Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

When trying to resolve a target platform from a p2 repo to be accessed over an authenticated mirror, Tycho fails to authenticate against the mirror. #2930

Closed
kevloral opened this issue Oct 15, 2023 · 11 comments
Closed

When trying to resolve a target platform from a p2 repo to be accessed over an authenticated mirror, Tycho fails to authenticate against the mirror. #2930

kevloral opened this issue Oct 15, 2023 · 11 comments

Comments

@kevloral
Copy link
Contributor

I use Maven 3.9.1. Authentication worked fine when using Tycho 2.7.5 but began to fail with Tycho 3.0.0 and keeps failing using the latest release (4.0.3)

I have a Sonatype Nexus server that acts as a mirror for some p2 repositories. The mirror is declared like this in my Maven settings.xml file:

<mirror>
	<id>nexus-p2</id>			
	<name>Nexus P2</name>
	<url>https://servidor.jma:8443/nexus/content/groups/global-p2/</url>
	<mirrorOf>eclipse_2022-06,eclipse_2023-06,mylyn_3.25,swtbot_snapshots,tpd_nightly</mirrorOf>
	<layout>p2</layout>
    <mirrorOfLayouts>p2</mirrorOfLayouts>
</mirror>

Credentials are also declared for that mirror in the same settings.xml file (password hidden here for obvious reasons):

<server>
	<id>nexus-p2</id>
	<username>jm.arnesto</username>
	<password>********</password>
</server>

Now, if I try to build using Tycho 2.7.5, it works fine. However, as soon as I change the Tycho version (and only the version), I get the following error when trying to access the eclipse_2023-06 repository over the mirror:

Caused by: org.apache.maven.plugin.PluginExecutionException: Execution default of goal org.eclipse.tycho.extras:tycho-eclipserun-plugin:4.0.3:eclipse-run failed: Failed to load p2 repository with ID 'eclipse_2023-06' from location https://download.eclipse.org/releases/2023-06
[..]
Caused by: java.lang.RuntimeException: Failed to load p2 repository with ID 'eclipse_2023-06' from location https://download.eclipse.org/releases/2023-06
[..]
Caused by: org.eclipse.equinox.p2.core.ProvisionException: Unable to read repository at https://servidor.jma:8443/nexus/content/groups/global-p2/.
[..]
Caused by: org.eclipse.equinox.internal.p2.repository.AuthenticationFailedException
    at org.eclipse.tycho.p2maven.transport.SharedHttpCacheStorage$CacheLine.fetchFile (SharedHttpCacheStorage.java:259)
    at org.eclipse.tycho.p2maven.transport.SharedHttpCacheStorage$2.getCacheFile (SharedHttpCacheStorage.java:136)
    at org.eclipse.tycho.p2maven.transport.HttpTransportProtocolHandler.getFile (HttpTransportProtocolHandler.java:50)
    at org.eclipse.tycho.p2maven.transport.TychoRepositoryTransportCacheManager.createCache (TychoRepositoryTransportCacheManager.java:50)
    at org.eclipse.equinox.internal.p2.metadata.repository.SimpleMetadataRepositoryFactory.getLocalFile (SimpleMetadataRepositoryFactory.java:69)
    at org.eclipse.equinox.internal.p2.metadata.repository.SimpleMetadataRepositoryFactory.load (SimpleMetadataRepositoryFactory.java:89)
    at org.eclipse.equinox.internal.p2.metadata.repository.MetadataRepositoryManager.factoryLoad (MetadataRepositoryManager.java:63)
    at org.eclipse.equinox.internal.p2.repository.helpers.AbstractRepositoryManager.loadRepository (AbstractRepositoryManager.java:787)
    at org.eclipse.equinox.internal.p2.repository.helpers.AbstractRepositoryManager.loadRepository (AbstractRepositoryManager.java:685)
    at org.eclipse.equinox.internal.p2.metadata.repository.MetadataRepositoryManager.loadRepository (MetadataRepositoryManager.java:110)
    at org.eclipse.tycho.p2maven.transport.RemoteMetadataRepositoryManager.loadRepository (RemoteMetadataRepositoryManager.java:68)
    at org.eclipse.tycho.p2maven.transport.RemoteMetadataRepositoryManager.loadRepository (RemoteMetadataRepositoryManager.java:59)
    at org.eclipse.tycho.p2resolver.TargetPlatformFactoryImpl.loadMetadataRepository (TargetPlatformFactoryImpl.java:401)
    at org.eclipse.tycho.p2resolver.TargetPlatformFactoryImpl.gatherExternalInstallableUnits (TargetPlatformFactoryImpl.java:375)
    at org.eclipse.tycho.p2resolver.TargetPlatformFactoryImpl.createTargetPlatform (TargetPlatformFactoryImpl.java:223)
    at org.eclipse.tycho.p2resolver.TargetPlatformFactoryImpl.createTargetPlatform (TargetPlatformFactoryImpl.java:207)
    at org.eclipse.tycho.p2resolver.TargetPlatformFactoryImpl.createTargetPlatform (TargetPlatformFactoryImpl.java:172)
    at org.eclipse.tycho.p2resolver.TargetPlatformFactoryImpl.createTargetPlatform (TargetPlatformFactoryImpl.java:118)
    at org.eclipse.tycho.extras.eclipserun.EclipseRunMojo.createEclipseInstallation (EclipseRunMojo.java:344)
    at org.eclipse.tycho.extras.eclipserun.EclipseRunMojo.execute (EclipseRunMojo.java:312)
    at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126)

