Is there a way to automate the task of keeping the settings.xml (used by Maven) in sync with domain password changes? The list of repos in settings.xml is growing as more development migrates to maven, and so the task of updating is also growing.
We've recently started using maven with some internal (corporate) svn repositories that use each developer's domain user ID and password to control their repository access. Our domain passwords expire and must be changed frequently. Which means (frequently) updating ~/.m2/settings.xml with a new password-hash.
I would prefer a bash or csh solution that makes use of simple commands that already exist on my systems.
I saw references to Sonatype Nexus here on SO - looks like it might help, and I will suggest it to our CM staff. But I'm not optimistic that it will be adopted soon, if ever. And I have no time to maintain a private copy of yet-another tool.
Ideas?
Thanks,
Ken
I wrote a bash script that works okay for the purpose. It requires a small addition in ~/.m2/settings.xml for support (see below). The script takes one optional argument: a regex-string used to match optional tag(s) associated with one or more password-hashes in the xml file. I'm using this to indicate Domain-Name, but it could be anything (or nothing, since it is optional).
The script prompts for the new password to be hashed, it constrains the newly-generated hash to be pure alpha-numeric (to avoid potential issues with unintended shell-escapes elsewhere), it makes a backup copy of the settings.xml file, and then it updates the selected hashes in settings.xml. Here is the script:
#!/bin/bash
# Update instances of password-hashes in ~/.m2/settings.xml for a given password [and domain]
# Usage: ./mvnpwd.sh [domain-name-regex-string]
# Force domain-string to upper-case to keep things simple ...
mvnDomainNameRegexString=`echo $1 | tr '[a-z]' '[A-Z]'`
echo -n "New Password: "
read -s mvnPassword
echo
# Prefer pure alpha-numeric hash ...
mvnPasswordHash=""
while [ -z "$mvnPasswordHash" ]
do
mvnHashMash=`mvn --encrypt-password "$mvnPassword"`
mvnPasswordHash=`echo "$mvnHashMash" | egrep -o "\{[[:alnum:]]+\=\}"`
done
cp ~/.m2/settings.xml ~/.m2/settings.xml.old
oldPasswordHash=`egrep -o "<changingPasswordHash_*$mvnDomainNameRegexString>\{[a-zA-Z0-9]+\=\}</changingPasswordHash_*$mvnDomainNameRegexString>" ~/.m2/settings.xml | egrep -o "\{[a-zA-Z0-9]+\=\}"`
set $oldPasswordHash
for p do
sed --in-place -e "s/$p/$mvnPasswordHash/g" ~/.m2/settings.xml
done
I added a comment-block near the top of the settings.xml file to support my script. I'm using xml-like tags to identify (for the script) password-hash values used elsewhere in the xml file, AND to associate any [optional] domain-name with a given hash value. Since all this occurs within a comment-block, maven should ignore it. Here is a sample settings.xml:
<settings>
<!-- Info below is to aid in updating passwords that change periodically (e.g., domain password) ...
<changingPasswordHash>{SomeHashWithoutADomainxYzZyHaShGiBbErIsHsTuFf=}</changingPasswordHash>
<changingPasswordHash_MYDOMAIN>{SomeHashForMyDomainxYzZyHaShGiBbErIsHsTuFf=}</changingPasswordHash_MYDOMAIN>
<changingPasswordHash_ANOTHERDOMAIN>{SomeHashForAnotherDomainxYzZyHaShGiBbErIsHsTuFf=}</changingPasswordHash_ANOTHERDOMAIN>
-->
<proxies>
<proxy>
<active>true</active>
<protocol>http</protocol>
<host>myProxy.rightHere.com</host>
<port>80</port>
<username>justMe</username>
<password>{SomeHashWithoutADomainxYzZyHaShGiBbErIsHsTuFf=}</password>
<nonProxyHosts>*.rightHere.com|*.whereIWork.com</nonProxyHosts>
</proxy>
</proxies>
<servers>
<server>
<id>mySVNrepo1.rightHere.com</id>
<username>justMe</username>
<password>{SomeHashForMyDomainxYzZyHaShGiBbErIsHsTuFf=}</password>
</server>
<server>
<id>corpSVNrepo2.whereIWork.com</id>
<username>justMe</username>
<password>{SomeHashForAnotherDomainxYzZyHaShGiBbErIsHsTuFf=}</password>
</server>
<server>
<id>anotherSVNrepo3.notHere.com</id>
<username>myOtherUserID</username>
<password>{SomeHashWithoutADomainxYzZyHaShGiBbErIsHsTuFf=}</password>
</server>
</servers>
</settings>
