This page is not created by, affiliated with, or supported by Slack Technologies, Inc.
2018-11-16
Channels
- # announcements (11)
- # beginners (184)
- # calva (91)
- # cider (68)
- # cljdoc (42)
- # cljs-dev (44)
- # clojure (228)
- # clojure-dev (1)
- # clojure-europe (3)
- # clojure-italy (4)
- # clojure-losangeles (6)
- # clojure-nl (9)
- # clojure-spec (73)
- # clojure-uk (19)
- # clojurescript (61)
- # core-async (6)
- # cursive (2)
- # datomic (11)
- # fulcro (28)
- # hyperfiddle (16)
- # leiningen (2)
- # luminus (3)
- # off-topic (19)
- # om-next (1)
- # re-frame (2)
- # reagent (12)
- # reitit (4)
- # ring-swagger (5)
- # shadow-cljs (14)
- # slack-help (6)
- # spacemacs (2)
- # tools-deps (40)
- # vim (15)
- # yada (4)
has there been any discussion around preventing things like this:
(tdeps/resolve-deps
{:deps '{clj-time {:mvn/version "0.8.0"}
clj-time/clj-time {:mvn/version "0.7.0"}}
:mvn/repos default-repos}
nil)
Should be fine - there is a canonicalization step
I'm working on migrating a project from lein to tools.deps, and need to access an authenticated repo. https://clojure.org/reference/deps_and_cli#_procurers says that the credentials are pulled from ~/.m2/settings.xml
, which doesn't work well for us. Is there another method for specifying credentials, or plans to expose one?
in short, no
I'd be fine with embedding the credentials in deps.edn
- ours are generated by make
, and are never checked in
we are not fine with putting any kind of credentials in deps.edn so will not be doing that
perhaps there is some other way to pull credentials from a trusted source
What about a tools.deps-specific file for them? ~/.tools-deps.edn
would possibly work, and is as secure as ~/.m2/settings.xml
@tcrawley settings.xml is more secure. It supports encryption. Unless tools.deps adds encryption.
why is that different for you from making a ~/.m2/settings.xml?
have no desire to do the encryption stuff
@tcrawley if you wanted to get really crazy. You could generate a server into ~/.m2/settings.xml and use a reference to that in deps.edn.
right, I'd just like to avoid that if possible :) I can output an alternate settings.xml, then tell tools.deps to use that if the maven libs support setting that via an environment variable and it actually works
there's also a bug with the credentials in settings.xml. its on github issues for s3 wagon maybe? alex had very useful information in it
that is not an issue with tools.deps (as I am using a different version than s3-wagon-private)
the stuff documented at https://clojure.org/reference/deps_and_cli should work
Why does this produce a REPL instead of running my main opts?
clj -Sdeps '{:aliases {:jar {:extra-deps #:com.healthfinch{depstar {:git/url "", :sha "2879672df7fd296855563c22dd9ba9de2022a0b4"}}}, :main-opts ["-m" "hf.depstar.uberjar" "foo.jar"]}}' -A:jar
Clojure 1.9.0
user=>
I figured out how to tell the maven lib to use a different settings.xml file by setting the org.apache.maven.user-settings
sysprop. However, clojure
doesn't expose a way to pass options to the make-classpath
java invocation. Is that something you would be interested in exposing @alexmiller?
Would prob rather add a top level :mvn/ key but would be good to have a ticket regardless
I was thinking about a general way to pass options to that invocation, but a top-level :mvn/settings-file
(or whatnot) would work for this use-case. I'll file a ticket.