Reputation: 81
Leiningen: unable to use "insecure" proxy repository
I am running a Nexus repository in my local network that I am trying to get Leiningen (2.8.1) to use. However I'm running into the issue where Leiningen refuses to connect over non-HTTPS connections.
My profiles.clj looks something like this:
{:user
{
:mirrors {#".+" {:name "superbia"
:url "http://localhost:8081/repository/maven-public"}}
}
}
Which gives me this error:
% lein
Tried to use insecure HTTP repository without TLS.
This is almost certainly a mistake; however in rare cases where it's
intentional please see `lein help faq` for details.
When looking at that FAQ entry it tells me to add stuff to my project.clj, which I can't, since it refuses to do basically anything, let alone create a project.
Even requesting the version breaks:
% lein -v
Tried to use insecure HTTP repository without TLS.
This is almost certainly a mistake; however in rare cases where it's
intentional please see `lein help faq` for details.
Is there any way to disable or bypass this behaviour without either downgrading Leiningen (which is what I did last time) or reconfiguring the proxy repository?
Upvotes: 1
Views: 701
Answers (1)
Reputation: 18005
Have a look at: the leiningen FAQ
Q: I got Tried to use insecure HTTP repository without TLS, what is that about? A: This means your project was configured to download dependencies from a repository that does not use TLS encryption. This is very insecure and exposes you to trivially-executed man-in-the-middle attacks. In the rare event that you don't care about the security of the machines running your project or can ensure that the only http traffic is going out over a trusted network, you can re-enable support for unsafe repositories by putting this in your project.clj file:
;; never do this (require 'cemerick.pomegranate.aether) (cemerick.pomegranate.aether/register-wagon-factory! "http" #(org.apache.maven.wagon.providers.http.HttpWagon.))It's also possible you have a dependency which includes a reference to an insecure repository for retrieving its own dependencies. If this happens it is strongly recommended to add an :exclusion and report a bug with the dependency which does this.
You can always edit project.clj regardless of lein running or not - just use your favorite editor to edit the file. There is also a per-user $HOME./lein/profiles.clj - you can add the lines above in this file.
Alternatively you can downgrade lein (to ex. 2.7.1), either:
lein upgrade 2.7.1- edit
˜/bin/leinat the top, you should seeexport LEIN_VERSION="2.7.1"
Upvotes: 2
Related Questions
- cannot install lein (Leiningen) for Clojure on macOS Catalina (10.15)
- Leiningen raises "Tried to use insecure HTTP repository without TLS." but for which dependency?
- lein repl :connect 7000 gives ConnectException Connection refused
- Leiningen: Tried to use insecure HTTP repository without TLS
- How to check proxy settings in Leiningen ? (Clojure)
- How to solve "No credentials found for releases (did you mean `lein deploy clojars`?)"?
- How can I install Leiningen self-install from behind a firewall?
- Leiningen: Install issues on OSX Mountain Lion
- lein repl error:Connection refused
- Install clojure with leiningen on Ubuntu 13.04