search

eirslett / frontend-maven-plugin

"Maven-node-grunt-gulp-npm-node-plugin to end all maven-node-grunt-gulp-npm-plugins." A Maven plugin that downloads/installs Node and NPM locally, runs NPM install, Grunt, Gulp and/or Karma.
Apache License 2.0
4.26k stars 870 forks source link

Node/NPM install does not respect ignoring SSL #664

Open mattfirtion opened 7 years ago

mattfirtion commented 7 years ago

Do you want to request a feature or report a bug? Bug

What is the current behavior? When specifying the nodeDownloadRoot to a location that is using a self-signed certificate or certificate that may not be trusted, the plugin fails to download even though command line options specify to ignore SSL errors.

If the current behavior is a bug, please provide the steps to reproduce.

  1. Load nodejs into a repository that is behind a SSL certificate.
  2. The JDK should not have the certificate imported.
  3. Run mvn clean package -U -Dmaven.wagon.http.ssl.insecure=true -Dmaven.wagon.http.ssl.allowall=true -Dmaven.wagon.http.ssl.ignore.validity.dates=true
[ERROR] Failed to execute goal com.github.eirslett:frontend-maven-plugin:1.4:install-node-and-npm (install node and npm) on project my-web-app:
Could not download Node.js: Could not download https://internalnexus/nexus/content/repositories/software/org/nodejs/node/v6.9.1/node-v6.9.1-linux-x64.tar.gz:
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

What is the expected behavior? Node is downloaded and installed.

Please mention your frontend-maven-plugin and operating system version. Frontend-Maven-Plugin v1.6 OS: RHEL 7.3

senthilkumarselvakesavan commented 7 years ago

Hi all, I have the solution for this, It is working fine for me and the build got success. Don't DO's:

  1. please do not add any new entry in pom.xml like the below

       ` <nodeDownloadRoot>https://nodejs.org/dist/</nodeDownloadRoot>
     <npmDownloadRoot>http://registry.npmjs.org/npm/-/</npmDownloadRoot>`
    1. It will append extra line to the actual url to download nodejs and npm.

DO's.

  1. please verify the URL return by maven logs in the browser.
  2. It should open the download path of nodejs
  3. you just add the network proxy in Maven's settings.xml file ` optional true http username password xxx.xx.xx.xx *****port number ` Note: your company's network proxy and it's host, username, password details. 4. mvn clean install , it will be downloaded and install automatically ... you can see the magic in Maven console.

I hope it will help you guys... :)

Regards, Senthilkumar.S RENAULT NISSAN-CHENNAI

mattfirtion commented 6 years ago

@senthilkumarselvakesavan, that solution is fine if you can download the archive through a proxy. nodeDownloadRoot and npmDownloadRoot allow you to specify a different location, i.e. an internal web server.

This is documented in the plugin, so I don't see how this is a "Don't".

Lukasz401 commented 6 years ago

Have the same issue with version 1.5

patricker commented 5 years ago

This is not an issue of the proxy not being properly identified. This happens when the corporate network is replacing all SSL certificates with their own. These certs are not trusted by default.

RestfulBlue commented 5 years ago

is there any way to avoid it? or this plugin cant be used in such case?:/

zrss commented 5 years ago

any new on this topic ? i also met this case

zrss commented 5 years ago

and in my case, curl works well

curl https://nodejs.org/dist/v10.11.0/node-v10.11.0-linux-x64.tar.gz -o tmp

but npm install shows that error

[ERROR] Failed to execute goal com.github.eirslett:frontend-maven-plugin:1.6:install-node-and-npm (install node and npm) on project alluxio-webui: Could not download Node.js: Could not download https://nodejs.org/dist/v10.11.0/node-v10.11.0-linux-x64.tar.gz: Unrecognized SSL message, plaintext connection? -> [Help 1]
zrss commented 5 years ago

fine, i find a solution to workaround ... just replace https to http (thx for the http protocol is still supported by node and npm ...)

<!-- optional: where to download node from. Defaults to https://nodejs.org/dist/ -->
<nodeDownloadRoot>http://nodejs.org/dist/</nodeDownloadRoot>
<!-- optional: where to download npm from. Defaults to https://registry.npmjs.org/npm/-/ -->
<npmDownloadRoot>http://registry.npmjs.org/npm/-/</npmDownloadRoot>
Axinet commented 4 years ago

Running mvn with a -Djavax.net.debug=ssl flag shows, that whole maven loads my JAVA_HOME keystore:

trustStore is: C:\Program Files\...\jre\lib\security\cacerts

but when its time to download the node from a host with certificate added to above keystore there are separate logs section:

keyStore is : 
keyStore type is : jks

so for unknown reason FileDownloader/DefaultFileDownloader doesn't use keystore from JAVA_HOME but empty/none/default one so there is no way to install certificate :(

ghost commented 4 years ago

After installing the certificate chain in cacerts please use the following arguments:

-Djavax.net.ssl.trustStore={Path to your keystore}
-Djavax.net.ssl.trustStorePassword={Password of your keystore}
felixsilberstein commented 4 years ago

Supporting patricker comment, I disabled my corporate VPN and it worked.