I have added authentication logging to the Nexus server and, when using 3.0.0+, Tycho sends no credentials at all.

¿Any ideas?
@kevloral kevloral changed the title When accesing a p2 repo using a mirror, Tycho doesn't use the credentials in the settings.xml file When accessing a p2 repo using a mirror, Tycho doesn't use the credentials in the settings.xml file Oct 15, 2023
@laeubi
Copy link
Member

laeubi commented Oct 16, 2023

@kevloral can you try if it helps to have indivual items instead of

<mirrorOf>eclipse_2022-06,eclipse_2023-06,mylyn_3.25,swtbot_snapshots,tpd_nightly</mirrorOf>

Maybe you can try to reproduce the problem with
https://github.com/eclipse-tycho/tycho/blob/master/tycho-its/src/test/java/org/eclipse/tycho/test/target/PasswordProtectedP2RepositoryTest.java

@kevloral
Copy link
Contributor Author

kevloral commented Oct 22, 2023
edited
Loading

@kevloral can you try if it helps to have indivual items instead of

<mirrorOf>eclipse_2022-06,eclipse_2023-06,mylyn_3.25,swtbot_snapshots,tpd_nightly</mirrorOf>

Just tried this and it makes no difference. The problem persists.

Maybe you can try to reproduce the problem with https://github.com/eclipse-tycho/tycho/blob/master/tycho-its/src/test/java/org/eclipse/tycho/test/target/PasswordProtectedP2RepositoryTest.java

Will try this next.

@kevloral
Copy link
Contributor Author

I have run PasswordProtectedP2RepositoryTest (branch 4.0.x) and all the tests completed successfully.

@laeubi
Copy link
Member

laeubi commented Nov 13, 2023

I have run PasswordProtectedP2RepositoryTest (branch 4.0.x) and all the tests completed successfully.

Yes that is expsected, what we need here is to adjust the test (e.g. adding a new testcase) that replicates your local setup and shows the problem.

@stk84
Copy link

stk84 commented Dec 6, 2023

Is there any update on this issue?
I am facing the exact same problem when trying to upgrade from 2.7.3 to any version >= 3.0.0

@laeubi
Copy link
Member

laeubi commented Dec 6, 2023

@stk84 as mentioned we need to adjust

https://github.com/eclipse-tycho/tycho/blob/master/tycho-its/src/test/java/org/eclipse/tycho/test/target/PasswordProtectedP2RepositoryTest.java

to reproduce the problem so we can analyze whats going wrong, or you analyze / fix it with your live infrastructure and propose a PR.

@kevloral
Copy link
Contributor Author

Actually, I have implemented a couple of tests in PasswordProtectedP2RepositoryTest to try to reproduce the problem but, surprisingly, they both pass. Therefore, I think the bug is not fully characterized by the current description. I thought it was just a matter of Tycho not sending credentials when trying to access a repository over a mirror but now I think it is more complex than that, specially because I have found a workaround: when setting the tycho.resolver.classic property to true, the problem does not occur.

