I have enabled Guest Authentication in my TeamCity 9.1.6.
My artifact contains 5 MSI.
I can download individual artifacts as guest with this url:
http://teamcity/guestAuth/repository/download/build01/lastSuccessful/ms1.msi
http://teamcity/guestAuth/repository/download/build01/lastSuccessful/ms2.msi
Etc.
But I cannot find the way of making the equivalent of "download all (.zip)"
...using guestAuth (I can with authentication...)
So my questions are:
How can I "downloadall" artifacts as guest inTeamCity?
Is possible to do it from REST API?
To download the archived artifacts for the specified build use the following request:
http://teamcity/guestAuth/app/rest/builds/id:XXX/artifacts/archived
I don't have TeamCity creating artifacts for me, so I can't verify this, but looking at the API (https://confluence.jetbrains.com/display/TCD9/REST+API#RESTAPI-BuildArtifacts)
You can try something like this:
http://teamCity/guestAuth/app/rest/builds/id:100/artifacts. That should get all all the artifacts for that build.
Related
Relevant setup information: gradle 4+, relatively new installation of Artifactory (Pro 6+), artifactory gradle plugin version 4+
When attempting to run the build command on a local development environment in both Eclipse Photon and IntelliJ (late 2017 version), I run into dozens and dozens of 403 errors when making a HEAD request for dependencies. But, if I login to Artifactory through a web browser as the user that gradle is using and go to the exact same URL, it has no problem reaching the resource that gradle failed to reach. The problem occurs with every user on Artifactory, even one with admin privileges. The jars I'm looking for are part of a virtual repository with dependencies both internal to the artifactory installation and external. Finally, the build used to work just fine a month ago, and nothing I can think of has changed to permissions.
tl;dr only when logging in from gradle and using Artifactory plugin, a virtual Artifactory repo returns 403 errors on nearly every dependency for every user
This question: Docker pull from artifactory fails with credentials issue seemed close, but is using docker+jenkins (I'm not) and has no answers.
When I finally dug into the system logs, I found many lines like this one: "Rejected artifact download request: User XYZ is not permitted to deploy 'SOME JAR' into 'SOME CACHE JAR'"
It appears that users must have DEPLOY permissions in order to download an artifact that will be cached (behavior of virtuals/remotes.) This may also explain why the build used to work - the cached jars wouldn't have needed updates a month ago when I'd just added the remote and downloaded everything.
Adding deploy permissions to my user for the relevant repositories fixed the issue.
I am very new to udeploy and looking for a feature to pull latest version of artifacts from one of our build tool using simple http download from a given url.
I can see that "Source Configuration Type" has many option available like filesystem, teamcity, git repo etc, but no option is available for a simple url download.
I am actually using teamcity build and teamcity provides GET API to download artifacts, I understand that uDeoploy is also using this teamcity feature but the url it is constructing is not correct and throwing 401 exception (unauthorized) when not auth information is not provided, it should be using teamcity guest access to download the artifacts.
Please Note: when login information is provided it is working fine
any thoughts.
You can adjust the guest account privileges inside the Administration Panel, then inside the Users management, there is a link to setuo the guest account privileges.
I want to create automatic upload to ftp, using 'FTP Upload' runner, with different build configuration, which depends on successfull build of main configuration. But the thing is I don't know the pattern. As for now path looks like this:
C:\ProgramData\JetBrains\TeamCity\system\artifacts\<project_name>\<build config name>\528
What variable contains this last number?
The problem was with bad description of my problem, more definiteve one:
I have to store artifacts on FTP. FTP is on the same machine as TC server and agent (don't ask me why). So I have to somehow grab artifacts and put them into ftp://"project"/msi and ftp://"project"/nuget, depending on build configuration. I've tried: Grabbing artifacts directly - from folder shown in the initial post, idea failed.
The solution is to create another build configuration and set Artifact dependencies, this makes artifacts reachable from new build configuration, which allows to use FTP Upload runner.
Thanks everyone!
I have problems with configurations using Maven + Artifactory.
I try to download a new external file using a user created in Artifactory and my Artifactory doesn´t make download, claiming "Access denied" but if I put the same credentials as defined in remote settings, my application can download every external jars.
