[JENKINS-15871] Maven Release Plugin doesn't properly escape user's passwords during release

Type: Bug
Resolution: Duplicate
Priority: Minor
Component/s: m2release-plugin
Labels:
- plugin
Environment:
RHEL 6 and tomcat 7

Similar Issues:
Powered by SuggestiMate

Show

One of our users had '$$' as part of their password which was causing the release to fail with the below:

The svn command failed.
Command output:
svn: Commit failed (details follow):
svn: OPTIONS of 'http://myrepo/mysource': authorization failed: Could not authenticate to server: rejected Basic challenge (http://myrepo)

They had no problem committing directly to svn (through tortoise and eclipse) or browsing the directory with a browser.

Once their password was changed to have no '$'s in it, the release process worked normally.

duplicates

JENKINS-14781 Maven Release Plugin performs build without goals

Open

James Nord added a comment - 2012-11-20 01:12

JENKINS-14781

James Nord added a comment - 2012-11-20 01:12 JENKINS-14781

Michael Rumpf added a comment - 2013-10-04 09:21 - edited

I have another example under Windows:

USER: USERNAME
PWD: abc&xyz

10:38:41 [DEBUG] Configuring mojo 'org.apache.maven.plugins:maven-release-plugin:2.0:prepare' with basic configurator -->
10:38:41 [DEBUG]   (f) addSchema = true
10:38:41 [DEBUG]   (f) allowReleasePluginSnapshot = false
10:38:41 [DEBUG]   (f) allowTimestampedSnapshots = false
10:38:41 [DEBUG]   (f) autoVersionSubmodules = false
10:38:41 [DEBUG]   (s) basedir = D:\export\build\jenkins-slave-sbs2\workspace\project-trunk
10:38:41 [DEBUG]   (f) commitByProject = false
10:38:41 [DEBUG]   (f) developmentVersion = 1.2.3.4-SNAPSHOT
10:38:41 [DEBUG]   (f) dryRun = true
10:38:41 [DEBUG]   (f) generateReleasePoms = false
10:38:41 [DEBUG]   (f) javaHome = D:\export\build\jenkins-slave-sbs2\tools\hudson.model.JDK\JDK1.7.0_latest_\jre
10:38:41 [DEBUG]   (f) localCheckout = false
10:38:41 [DEBUG]   (f) mavenExecutorId = invoker
10:38:41 [DEBUG]   (f) mavenHome = D:\export\build\jenkins-slave-sbs2\tools\hudson.tasks.Maven_MavenInstallation\maven-3.0.4
10:38:41 [DEBUG]   (f) password = abc&xyz
10:38:41 [DEBUG]   (f) preparationGoals = clean verify
10:38:41 [DEBUG]   (f) project = MavenProject: com.company.group:artifact:1.2.3.4-SNAPSHOT @ D:\export\build\jenkins-slave-sbs2\workspace\project-trunk\pom.xml
10:38:41 [DEBUG]   (f) reactorProjects = [MavenProject: com.company.group:artifact:1.2.3.4-SNAPSHOT @ D:\export\build\jenkins-slave-sbs2\workspace\project-trunk\pom.xml]
10:38:41 [DEBUG]   (f) releaseVersion = 1.2.3.4
10:38:41 [DEBUG]   (f) remoteTagging = true
10:38:41 [DEBUG]   (f) resume = false
10:38:41 [DEBUG]   (f) scmCommentPrefix = [maven-release-plugin] 
10:38:41 [DEBUG]   (f) session = org.apache.maven.execution.MavenSession@2b5fab
10:38:41 [DEBUG]   (f) settings = org.apache.maven.execution.SettingsAdapter@1bc0e73
10:38:41 [DEBUG]   (f) updateDependencies = true
10:38:41 [DEBUG]   (f) useEditMode = false
10:38:41 [DEBUG]   (f) username = USERNAME
10:38:41 [DEBUG] -- end configuration --
10:38:41 [INFO] Verifying that there are no local modifications...
10:38:41 [INFO] Executing: cmd.exe /X /C "svn --username USERNAME --password ***** --non-interactive status"
10:38:41 [INFO] Working directory: D:\export\build\jenkins-slave-sbs2\workspace\project-trunk
10:38:50 [INFO] ------------------------------------------------------------------------
10:38:50 [INFO] BUILD FAILURE
10:38:50 [INFO] ------------------------------------------------------------------------
10:38:50 [INFO] Total time: 10.936s
10:38:50 [INFO] Finished at: Fri Oct 04 10:38:50 CEST 2013
10:38:50 [INFO] Final Memory: 7M/19M
10:38:50 [INFO] ------------------------------------------------------------------------
10:38:51 [JENKINS] Archiving disabled
10:38:52 Waiting for Jenkins to finish collecting data
10:38:52 mavenExecutionResult exceptions not empty
10:38:52 message : Failed to execute goal org.apache.maven.plugins:maven-release-plugin:2.0:prepare (default-cli) on project artifact: Unable to check for local modifications
10:38:52 Provider message:
10:38:52 The svn command failed.
10:38:52 Command output:
10:38:52 Subcommand argument required
10:38:52 Type 'svn help' for usage.
10:38:52 'xyz' is not recognized as an internal or external command,
10:38:52 operable program or batch file.
10:38:52 
10:38:52 cause : Unable to check for local modifications
10:38:52 Provider message:
10:38:52 The svn command failed.
10:38:52 Command output:
10:38:52 Subcommand argument required
10:38:52 Type 'svn help' for usage.
10:38:52 'xyz' is not recognized as an internal or external command,
10:38:52 operable program or batch file.
10:38:52 
10:38:52 Stack trace : 
10:38:52 org.apache.maven.lifecycle.LifecycleExecutionException: Failed to execute goal org.apache.maven.plugins:maven-release-plugin:2.0:prepare (default-cli) on project artifact: Unable to check for local modifications