@stk84 could you please give that workaround a try to see if that also works for you?

kevloral added a commit to kevloral/tycho that referenced this issue Dec 10, 2023
@kevloral
Test cases for eclipse-tycho#2930
491f961 
Two test cases added for trying to reproduce the bug. As things stand,
they both pass, so they need improving.
@kevloral
Copy link
Contributor Author

I have just found out that when setting the tycho.resolver.classic property to true the problem does not occur any more because the mirror is bypassed entirely. Therefore, not a valid workaround for the problem at all.

@kevloral
Copy link
Contributor Author

The attempt to access the repo over the mirror was being carried out in a spawned eclipse runtime. Therefore, I was not seeing these log messages:

[DEBUG] Fetching credentials for https://servidor.jma:8443/nexus/content/groups/global-p2/p2.index
[DEBUG] https://download.eclipse.org/releases/2023-06 does not match (prefix = https://download.eclipse.org/releases/2023-06, to match = https://servidor.jma:8443/nexus/content/groups/global-p2/p2.index)
[DEBUG] [e3448635-6814-48a3-a822-143ac8b2ed5f][extension>org.eclipse.tycho:tycho-maven-plugin:4.0.4] Searching bundle for class interface org.eclipse.equinox.p2.core.spi.IAgentServiceFactory and location file:/F:/Repositorios/maven/org/eclipse/platform/org.eclipse.equinox.p2.core/2.10.100/org.eclipse.equinox.p2.core-2.10.100.jar
[DEBUG] [e3448635-6814-48a3-a822-143ac8b2ed5f][extension>org.eclipse.tycho:tycho-maven-plugin:4.0.4] Return bundle org.eclipse.equinox.p2.core for location file:/F:/Repositorios/maven/org/eclipse/platform/org.eclipse.equinox.p2.core/2.10.100/org.eclipse.equinox.p2.core-2.10.100.jar
[DEBUG] Fetching credentials for https://servidor.jma:8443/nexus/content/groups/global-p2/content.jar
[DEBUG] https://download.eclipse.org/releases/2023-06 does not match (prefix = https://download.eclipse.org/releases/2023-06, to match = https://servidor.jma:8443/nexus/content/groups/global-p2/content.jar)
[DEBUG] Exit loading repository https://download.eclipse.org/releases/2023-06/

I have highlighted the relevant part. Could all of this be related to this commit?

https://github.com/eclipse-tycho/tycho/pull/2558/commits

kevloral added a commit to kevloral/tycho that referenced this issue Dec 17, 2023
@kevloral
More test cases for eclipse-tycho#2930
c56d094 
Two more test cases added:

- testTargetDefinitionMirror: this one tries to resolve a target
definition from a p2 repo accessed over a mirror with no authentication.
It passes.

- testTargetDefinitionAuthMirror: this one tries to resolve a target
definition from a p2 repo accessed over an authenticated mirror. It
fails, as this is exactly the case that is being reported on the
associated bug.
@kevloral
Copy link
Contributor Author

kevloral commented Dec 17, 2023
edited
Loading

Two more test cases added. The second one successfully reproduces the bug:

  • testTargetDefinitionMirror: this one tries to resolve a target definition from a p2 repo accessed over a mirror with no authentication. It passes.

  • testTargetDefinitionAuthMirror: this one tries to resolve a target definition from a p2 repo accessed over an authenticated mirror. It fails, as this is exactly the case that is being reported on the associated bug.

Now I am going to edit the bug title to more properly describe it.

@kevloral kevloral changed the title When accessing a p2 repo using a mirror, Tycho doesn't use the credentials in the settings.xml file When trying to resolve a target platform from a p2 repo to be accessed over an authenticated mirror, Tycho fails to authenticate against the mirror. Dec 17, 2023
kevloral added a commit to kevloral/tycho that referenced this issue Dec 31, 2023
@kevloral
Fix for eclipse-tycho#2930 and test cases
5349c28 
Mirrors are now included in the returned list of known repo locations.
Also, these test cases have been added:

- testMirror: the test server is accessed over a mirror without
authentication.

