Thursday, October 18, 2012

Automatically switch your mvn settings

I have one primary development notebook and take that with me wherever I go. Now in a company setting you usually have proxies and whatnot. And I think it's an official best practice to roll your own company or departement maven proxy/cache.

So dependent on where you are, you might need a different maven ~/.m2/settings.xml file. Here's a very simple shell function you can add to your ~/.bashrc

Loading ....

This just checks for the ip of eth0 and calls mvn with a special settings.xml. In all other cases mvn is run with the vanilla config (or none, since the settings.xml is optional).

Of course you can extend on this to check for something else, basically anything is possible.

Simple yet effective.

Saturday, October 13, 2012

Mercurial and self-signed server certificates

So mercurial aborts when you want to interact with a repository that uses a self-signed certificate, as is the case for my own little mercurial repo exposed over https.

NOTE: this is obviously insecure and you must verify the ssl cert's fingerprint is correct. If you roll your own server, log into the server and get the fingerprint from the cert file itself, not over https since there could be a man in the middle.

Alright so you need to get a hold of the cert and extract its fingerprint. Over https it works like that:

user@local:/tmp$ openssl s_client -connect server:port -showcerts | openssl x509 -fingerprint -noout
depth=0 C = CH, ST = Example, L = Example, O = Example, OU = Example, CN = Example, emailAddress =
verify error:num=18:self signed certificate
verify return:1
depth=0 C = CH, ST = Example, L = Example, O = Example, OU = Example, CN = Example, emailAddress =
verify return:1
SHA1 Fingerprint=00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF:00:11:22:33

And to get the fingerprint from your cert file directly on the server, do this:

user@remote:/tmp$ openssl x509 -in /path/to/the/cert.pem | openssl x509 -fingerprint -noout
SHA1 Fingerprint=00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF:00:11:22:33

So now you have the fingerprint you need to tell mercurial to accept said self-signed certificate for a given hostname, which you do in ~/.hgrc

[hostfingerprints] = 00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF:00:11:22:33

And that's it!