The workaround is to ask users to remove shell special characters from their passwords.

Michael Rumpf added a comment - 2013-10-04 09:21 - edited I have another example under Windows: USER: USERNAME PWD: abc&xyz 10:38:41 [DEBUG] Configuring mojo 'org.apache.maven.plugins:maven-release-plugin:2.0:prepare' with basic configurator --> 10:38:41 [DEBUG] (f) addSchema = true 10:38:41 [DEBUG] (f) allowReleasePluginSnapshot = false 10:38:41 [DEBUG] (f) allowTimestampedSnapshots = false 10:38:41 [DEBUG] (f) autoVersionSubmodules = false 10:38:41 [DEBUG] (s) basedir = D:\export\build\jenkins-slave-sbs2\workspace\project-trunk 10:38:41 [DEBUG] (f) commitByProject = false 10:38:41 [DEBUG] (f) developmentVersion = 1.2.3.4-SNAPSHOT 10:38:41 [DEBUG] (f) dryRun = true 10:38:41 [DEBUG] (f) generateReleasePoms = false 10:38:41 [DEBUG] (f) javaHome = D:\export\build\jenkins-slave-sbs2\tools\hudson.model.JDK\JDK1.7.0_latest_\jre 10:38:41 [DEBUG] (f) localCheckout = false 10:38:41 [DEBUG] (f) mavenExecutorId = invoker 10:38:41 [DEBUG] (f) mavenHome = D:\export\build\jenkins-slave-sbs2\tools\hudson.tasks.Maven_MavenInstallation\maven-3.0.4 10:38:41 [DEBUG] (f) password = abc&xyz 10:38:41 [DEBUG] (f) preparationGoals = clean verify 10:38:41 [DEBUG] (f) project = MavenProject: com.company.group:artifact:1.2.3.4-SNAPSHOT @ D:\export\build\jenkins-slave-sbs2\workspace\project-trunk\pom.xml 10:38:41 [DEBUG] (f) reactorProjects = [MavenProject: com.company.group:artifact:1.2.3.4-SNAPSHOT @ D:\export\build\jenkins-slave-sbs2\workspace\project-trunk\pom.xml] 10:38:41 [DEBUG] (f) releaseVersion = 1.2.3.4 10:38:41 [DEBUG] (f) remoteTagging = true 10:38:41 [DEBUG] (f) resume = false 10:38:41 [DEBUG] (f) scmCommentPrefix = [maven-release-plugin] 10:38:41 [DEBUG] (f) session = org.apache.maven.execution.MavenSession@2b5fab 10:38:41 [DEBUG] (f) settings = org.apache.maven.execution.SettingsAdapter@1bc0e73 10:38:41 [DEBUG] (f) updateDependencies = true 10:38:41 [DEBUG] (f) useEditMode = false 10:38:41 [DEBUG] (f) username = USERNAME 10:38:41 [DEBUG] -- end configuration -- 10:38:41 [INFO] Verifying that there are no local modifications... 10:38:41 [INFO] Executing: cmd.exe /X /C "svn --username USERNAME --password ***** --non-interactive status" 10:38:41 [INFO] Working directory: D:\export\build\jenkins-slave-sbs2\workspace\project-trunk 10:38:50 [INFO] ------------------------------------------------------------------------ 10:38:50 [INFO] BUILD FAILURE 10:38:50 [INFO] ------------------------------------------------------------------------ 10:38:50 [INFO] Total time: 10.936s 10:38:50 [INFO] Finished at: Fri Oct 04 10:38:50 CEST 2013 10:38:50 [INFO] Final Memory: 7M/19M 10:38:50 [INFO] ------------------------------------------------------------------------ 10:38:51 [JENKINS] Archiving disabled 10:38:52 Waiting for Jenkins to finish collecting data 10:38:52 mavenExecutionResult exceptions not empty 10:38:52 message : Failed to execute goal org.apache.maven.plugins:maven-release-plugin:2.0:prepare ( default -cli) on project artifact: Unable to check for local modifications 10:38:52 Provider message: 10:38:52 The svn command failed. 10:38:52 Command output: 10:38:52 Subcommand argument required 10:38:52 Type 'svn help' for usage. 