- testAuthMirror: the test server is accessed over a mirror with
authentication.

- testTargetDefinitionMirror: this one tries to resolve a target
definition from a p2 repo accessed over a mirror with no authentication.

- testTargetDefinitionAuthMirror: this one tries to resolve a target
definition from a p2 repo accessed over an authenticated mirror. This is
the one that actually reproduced the bug that has been fixed here.
kevloral added a commit to kevloral/tycho that referenced this issue Dec 31, 2023
@kevloral
Fix for eclipse-tycho#2930 and test cases
df34368 
Mirrors are now included in the returned list of known repo locations.
Also, these test cases have been added:

- testMirror: the test server is accessed over a mirror without
authentication.

- testAuthMirror: the test server is accessed over a mirror with
authentication.

- testTargetDefinitionMirror: this one tries to resolve a target
definition from a p2 repo accessed over a mirror with no authentication.

- testTargetDefinitionAuthMirror: this one tries to resolve a target
definition from a p2 repo accessed over an authenticated mirror. This is
the one that actually reproduced the bug that has been fixed here.
kevloral added a commit to kevloral/tycho that referenced this issue Jan 21, 2024
@kevloral
Fix for eclipse-tycho#2930 and test cases
b10e3fc 
Mirrors are now included in the returned list of known repo locations.
Also, these test cases have been added:

- testMirror: the test server is accessed over a mirror without
authentication.

- testAuthMirror: the test server is accessed over a mirror with
authentication.

- testTargetDefinitionMirror: this one tries to resolve a target
definition from a p2 repo accessed over a mirror with no authentication.

- testTargetDefinitionAuthMirror: this one tries to resolve a target
definition from a p2 repo accessed over an authenticated mirror. This is
the one that actually reproduced the bug that has been fixed here.
laeubi pushed a commit that referenced this issue Jan 22, 2024
@kevloral @laeubi
Fix for #2930 and test cases
1b787a7 
Mirrors are now included in the returned list of known repo locations.
Also, these test cases have been added:

- testMirror: the test server is accessed over a mirror without
authentication.

- testAuthMirror: the test server is accessed over a mirror with
authentication.

- testTargetDefinitionMirror: this one tries to resolve a target
definition from a p2 repo accessed over a mirror with no authentication.

- testTargetDefinitionAuthMirror: this one tries to resolve a target
definition from a p2 repo accessed over an authenticated mirror. This is
the one that actually reproduced the bug that has been fixed here.
github-actions bot pushed a commit that referenced this issue Jan 22, 2024
@kevloral
Fix for #2930 and test cases
82ad321 
Mirrors are now included in the returned list of known repo locations.
Also, these test cases have been added:

- testMirror: the test server is accessed over a mirror without
authentication.

- testAuthMirror: the test server is accessed over a mirror with
authentication.

- testTargetDefinitionMirror: this one tries to resolve a target
definition from a p2 repo accessed over a mirror with no authentication.

- testTargetDefinitionAuthMirror: this one tries to resolve a target
definition from a p2 repo accessed over an authenticated mirror. This is
the one that actually reproduced the bug that has been fixed here.

(cherry picked from commit 1b787a7)
laeubi pushed a commit that referenced this issue Jan 22, 2024
@kevloral @laeubi
Fix for #2930 and test cases
c640b40 
Mirrors are now included in the returned list of known repo locations.
Also, these test cases have been added:

- testMirror: the test server is accessed over a mirror without
authentication.

- testAuthMirror: the test server is accessed over a mirror with
authentication.

- testTargetDefinitionMirror: this one tries to resolve a target
definition from a p2 repo accessed over a mirror with no authentication.

- testTargetDefinitionAuthMirror: this one tries to resolve a target
definition from a p2 repo accessed over an authenticated mirror. This is
the one that actually reproduced the bug that has been fixed here.

(cherry picked from commit 1b787a7)
@kevloral
Copy link
Contributor Author

kevloral commented Feb 4, 2024

Fixed in main and 4.0.5.

@kevloral kevloral closed this as completed Feb 4, 2024
@kevloral kevloral mentioned this issue Feb 11, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@laeubi @kevloral @stk84