Fork me on GitHub
#tools-deps
<
2018-11-16
>
martinklepsch09:11:09

has there been any discussion around preventing things like this:

(tdeps/resolve-deps
    {:deps '{clj-time {:mvn/version "0.8.0"}
             clj-time/clj-time {:mvn/version "0.7.0"}}
     :mvn/repos default-repos}
    nil)

Alex Miller (Clojure team)13:11:58

Should be fine - there is a canonicalization step

tcrawley17:11:32

I'm working on migrating a project from lein to tools.deps, and need to access an authenticated repo. https://clojure.org/reference/deps_and_cli#_procurers says that the credentials are pulled from ~/.m2/settings.xml, which doesn't work well for us. Is there another method for specifying credentials, or plans to expose one?

tcrawley17:11:07

I'd be fine with embedding the credentials in deps.edn - ours are generated by make, and are never checked in

Alex Miller (Clojure team)17:11:27

we are not fine with putting any kind of credentials in deps.edn so will not be doing that

Alex Miller (Clojure team)17:11:40

perhaps there is some other way to pull credentials from a trusted source

tcrawley17:11:31

What about a tools.deps-specific file for them? ~/.tools-deps.edn would possibly work, and is as secure as ~/.m2/settings.xml

dominicm17:11:13

@tcrawley settings.xml is more secure. It supports encryption. Unless tools.deps adds encryption.

Alex Miller (Clojure team)17:11:16

why is that different for you from making a ~/.m2/settings.xml?

Alex Miller (Clojure team)17:11:35

have no desire to do the encryption stuff

tcrawley17:11:54

@dominicm does tools.deps support encrypted ~/.m2/settings.xml?

Alex Miller (Clojure team)17:11:08

it uses the Maven apis, so should

👍 4
tcrawley17:11:20

ah, that makes sense

Alex Miller (Clojure team)17:11:33

can’t say that I’ve actually done it

👍 4
dominicm18:11:03

@tcrawley if you wanted to get really crazy. You could generate a server into ~/.m2/settings.xml and use a reference to that in deps.edn.

dominicm18:11:13

xml is just data after all.

tcrawley18:11:35

right, I'd just like to avoid that if possible :) I can output an alternate settings.xml, then tell tools.deps to use that if the maven libs support setting that via an environment variable and it actually works

tcrawley18:11:38

I'll try that first

dpsutton18:11:05

there's also a bug with the credentials in settings.xml. its on github issues for s3 wagon maybe? alex had very useful information in it

dpsutton18:11:16

it affects my ubuntu coworkers but not me on fedora right now

Alex Miller (Clojure team)18:11:43

that is not an issue with tools.deps (as I am using a different version than s3-wagon-private)

kenny18:11:00

Why does this produce a REPL instead of running my main opts?

clj -Sdeps '{:aliases {:jar {:extra-deps #:com.healthfinch{depstar {:git/url "", :sha "2879672df7fd296855563c22dd9ba9de2022a0b4"}}}, :main-opts ["-m" "hf.depstar.uberjar" "foo.jar"]}}' -A:jar
Clojure 1.9.0
user=>

ghadi18:11:50

because the ns'ed map syntax is qualifying :sha incorrectly

kenny18:11:51

Wow, :main-opts is at the wrong level. Oops...

kenny18:11:04

Great start to the day 🙃

ghadi18:11:10

main opts isn't supported top-level, AFAIK

ghadi18:11:36

but yeah it's at the wrong level

kenny18:11:42

Shouldn't there be some validation there?

kenny18:11:56

I passed a vector instead of a map to an alias.

tcrawley21:11:32

I figured out how to tell the maven lib to use a different settings.xml file by setting the org.apache.maven.user-settings sysprop. However, clojure doesn't expose a way to pass options to the make-classpath java invocation. Is that something you would be interested in exposing @alexmiller?

tcrawley21:11:00

I can work around it with a custom copy of the clojure script for now

Alex Miller (Clojure team)21:11:04

Would prob rather add a top level :mvn/ key but would be good to have a ticket regardless

tcrawley21:11:39

I was thinking about a general way to pass options to that invocation, but a top-level :mvn/settings-file (or whatnot) would work for this use-case. I'll file a ticket.

dominicm21:11:54

I initially thought it would not work, but as long as -Sdeps is considered, it works quite well.

tcrawley21:11:51

@dominicm what "it" are you referring to?

dominicm21:11:17

A top level key rather than an environment variable @tcrawley