10:38:52 'xyz' is not recognized as an internal or external command, 10:38:52 operable program or batch file. 10:38:52 10:38:52 cause : Unable to check for local modifications 10:38:52 Provider message: 10:38:52 The svn command failed. 10:38:52 Command output: 10:38:52 Subcommand argument required 10:38:52 Type 'svn help' for usage. 10:38:52 'xyz' is not recognized as an internal or external command, 10:38:52 operable program or batch file. 10:38:52 10:38:52 Stack trace : 10:38:52 org.apache.maven.lifecycle.LifecycleExecutionException: Failed to execute goal org.apache.maven.plugins:maven-release-plugin:2.0:prepare ( default -cli) on project artifact: Unable to check for local modifications The workaround is to ask users to remove shell special characters from their passwords.

Mircea D added a comment - 2015-03-02 12:42 - edited

Could you please reopen this? A colleague of mine is using ^ in her password (which is the escape character for batch files) and that also doesn't seem to be escaped properly:

[INFO] Executing: cmd.exe /X /C "svn --username xyz --password ***** --no-auth-cache --non-interactive commit --file C:\Windows\TEMP\maven-scm-1733557087.commit --targets C:\Windows\TEMP\maven-scm-998404332084042799-targets"
[INFO] Working directory: C:\Program Files (x86)\Jenkins\workspace\Server trunk
Notifying upstream projects of job completion
Join notifier requires a CauseAction
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO] 
[INFO] Server Product ........................... FAILURE [01:44 min]
[INFO] Base Module ......................... SKIPPED
[INFO] Simulator ........................... SKIPPED
[INFO] Module ....................... SKIPPED
[INFO] Gate Module ......................... SKIPPED
[INFO] Host Module ......................... SKIPPED
[INFO] Server ................................... SKIPPED
[INFO] DB Import ................................ SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 01:45 min
[INFO] Finished at: 2015-02-27T16:54:50+01:00
[INFO] Final Memory: 11M/30M
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-release-plugin:2.5:prepare (default-cli) on project ***-server-product: Unable to commit files
[ERROR] Provider message:
[ERROR] The svn command failed.
[ERROR] Command output:
[ERROR] svn: E170001: Commit failed (details follow):
[ERROR] svn: E170001: Unable to connect to a repository at URL 'http://***:8080/svnlls/projects/***/server/trunk'
[ERROR] svn: E170001: OPTIONS of 'http://***:8080/svnlls/projects/***/server/trunk': authorization failed: Could not authenticate to server: ignored NTLM challenge, rejected Basic challenge (http://***:8080)
[ERROR] -> [Help 1]
org.apache.maven.lifecycle.LifecycleExecutionException: Failed to execute goal org.apache.maven.plugins:maven-release-plugin:2.5:prepare (default-cli) on project ***-server-product: Unable to commit files
Provider message:
The svn command failed.
Command output:
svn: E170001: Commit failed (details follow):
svn: E170001: Unable to connect to a repository at URL 'http://***:8080/svnlls/projects/***/server/trunk'
svn: E170001: OPTIONS of 'http://***:8080/svnlls/projects/***/server/trunk': authorization failed: Could not authenticate to server: ignored NTLM challenge, rejected Basic challenge (http://***:8080)

