Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Maven Encryption does not work

See original GitHub issue

Description of the issue: When credentials in settings.xml are encrypted, jib throws a 401 error, but other tools (including https://github.com/jelmerk/maven-settings-decoder) show the proper password.

If I leave password in plaintext in settings.xml it works.

Expected behavior:

Credentials should be decrypted, I expect they are being passed as is.

Steps to reproduce:

mvn --encrypt-master-password <some-string>
# save output to settings-security.xml per docs
mvn --encrypt-password <docker registry password>
# save output to settings.xml server section per docs
mvn compile jib:build
#

Environment:

Apache Maven 3.5.2 (138edd61fd100ec658bfa2d307c43b76940a5d7d; 2017-10-18T03:58:13-04:00)
Maven home: /Users/eddie/.m2/wrapper/dists/apache-maven-3.5.2-bin/28qa8v9e2mq69covern8vmdkj0/apache-maven-3.5.2
Java version: 1.8.0_172, vendor: Oracle Corporation
Java home: /Library/Java/JavaVirtualMachines/jdk1.8.0_172.jdk/Contents/Home/jre

jib-maven-plugin Configuration:


			<plugin>
				<groupId>com.google.cloud.tools</groupId>
				<artifactId>jib-maven-plugin</artifactId>
				<version>0.9.4</version>
				<configuration>
					<to>
						<image>registry.hub.docker.com/eddiewebb/blueskygreenbuilds-demo</image>
					</to>
					<container>
						<jvmFlags>
							<jvmFlag>-Dcircle_build_num=99</jvmFlag>
							<jvmFlag>-Dcircle_commit=1234abcdef</jvmFlag>
							<jvmFlag>-Dcircle_user=eddiewebb</jvmFlag>
							<jvmFlag>-Dcircle_repo=demo-repo</jvmFlag>
							<jvmFlag>-Dcircle_workflow_guid=1234</jvmFlag>
							<jvmFlag>-Dvcap.application.name=blueskygreenbuilds-test</jvmFlag>
						</jvmFlags>
						<ports>
							<port>8080</port>
						</ports>
					</container>
				</configuration>
			</plugin>

~/.m2/settings.xml

<?xml version="1.0" encoding="UTF-8"?>

<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
          xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 http://maven.apache.org/xsd/settings-1.0.0.xsd">
    <servers>
        <server>
            <id>registry.hub.docker.com</id>
            <username>eddiewebb</username>
            <password>{output from --encrypt-password above}</password>
        </server>
    </servers>
</settings>

~/.m2/settings-security.xml

<settingsSecurity>
  <master>{output from --encrypt-master-password above}</master>
</settingsSecurity>

Log output:

[ERROR] Failed to execute goal com.google.cloud.tools:jib-maven-plugin:0.9.4:build (default-cli) on project blueskygreenbuilds: Build image failed, perhaps you should make sure your credentials for ‘registry.hub.docker.com’ are set up correctly: Unauthorized for registry.hub.docker.com/user/imagename: 401 Unauthorized [ERROR] {“details”:“incorrect username or password”}

Additional Information:

To debug I first ran maven with -X, and it confirms the existence of env.maven_security_master={output from --encrypt-master-password}

I then used https://github.com/jelmerk/maven-settings-decoder to decrypt maven credentials.

./settings-decoder/bin/settings-decoder -f ~/.m2/settings.xml -s ~/.m2/settings-security.xml 
Master password is : yep-thats-what-I-entered-above
-------------------------------------------------------------------------
Credentials for server registry.hub.docker.com are :
Username : eddiewebb
Password : yep-that-also-is-my-correct-password-for-docker-that-works-in-plaintext

There are no special characters in my password (letters and numbers) and no special characters in the generated values (I also tried several iterations)

I have seen the mvn release plugin require certain version, so perhaps some dependency of jib is not where it needs to be?