build.sh fails because Maven now requires HTTPS to be used instead of HTTP

[alexhenrie]

./build.sh fails with the following error on my computer:

[ERROR] Failed to execute goal on project OWLTools-Core: Could not resolve dependencies for project org.bbop:OWLTools-Core:jar:0.3.0-SNAPSHOT: Failed to collect dependencies at org.bbop:oboformat-tools:jar:0.7.3: Failed to read artifact descriptor for org.bbop:oboformat-tools:jar:0.7.3: Could not transfer artifact org.bbop:oboformat-tools:pom:0.7.3 from/to maven-default-http-blocker (http://0.0.0.0/): Blocked mirror for repositories: [BerkeleyBOP (http://code.berkeleybop.org/maven/repository/, default, releases+snapshots), BerkeleyBOPSnapshot (http://code.berkeleybop.org/maven/snapshot-repository/, default, releases+snapshots)] -> [Help 1]

This is because Maven 3.8.1, released in April, blocks HTTP downloads by default to prevent man-in-the-middle attacks. Could you please move http://code.berkeleybop.org/maven/repository/ to https://code.berkeleybop.org/maven/repository/ (or another HTTPS location) and update the URLs in OWLTools-Parent/pom.xml?

[egchristensen]

I second this request.

[balhoff]

@alexhenrie and @egchr out of curiosity, are you building owltools itself, or are you including owltools as a dependency in another Maven project? For the former situation, I just wanted to point out in case it was helpful, we do have pre-built releases here: https://github.com/owlcollab/owltools/releases

In any case hopefully the Berkeley group will be able to turn on HTTPS in the near future.

[alexhenrie]

We would use the pre-built releases, but they don't work either because they were built before 3230a8b92b6afb20581dad7ec02e0b7310b0a242.

[alexhenrie]

Sorry, I should have double-checked that before commenting. The pre-built releases do work, so this bug is only a problem when trying to compile OWLTools yourself.

[kltm]

Unfortunately, getting a cert for our current setup (S3 direct hosting) is not doable, so I'll be pushing it towards a more typical S3/CloudFront setup. I've starting the process of doing the validation and will update here as there is progress.

[alexhenrie]

For what it's worth, Let's Encrypt has been easy to use and has worked very well for me.

[kltm]

@alexhenrie Unfortunately, in this case, not really an option for us unless we setup a machine for this.

[kltm]

I believe I've managed to get the certificate issues sorted out and am now attempting to switch the DNS over to the new site. However, given how it's managed, I can only operate on it at about the frequency of a day. I believe this test should be fine, but there is a small possibility that we'll have to revert due to an outage.

[kltm]

Okay, a little surprised, but it seems that HTTP and HTTPS and now functioning for code.berkeleybop.org. Somebody else may want to check.

Is this sufficient to close this out, or does automatic upgrade need to be added (i.e. maven does not attempt on its own)?

[alexhenrie]

OWLTools-Parent/pom.xml needs to be updated to use the HTTPS addresses. Thanks!

[balhoff]

Fixed by #317.

[balhoff]

@alexhenrie the new URL seemed to work on Travis. Could you give it a try now?

[alexhenrie]

Yes, it works now, thanks!