我们正在尝试转向gradle。一切工作正常,但我遇到了一个问题,即内部存储库只能通过客户端证书访问,该证书驻留在pkcs#11令牌上。
使用maven时,我只需要像这样拥有一个.mavenrc文件:
当我运行./gradlew build时,会要求输入我的令牌的PIN码,但是构建工具请求获取构件失败并出现401错误。在服务器上没有客户端证书到达。 $ ./gradlew --stacktrace compileJava
似乎Gradle(Groovy)支持标准的Java SSL属性,因为它要求输入PIN码,但是却无法成功。如果我使用类似这样的简单Java类运行,一切都正常:
使用maven时,我只需要像这样拥有一个.mavenrc文件:
#!/bin/bash
MAVEN_OPTS=" $MAVEN_OPTS \
-Djava.security.debug=sunpkcs11 \
-Djavax.net.ssl.trustStore=NONE \
-Djavax.net.ssl.trustStoreType=pkcs11 \
-Djavax.net.ssl.keyStore=NONE \
-Djavax.net.ssl.keyStoreType=pkcs11 \
"
因此,我在gradlew包装器脚本的开头加入了这些Java选项:
# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
DEFAULT_JVM_OPTS=" \
-Djava.security.debug=sunpkcs11 \
-Djavax.net.ssl.trustStore=NONE \
-Djavax.net.ssl.trustStoreType=pkcs11 \
-Djavax.net.ssl.keyStore=NONE \
-Djavax.net.ssl.keyStoreType=pkcs11 \
"
当我运行./gradlew build时,会要求输入我的令牌的PIN码,但是构建工具请求获取构件失败并出现401错误。在服务器上没有客户端证书到达。 $ ./gradlew --stacktrace compileJava
:compileJava
SunPKCS11 loading /etc/opensc/opensc-java.cfg
sunpkcs11: Initializing PKCS#11 library /usr/lib/opensc-pkcs11.so
Information for provider SunPKCS11-OpenSC
[lots of debugging infos from sub pkcs11]
sunpkcs11: getting provider callback handler
sunpkcs11: getting default callback handler
[ entering PIN ]
sunpkcs11: login succeeded
sunpkcs11: user already logged in
sunpkcs11: user already logged in
sunpkcs11: user already logged in
sunpkcs11: user already logged in
FAILURE: Build failed with an exception.
* What went wrong:
Could not resolve all dependencies for configuration ':compile'.
> Could not resolve group: ....
Required by: ...
> Could not GET 'https://nexus/PATH...'. Received status code 401 from server: Authorization Required
> Could not GET 'https://nexus/PATH...'. Received status code 401 from server: Authorization Required
* Try:
Run with --info or --debug option to get more log output.
* Exception is:
[...]
Caused by: org.gradle.api.UncheckedIOException: Could not GET 'https://nexus/PATH...'. Received status code 401 from server: Authorization Required
at org.gradle.api.internal.artifacts.repositories.transport.http.HttpResourceCollection.processHttpRequest(HttpResourceCollection.java:145)
at org.gradle.api.internal.artifacts.repositories.transport.http.HttpResourceCollection.initGet(HttpResourceCollection.java:121)
at org.gradle.api.internal.artifacts.repositories.transport.http.HttpResourceCollection.getResource(HttpResourceCollection.java:81)
at org.gradle.api.internal.artifacts.repositories.transport.http.HttpResourceCollection.getResource(HttpResourceCollection.java:54)
at org.gradle.api.internal.artifacts.repositories.ResourceCollectionResolver.getResource(ResourceCollectionResolver.java:304)
at org.gradle.api.internal.artifacts.repositories.ResourceCollectionResolver.findStaticResourceUsingPattern(ResourceCollectionResolver.java:248)
at org.gradle.api.internal.artifacts.repositories.ResourceCollectionResolver.findResourceUsingPattern(ResourceCollectionResolver.java:234)
at org.gradle.api.internal.artifacts.repositories.ResourceCollectionResolver.findResourceUsingPatterns(ResourceCollectionResolver.java:136)
at org.gradle.api.internal.artifacts.repositories.MavenResolver.findIvyFileRef(MavenResolver.java:117)
at org.apache.ivy.plugins.resolver.BasicResolver.getDependency(BasicResolver.java:223)
at org.gradle.api.internal.artifacts.ivyservice.ivyresolve.DependencyResolverAdapter.getDependency(DependencyResolverAdapter.java:84)
at org.gradle.api.internal.artifacts.ivyservice.ivyresolve.CacheLockingModuleVersionRepository$1.create(CacheLockingModuleVersionRepository.java:53)
at org.gradle.api.internal.artifacts.ivyservice.ivyresolve.CacheLockingModuleVersionRepository$1.create(CacheLockingModuleVersionRepository.java:51)
at org.gradle.cache.internal.DefaultCacheAccess.longRunningOperation(DefaultCacheAccess.java:172)
at org.gradle.cache.internal.DefaultPersistentDirectoryStore.longRunningOperation(DefaultPersistentDirectoryStore.java:107)
at org.gradle.api.internal.artifacts.ivyservice.DefaultCacheLockingManager.longRunningOperation(DefaultCacheLockingManager.java:57)
at org.gradle.api.internal.artifacts.ivyservice.ivyresolve.CacheLockingModuleVersionRepository.getDependency(CacheLockingModuleVersionRepository.java:51)
at org.gradle.api.internal.artifacts.ivyservice.ivyresolve.CachingModuleVersionRepository.resolveModule(CachingModuleVersionRepository.java:150)
at org.gradle.api.internal.artifacts.ivyservice.ivyresolve.CachingModuleVersionRepository.findModule(CachingModuleVersionRepository.java:88)
at org.gradle.api.internal.artifacts.ivyservice.ivyresolve.CachingModuleVersionRepository.getDependency(CachingModuleVersionRepository.java:79)
at org.gradle.api.internal.artifacts.ivyservice.ivyresolve.IvyContextualiser$1.invoke(IvyContextualiser.java:44)
at $Proxy34.getDependency(Unknown Source)
at org.gradle.api.internal.artifacts.ivyservice.ivyresolve.UserResolverChain.findLatestModule(UserResolverChain.java:71)
at org.gradle.api.internal.artifacts.ivyservice.ivyresolve.UserResolverChain.resolve(UserResolverChain.java:52)
... 91 more
似乎Gradle(Groovy)支持标准的Java SSL属性,因为它要求输入PIN码,但是却无法成功。如果我使用类似这样的简单Java类运行,一切都正常:
java URL url = new URL("...");
InputStreamReader is = new InputStreamReader(url.openStream());
BufferedReader in = new BufferedReader(is);
String inputLine;
while ((inputLine = in.readLine()) != null)
System.out.println(inputLine);
in.close();
像这样调用是可以正常工作的:
java -Djava.security.debug=sunpkcs11 -Djavax.net.ssl.trustStore=NONE -Djavax.net.ssl.trustStoreType=pkcs11 -Djavax.net.ssl.keyStore=NONE -Djavax.net.ssl.keyStoreType=pkcs11 jget/JGet
ssl.keyStoreType=pkcs11 \
这是我的build.gradle文件
task wrapper(type: Wrapper) { gradleVersion = "1.0-milestone-9" }
apply plugin: "java"
repositories { maven { url "https://developer/nexus/content/repositories/thirdparty" } }
dependencies { compile "org.projectx:tools:1.0" }
有人能帮助我吗?