If I use the same permission setting of my remote configuration settings.xml where the Artifactory was installed (user admin) I can make downloads quickly.
There´s some way to configure to create a user in my Artifactory and configure the permission to make downloads of new artefacts? Because I didn´t find in anywhere.
I think that is more secure for my company if I have the possibility to create a new user in my Artifactory and just give the permissions: read and to download new artefacts but this option doesn´t exist in Artifactory.
How could I do this?
Because you've created a user entity within Artifactory, make sure it's got at least read permissions on all the repositories you'd like to resolve from.
For easier Maven configuration, you can also use Artifactory to generate proper Maven settings for yourself; this helps to reduce typos and reference mistakes (make sure you're logged in as the user entity you've created whilst generating the settings). After applying the settings file you can also run the mvn help:effective-settings goal on your project to make sure everything was applied correctly.
Finally, if you're required to authenticate with the remote repository you're proxying, you'll need to he specify the credentials in the configuration of that remote repository.
Make sure the user you are using to connect to Artifactory has Deploy permissions in Artifactory. The Deploy permission allows the user to download artifacts from repositories (in other words, populate cache with remote artifacts).
https://www.jfrog.com/confluence/display/RTF/Managing+Permissions
Deploy Allows deploying artifacts and deploying to caches (i.e.
populating caches with remote artifacts)
More information from the JFrog forum:
http://forums.jfrog.org/Maven-using-anonymous-user-even-though-artifactory-server-setup-in-the-settings-xml-td4634521.html
I was trying to find if there is SSL enabled central repository but there probably isn't. I noticed that there are signatures for every jar and pom file in maven central repository. So at least I'd like to check signatures of all maven downloaded files (pom/jar).
The example from http://repo1.maven.org/maven2/org/apache/ant/ant/1.8.2/:
ant-1.8.2.jar
ant-1.8.2.jar.asc
ant-1.8.2.jar.asc.md5
ant-1.8.2.jar.asc.sha1
ant-1.8.2.jar.md5
ant-1.8.2.jar.sha1
ant-1.8.2.pom
ant-1.8.2.pom.asc
ant-1.8.2.pom.asc.md5
ant-1.8.2.pom.asc.sha1
ant-1.8.2.pom.md5
ant-1.8.2.pom.sha1
I realize that I'll have to import public keys for every repository and I'm fine with that. I guess that public keys for maven central are here https://svn.apache.org/repos/asf/maven/project/KEYS.
There are PLENTY of tutorials on web on how to sign with maven. However I didn't find any information on how to force maven (2 or 3) to verify signatures of downloaded jar/pom files. Is it possible?
(Nexus Professional is not an option)
Thank you for help.
Now, that people seem to realize this is a real security problem (as described in this blog-post (the blog seems down, here is an archived version of the blog)), there is a plugin for verifying PGP signatures. You can verify the signatures for all dependencies of your project with the following command:
mvn org.simplify4u.plugins:pgpverify-maven-plugin:check
Of course, to be 100% sure the plugin is not malicious by itself, you would have to download and verify the source for the plugin from maven central, build it with maven, and execute it. (And this should also be done with all the dependencies and plugins that are needed for the build, recursively.)
Or you use Maven 3.2.3 or above (with a clean repository), which uses TLS for downloading all artefacts. Thus man-in-the-middle attacks are impossible and you get at least the artefacts as they are on maven central.
See also:
related Question and Answer
Sonatype's Blog to this topic
Could you write a bash shell script using GnuPG to verify each sig?
Something like:
for x in *.jar; do gpg --verify "${x}".asc; done
Obviously you would need the public keys for all the sigs before you started.
SSL access to Central is now available for a token payment. From https://blog.sonatype.com/people/2012/10/now-available-ssl-connectivity-to-central/ :
We’re making SSL connectivity to Central available to anyone that downloads open source components regardless of the repository manager.
...
In order to ensure the highest level of performance for those who count on SSL, we are securing the service with a token. You can get a token for your organization simply by providing a $10 donation that will be donated to open source causes.
Assuming you only want to download artifacts w/ valid checksums, one option would be to run the OSS version of Nexus and configure it to have a proxy of central. Then configure your settings.xml to only load from your repo (mirror tag in settings.xml). You can then configure nexus to only allow artifacts that have a valid checksum.