Access maven repo over https in sbt

Question

I have a java project which uses sbt(scala) for build. Up until yesterday this was working, but today I am seeing an issue in pulling a repo from maven

esolving org.codehaus.plexus#plexus-component-api;1.0-alpha-16 ...

[error] SERVER ERROR: HTTPS Required url=http://repo1.maven.org/maven2/org/codehaus/plexus/plexus-component-api/1.0-alpha-16/plexus-component-api-1.0-alpha-16.pom

[warn]  module not found: org.codehaus.plexus#plexus-component-api;1.0-alpha-16

[warn] ==== typesafe-ivy-releases: tried

[warn]   http://repo.typesafe.com/typesafe/ivy-releases/org.codehaus.plexus/plexus-component-api/1.0-alpha-16/ivys/ivy.xml

[warn] ==== sbt-plugin-releases: tried

[warn]   http://repo.scala-sbt.org/scalasbt/sbt-plugin-releases/org.codehaus.plexus/plexus-component-api/1.0-alpha-16/ivys/ivy.xml

[warn] ==== local: tried

[warn]   /root/.ivy2/local/org.codehaus.plexus/plexus-component-api/1.0-alpha-16/ivys/ivy.xml

[warn] ==== activator-local: tried

[warn]   file:/heimdall/app/projects/load-test/content-engine/repository/org.codehaus.plexus/plexus-component-api/1.0-alpha-16/ivys/ivy.xml

[warn] ==== public: tried

[warn]   http://repo1.maven.org/maven2/org/codehaus/plexus/plexus-component-api/1.0-alpha-16/plexus-component-api-1.0-alpha-16.pom

[warn] ==== typesafe-releases: tried

[warn]   http://repo.typesafe.com/typesafe/releases/org/codehaus/plexus/plexus-component-api/1.0-alpha-16/plexus-component-api-1.0-alpha-16.pom

[warn] ==== typesafe-ivy-releasez: tried

[warn]   http://repo.typesafe.com/typesafe/ivy-releases/org.codehaus.plexus/plexus-component-api/1.0-alpha-16/ivys/ivy.xml

[warn] ==== Typesafe repository: tried

[warn]   http://repo.typesafe.com/typesafe/releases/org/codehaus/plexus/plexus-component-api/1.0-alpha-16/plexus-component-api-1.0-alpha-16.pom

Based on what I could infer, the repo seems to have been moved to https endpoint. And pom file is available on https endpoint. The issue is that this is not a direct dependency in my project but coming transitively via some other dependency. How do I use https for this specific dependency?

I am using sbt version 0.13.5. I checked the reference manual for it, and added DefaultMavenRepository explicitly in build.sbt

resolvers += DefaultMavenRepository

As per this official documentation, the DefaultMavenRepository points to secure endpoint. Before this, I had tried the following in build.sbt

resolvers += "Maven Repo" at  "https://repo1.maven.org/maven2/" 

and added

"org.codehaus.plexus" % "plexus-component-api" % "1.0-alpha-16", 

as libraryDepdency explicitly in my build.sbt so that it can be cached and not come transitively where I may not have control over where it would be pulled from. But this also fails. I cleared both m2 and ivy2 caches

Answer 1

Create a sbt configuration file ~/.sbt/repositories and add the following config:

[repositories] 
maven-central: https://repo1.maven.org/maven2

You can find more info here - https://www.scala-sbt.org/1.x/docs/Proxy-Repositories.html

Answer 2

For osx:

• Open the terminal.
  
• cd into ./sbt (in my case /Users/your-user/.sbt)
  
• touch repositories
  
• nano repositories
  
• Paste the following (be sure to add a new line after [repositories]

[repositories]
maven-central: https://repo1.maven.org/maven2/

Answer 3

Add the following resolver to you build.sbt or sbt file:

resolvers += "Maven Central Server" at "https://repo1.maven.org/maven2"

And then add the following property to enable TLS 1.2 protocol, when executing sbt jar file:

(java -Dhttps.protocols=TLSv1.2 -jar dirname $0/sbt-launch-0.12.0.jar)

-Dhttps.protocols=TLSv1.2

Answer 4

Check the links in sbt configruation file: ~/.sbt/repositories

Change the line maven-central: http://repo1.maven.org/maven2/ to maven-central: https://repo1.maven.org/maven2/

It fixes the downloading without sbt update

Answer 5

As mentioned by Sarvesh, the issue was that I was using sbt version 0.13.5. And DefaultMavenRepository started pointing to https endpoint from v0.13.6(the documentation does not mention this). After bumping up the version, I was able to pull all dependencies.