	at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:212)
	at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:153)
	at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:145)
	at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:116)
	at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:80)
	at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build(SingleThreadedBuilder.java:51)
	at org.apache.maven.lifecycle.internal.LifecycleStarter.execute(LifecycleStarter.java:120)
	at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:347)
	at org.apache.maven.DefaultMaven.execute(DefaultMaven.java:154)
	at org.jvnet.hudson.maven3.launcher.Maven31Launcher.main(Maven31Launcher.java:132)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:483)
	at org.codehaus.plexus.classworlds.launcher.Launcher.launchStandard(Launcher.java:330)
	at org.codehaus.plexus.classworlds.launcher.Launcher.launch(Launcher.java:238)
	at jenkins.maven3.agent.Maven31Main.launch(Maven31Main.java:181)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:483)
	at hudson.maven.Maven3Builder.call(Maven3Builder.java:134)
	at hudson.maven.Maven3Builder.call(Maven3Builder.java:69)
	at hudson.remoting.UserRequest.perform(UserRequest.java:118)
	at hudson.remoting.UserRequest.perform(UserRequest.java:48)
	at hudson.remoting.Request$2.run(Request.java:326)
	at hudson.remoting.InterceptingExecutorService$1.call(InterceptingExecutorService.java:72)
	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at java.lang.Thread.run(Thread.java:745)
Caused by: org.apache.maven.plugin.MojoFailureException: Unable to commit files
...

