search

flosell / lambdacd

a library to define a continuous delivery pipeline in code
https://www.lambda.cd/
Apache License 2.0
677 stars 59 forks source link

Insecure repository in project.clj #171

Closed philippnormann closed 7 years ago

philippnormann commented 7 years ago

Bug:

Leiningen 2.8.0 introduces more strict checks on repositories. All repositories must use TLS encryption.

The included repo for the ProcessTreeKiller doesn't use HTTPS and fails Leiningen's checks. Leiningen fails with the following error message:

Tried to use insecure HTTP repository without TLS.
This is almost certainly a mistake; however in rare cases where it's
intentional please see `lein help faq` for details.

The affected repository is the following: http://repository.activeeon.com/content/repositories/releases/

Steps to reproduce:

  1. Clear maven cache (~/.m2/.repository)
  2. Run lein test
flosell commented 7 years ago

Thanks for reporting this!

This repository contains a relatively obscure library to kill trees of processes (to be able to kill a build step and everything it spawned) and unfortunately that repository wasn't available over TLS.

I replaced this library with a different one (published by the GoCD Project of all people :-)) and released a new version (0.13.3) so upgrading should fix the issue.

If you run into any issues related to killing build steps, please create an issue. Unfortunately the JVM doesn't have good interfaces to deal with processes so everything related to killing them is highly platform dependent and a bit hacky.