'Tried to use insecure HTTP repository without TLS' error can prevent depending on other projects in the same git repo

[vzaharee]

If a voom-repo contains any project.clj referencing an HTTP repository, the process will fail with the error 'Tried to use insecure HTTP repository without TLS'. The fix for #63 isn't quite enough, as in this case the code in question is exiting instead of throwing an exception.

See https://github.com/technomancy/leiningen/blob/cc44d42ff6382be9f5bca2054c6f6fca2606b691/leiningen-core/src/leiningen/core/main.clj#L418-L434 and https://github.com/technomancy/leiningen/blob/cc44d42ff6382be9f5bca2054c6f6fca2606b691/leiningen-core/src/leiningen/core/main.clj#L166-L173

Looking at the second link, it looks like it may just be a matter of rebinding leiningen.core.main/exit-proccess? to be false to get the desired behaviour.

[abrooks]

It turns out the error was in a direct dependency failing for appropriate reasons (non-TLS repo specified).

[abrooks]

We closed this in haste last time. There is an issue but it turns out to be quite a bit more complex.

The triggering case has a "bad" project in the repo, unrelated to the dependency tree which has both an HTTP :repositories entry AND a plugin which cannot be found in the primary maven repositories.

The reason this is a problem is that when resolving a voom dependency, all project.clj files are read through leiningen's leiningen.core.project/read function which doesn't try to resolve normal dependencies but will attempt to resolve plugins. The HTTP wagon handler from recent leiningen versions will call leiningen.main/abort causing the lein-voom process to exit on an entirely unrelated project even though the dependency project is totally fine.

The solution here is to make voom/safe-project-read even more safe by dynamically binding leinginen.core.main/*exit-process?* to false, preventing the exit. I'm considering making this function even more robust by catching Throwable instead of just Exception.