonatype OSS Releases" From 2904bdcb322e2369f61dacb8c61982d500f06798 Mon Sep 17 00:00:00 2001 From: Eugene Yokota Date: Fri, 22 Aug 2014 20:27:23 -0400 Subject: [PATCH 4/5] #1541. Use HTTPS for Typesafe repository --- ivy/src/main/scala/sbt/Resolver.scala | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/ivy/src/main/scala/sbt/Resolver.scala b/ivy/src/main/scala/sbt/Resolver.scala index b0971950c..4ff1f10f0 100644 --- a/ivy/src/main/scala/sbt/Resolver.scala +++ b/ivy/src/main/scala/sbt/Resolver.scala @@ -148,7 +148,7 @@ sealed trait JavaNet1Repository extends Resolver { object Resolver { private[sbt] def useSecureResolvers = sys.props.get("sbt.repository.secure") map { _.toLowerCase == "true" } getOrElse true - val TypesafeRepositoryRoot = "http://repo.typesafe.com/typesafe" + val TypesafeRepositoryRoot = typesafeRepositoryRoot(useSecureResolvers) val SbtPluginRepositoryRoot = "http://repo.scala-sbt.org/scalasbt" val SonatypeRepositoryRoot = "https://oss.sonatype.org/content/repositories" val JavaNet2RepositoryName = "java.net Maven2 Repository" @@ -162,6 +162,8 @@ object Resolver { private[sbt] def javanet2RepositoryRoot(secure: Boolean) = if (secure) "https://maven.java.net/content/repositories/public/" else "http://download.java.net/maven/2" + // TODO: This switch is only kept for backward compatibility. Hardcode to HTTPS in the future. + private[sbt] def typesafeRepositoryRoot(secure: Boolean) = (if (secure) "https" else "http") + "://repo.typesafe.com/typesafe" // obsolete: kept only for launcher compatibility private[sbt] val ScalaToolsReleasesName = "Sonatype OSS Releases" From 7e2982e0567e7a7522783cda127b364c314c6e1b Mon Sep 17 00:00:00 2001 From: Eugene Yokota Date: Fri, 22 Aug 2014 20:27:34 -0400 Subject: [PATCH 5/5] notes --- notes/0.13.6.md | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/notes/0.13.6.md b/notes/0.13.6.md index 3376d5f75..cfd21d5d6 100644 --- a/notes/0.13.6.md +++ b/notes/0.13.6.md @@ -51,6 +51,7 @@ [1524]: https://github.com/sbt/sbt/issues/1524 [1530]: https://github.com/sbt/sbt/issues/1530 [1536]: https://github.com/sbt/sbt/pull/1536 + [1541]: https://github.com/sbt/sbt/issues/1541 [1546]: https://github.com/sbt/sbt/pull/1546 [@benmccann]: https://github.com/benmccann @@ -77,7 +78,7 @@ ### Fixes with compatibility implications -- Maven Central Repository now defaults to HTTPS. [#1494][1494] by [@rtyley][@rtyley] (See below) +- Maven Central Repository, Java.net Maven 2 Repository, and Typesafe Repository now defaults to HTTPS. (See below) - `ThisProject` used to resolve to the root project in a build even when it's place in `subproj/build.sbt`. sbt 0.13.6 fixes it to resolve to the sub project. [#1194][1194]/[#1358][1358] by [@dansanduleac][@dansanduleac] - Global plugins classpath used to be injected into every build. This will no longer be the case. [#1347][1347]/[#1352][1352] by [@dansanduleac][@dansanduleac] - Fixes `newer` command in scripted. [#1419][1419] by [@jroper][@jroper] @@ -126,11 +127,9 @@ Thanks to Sonatype, HTTPS access to Maven Central Repository is available to pub -Dsbt.repository.secure=false -[#1494][1494] by [@rtyley][@rtyley] +Java.net Maven 2 repository and Typesafe repository also defaults to HTTPS. -Launcher also defaults to HTTPS address of the Typesafe repository. - -[#1536][1536] by [@benmccann][@benmccann]. +[#1494][1494] by [@rtyley][@rtyley], [#1536][1536] by [@benmccann][@benmccann], and [#1541][1541] by [@eed3si9n][@eed3si9n]. ### enablePlugins/disablePlugins