I am running a Nexus repository in my local network that I am trying to get Leiningen (2.8.1) to use. However I'm running into the issue where Leiningen refuses to connect over non-HTTPS connections.
My profiles.clj looks something like this:
{:user
{
:mirrors {#".+" {:name "superbia"
:url "http://localhost:8081/repository/maven-public"}}
}
}
Which gives me this error:
% lein
Tried to use insecure HTTP repository without TLS.
This is almost certainly a mistake; however in rare cases where it's
intentional please see `lein help faq` for details.
When looking at that FAQ entry it tells me to add stuff to my project.clj, which I can't, since it refuses to do basically anything, let alone create a project.
Even requesting the version breaks:
% lein -v
Tried to use insecure HTTP repository without TLS.
This is almost certainly a mistake; however in rare cases where it's
intentional please see `lein help faq` for details.
Is there any way to disable or bypass this behaviour without either downgrading Leiningen (which is what I did last time) or reconfiguring the proxy repository?
答案 0 :(得分:2)
问:我试过在没有TLS的情况下使用不安全的HTTP存储库,这是什么 那个?答:这意味着您的项目已配置为下载 来自不使用TLS加密的存储库的依赖项。这个 非常不安全,让你暴露在琐碎的执行之中 中间人攻击。在您不关心的极少数情况下 运行项目的机器的安全性或可以确保 您可以通过受信任的网络传输唯一的http流量 重新启用对不安全存储库的支持,将其放入您的 project.clj文件:;; never do this (require 'cemerick.pomegranate.aether) (cemerick.pomegranate.aether/register-wagon-factory! "http" #(org.apache.maven.wagon.providers.http.HttpWagon.))您也可能有一个依赖项,其中包含对a的引用 不安全的存储库,用于检索自己的依赖项。如果这 发生强烈建议添加:排除并报告a 执行此操作的依赖项的错误。
无论{1}运行与否,您都可以随时修改project.clj - 只需使用自己喜欢的编辑器编辑文件即可。还有一个按用户lein - 您可以在此文件中添加上面的行。
或者你可以降级lein(至ex.2.7.1):
$HOME./lein/profiles.clj lein upgrade 2.7.1,您应该看到˜/bin/lein"