Phil Hagelberg
parent
463b6dc9b9
commit
809c7d33ea
2 changed files with 28 additions and 2 deletions
19
doc/FAQ.md
19
doc/FAQ.md
|
|
@ -216,6 +216,25 @@ property.
|
|||
* You should also check your system clock and make sure the time is accurate; it's possible to run into SSL connection failures if your clock is way out of sync.
|
||||
* If it still doesn't work, please see if any of [these 'ssl' labelled issues](https://github.com/technomancy/leiningen/issues?utf8=%E2%9C%93&q=is%3Aissue%20label%3Assl%20) might help
|
||||
|
||||
**Q:** I got "Tried to use insecure HTTP repository without TLS", what
|
||||
is that about?
|
||||
**A:** This means your project was configured to download dependencies
|
||||
from a repository that does not use TLS encryption. This is very
|
||||
insecure and exposes you to trivially-executed man-in-the-middle attacks.
|
||||
In the rare event that you don't care about the security of the machines
|
||||
running your project, you can re-enable support for unprotected repositories
|
||||
by putting this in your `project.clj` file:
|
||||
|
||||
;; never do this
|
||||
(require 'cemerick.pomegranate.aether)
|
||||
(cemerick.pomegranate.aether/register-wagon-factory!
|
||||
"http "#(org.apache.maven.wagon.providers.http.HttpWagon.))
|
||||
|
||||
It's also possible you have a dependency which includes a reference to
|
||||
an insecure repository for retrieving its own dependencies. If this
|
||||
happens it is strongly recommended to add an `:exclusion` and report a
|
||||
bug with the dependency which does this.
|
||||
|
||||
**Q:** `lein`/`lein.bat` won't download `leiningen-x.y.z-SNAPSHOT.jar`
|
||||
**A:** You probably downloaded `lein`/`lein.bat` from the [master branch](https://github.com/technomancy/leiningen/tree/master/bin). Unless you plan to build leiningen yourself or help develop it, we suggest you use the latest stable version: [lein](https://raw.githubusercontent.com/technomancy/leiningen/stable/bin/lein)/[lein.bat](https://raw.githubusercontent.com/technomancy/leiningen/stable/bin/lein.bat)
|
||||
|
||||
|
|
|
|||
|
|
@ -5,8 +5,9 @@
|
|||
[leiningen.core.utils :as utils]
|
||||
[clojure.java.io :as io]
|
||||
[clojure.string :as string]
|
||||
[clojure.stacktrace :as stacktrace]
|
||||
[bultitude.core :as b]
|
||||
[clojure.stacktrace :as stacktrace]))
|
||||
[cemerick.pomegranate.aether :as aether]))
|
||||
|
||||
(def aliases {"-h" "help", "-help" "help", "--help" "help", "-?" "help",
|
||||
"-v" "version", "-version" "version", "--version" "version",
|
||||
|
|
@ -388,10 +389,16 @@ Get the latest version of Leiningen at http://leiningen.org or by executing
|
|||
:test-paths ^:replace []})
|
||||
(project/init-project)))
|
||||
|
||||
(defn- insecure-http-abort [& _]
|
||||
(abort "Tried to use insecure HTTP repository without TLS.
|
||||
This is almost certainly a mistake; however in rare cases where it's
|
||||
intentional please see `lein help faq` for details."))
|
||||
|
||||
(defn -main
|
||||
"Command-line entry point."
|
||||
[& raw-args]
|
||||
(try
|
||||
(aether/register-wagon-factory! "http" insecure-http-abort)
|
||||
(user/init)
|
||||
(let [project (if (.exists (io/file *cwd* "project.clj"))
|
||||
(project/read (str (io/file *cwd* "project.clj")))
|
||||
|
|
|
|||
Loading…
Reference in a new issue