Mircea D added a comment - 2015-03-02 12:42 - edited Could you please reopen this? A colleague of mine is using ^ in her password (which is the escape character for batch files) and that also doesn't seem to be escaped properly: [INFO] Executing: cmd.exe /X /C "svn --username xyz --password ***** --no-auth-cache --non-interactive commit --file C:\Windows\TEMP\maven-scm-1733557087.commit --targets C:\Windows\TEMP\maven-scm-998404332084042799-targets" [INFO] Working directory: C:\Program Files (x86)\Jenkins\workspace\Server trunk Notifying upstream projects of job completion Join notifier requires a CauseAction [INFO] ------------------------------------------------------------------------ [INFO] Reactor Summary: [INFO] [INFO] Server Product ........................... FAILURE [01:44 min] [INFO] Base Module ......................... SKIPPED [INFO] Simulator ........................... SKIPPED [INFO] Module ....................... SKIPPED [INFO] Gate Module ......................... SKIPPED [INFO] Host Module ......................... SKIPPED [INFO] Server ................................... SKIPPED [INFO] DB Import ................................ SKIPPED [INFO] ------------------------------------------------------------------------ [INFO] BUILD FAILURE [INFO] ------------------------------------------------------------------------ [INFO] Total time: 01:45 min [INFO] Finished at: 2015-02-27T16:54:50+01:00 [INFO] Final Memory: 11M/30M [INFO] ------------------------------------------------------------------------ [ERROR] Failed to execute goal org.apache.maven.plugins:maven-release-plugin:2.5:prepare ( default -cli) on project ***-server-product: Unable to commit files [ERROR] Provider message: [ERROR] The svn command failed. [ERROR] Command output: [ERROR] svn: E170001: Commit failed (details follow): [ERROR] svn: E170001: Unable to connect to a repository at URL 'http: / /***:8080/svnlls/projects/***/ server/trunk' [ERROR] svn: E170001: OPTIONS of 'http: / /***:8080/svnlls/projects/***/ server/trunk' : authorization failed: Could not authenticate to server: ignored NTLM challenge, rejected Basic challenge (http://***:8080) [ERROR] -> [Help 1] org.apache.maven.lifecycle.LifecycleExecutionException: Failed to execute goal org.apache.maven.plugins:maven-release-plugin:2.5:prepare ( default -cli) on project ***-server-product: Unable to commit files Provider message: The svn command failed. Command output: svn: E170001: Commit failed (details follow): svn: E170001: Unable to connect to a repository at URL 'http: / /***:8080/svnlls/projects/***/ server/trunk' svn: E170001: OPTIONS of 'http: / /***:8080/svnlls/projects/***/ server/trunk' : authorization failed: Could not authenticate to server: ignored NTLM challenge, rejected Basic challenge (http://***:8080) at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:212) at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:153) at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:145) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:116) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:80) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build(SingleThreadedBuilder.java:51) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute(LifecycleStarter.java:120) at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:347) at org.apache.maven.DefaultMaven.execute(DefaultMaven.java:154) at org.jvnet.hudson.maven3.launcher.Maven31Launcher.main(Maven31Launcher.java:132) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:483) at org.codehaus.plexus.classworlds.launcher.Launcher.launchStandard(Launcher.java:330) at org.codehaus.plexus.classworlds.launcher.Launcher.launch(Launcher.java:238) at jenkins.maven3.agent.Maven31Main.launch(Maven31Main.java:181) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:483) at hudson.maven.Maven3Builder.call(Maven3Builder.java:134) at hudson.maven.Maven3Builder.call(Maven3Builder.java:69) at hudson.remoting.UserRequest.perform(UserRequest.java:118) at hudson.remoting.UserRequest.perform(UserRequest.java:48) at hudson.remoting.Request$2.run(Request.java:326) at hudson.remoting.InterceptingExecutorService$1.call(InterceptingExecutorService.java:72) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang. Thread .run( Thread .java:745) Caused by: org.apache.maven.plugin.MojoFailureException: Unable to commit files ...

Daniel Beck added a comment - 2015-03-02 12:49

This is a duplicate of another issue and does not need to be reopened for any reason other than this not actually being a duplicate.

Daniel Beck added a comment - 2015-03-02 12:49 This is a duplicate of another issue and does not need to be reopened for any reason other than this not actually being a duplicate.

Mircea D added a comment - 2015-03-02 13:15

@Daniel, yes, true, I've only seen that after posting the comment. I apologize.

Mircea D added a comment - 2015-03-02 13:15 @Daniel, yes, true, I've only seen that after posting the comment. I apologize.

Details

Description

Attachments

Issue Links

Activity

Collapse comment: James Nord added a comment - 2012-11-20 01:12

Expand comment: James Nord added a comment - 2012-11-20 01:12

Collapse comment: Michael Rumpf added a comment - 2013-10-04 09:21, Edited by Michael Rumpf - 2013-10-04 09:21

Expand comment: Michael Rumpf added a comment - 2013-10-04 09:21, Edited by Michael Rumpf - 2013-10-04 09:21

Collapse comment: Mircea D added a comment - 2015-03-02 12:42, Edited by Mircea D - 2015-03-02 12:43

Expand comment: Mircea D added a comment - 2015-03-02 12:42, Edited by Mircea D - 2015-03-02 12:43

Collapse comment: Daniel Beck added a comment - 2015-03-02 12:49

Expand comment: Daniel Beck added a comment - 2015-03-02 12:49

Collapse comment: Mircea D added a comment - 2015-03-02 13:15

Expand comment: Mircea D added a comment - 2015-03-02 13:15

People

Dates