From 40a0bfcf787440c77c2d8b599f713ac421cbb97b Mon Sep 17 00:00:00 2001
From: Rui Lopes <rgl@ruilopes.com>
Date: Wed, 1 Nov 2017 10:13:43 +0000
Subject: [PATCH] use the nexus https endpoint

---
 .../execute-provision-ldap.groovy-script.sh   |  2 ++
 provision/execute-provision.groovy-script.sh  |  4 +++-
 provision/nexus-groovy.sh                     |  6 +++---
 provision/provision-base.sh                   |  3 +++
 provision/provision-nexus.sh                  |  9 +++++----
 provision/use-maven-repository-from-gradle.sh |  8 +++++---
 provision/use-maven-repository-from-mvn.sh    | 20 ++++++++++---------
 provision/use-npm-repository.sh               | 14 +++++++++----
 provision/use-nuget-repository.sh             |  6 ++++--
 provision/use-raw-repository.sh               |  6 ++++--
 10 files changed, 50 insertions(+), 28 deletions(-)

diff --git a/provision/execute-provision-ldap.groovy-script.sh b/provision/execute-provision-ldap.groovy-script.sh
index 5d59b55..3c3c3d4 100644
--- a/provision/execute-provision-ldap.groovy-script.sh
+++ b/provision/execute-provision-ldap.groovy-script.sh
@@ -1,6 +1,8 @@
 #!/bin/bash
 set -eux
 
+nexus_domain=$(hostname --fqdn)
+
 . /vagrant/provision/nexus-groovy.sh
 
 # run the provision script.
diff --git a/provision/execute-provision.groovy-script.sh b/provision/execute-provision.groovy-script.sh
index 226c6dd..abcf961 100644
--- a/provision/execute-provision.groovy-script.sh
+++ b/provision/execute-provision.groovy-script.sh
@@ -1,10 +1,12 @@
 #!/bin/bash
 set -eux
 
+nexus_domain=$(hostname --fqdn)
+
 . /vagrant/provision/nexus-groovy.sh
 
 # list existing scripts.
-#http -a "$admin_username:$admin_password" http://localhost:8081/service/siesta/rest/v1/script | jq .
+#http -a "$admin_username:$admin_password" https://$nexus_domain/service/siesta/rest/v1/script | jq .
 
 # run the provision script.
 response=$(nexus-groovy provision)
diff --git a/provision/nexus-groovy.sh b/provision/nexus-groovy.sh
index 7915ec0..b829b22 100644
--- a/provision/nexus-groovy.sh
+++ b/provision/nexus-groovy.sh
@@ -12,13 +12,13 @@ function nexus-groovy {
     local delete_result=$(http \
         -a "$admin_username:$admin_password" \
         --ignore-stdin \
-        DELETE http://localhost:8081/service/siesta/rest/v1/script/provision.groovy)   
+        DELETE https://$nexus_domain/service/siesta/rest/v1/script/provision.groovy)   
 
     local create_result=$(http \
         -a "$admin_username:$admin_password" \
         --ignore-stdin \
         --check-status \
-        POST http://localhost:8081/service/siesta/rest/v1/script \
+        POST https://$nexus_domain/service/siesta/rest/v1/script \
         name=provision.groovy \
         type=groovy \
         "content=@$source_filename")
@@ -27,6 +27,6 @@ function nexus-groovy {
         -a "$admin_username:$admin_password" \
         --ignore-stdin \
         --check-status \
-        POST http://localhost:8081/service/siesta/rest/v1/script/provision.groovy/run \
+        POST https://$nexus_domain/service/siesta/rest/v1/script/provision.groovy/run \
         Content-Type:text/plain
 }
diff --git a/provision/provision-base.sh b/provision/provision-base.sh
index e4f050a..6d319bd 100644
--- a/provision/provision-base.sh
+++ b/provision/provision-base.sh
@@ -69,6 +69,9 @@ openssl x509 \
 # copy the certificate to a place where it can be used by other machines.
 mkdir -p /vagrant/shared
 cp $config_fqdn-crt.* /vagrant/shared
+# configure our system to trust the certificate.
+cp $config_fqdn-crt.pem /usr/local/share/ca-certificates/$config_fqdn.crt
+update-ca-certificates -v
 popd
 
 
diff --git a/provision/provision-nexus.sh b/provision/provision-nexus.sh
index 20fc647..5571e50 100644
--- a/provision/provision-nexus.sh
+++ b/provision/provision-nexus.sh
@@ -1,6 +1,7 @@
 #!/bin/bash
 set -eux
 
+nexus_domain=$(hostname --fqdn)
 
 # use the local nexus user database.
 config_authentication='nexus'
@@ -57,7 +58,7 @@ popd
 if [ "$config_authentication" = 'ldap' ]; then
 echo '192.168.56.2 dc.example.com' >>/etc/hosts
 openssl x509 -inform der -in /vagrant/shared/ExampleEnterpriseRootCA.der -out /usr/local/share/ca-certificates/ExampleEnterpriseRootCA.crt
-update-ca-certificates
+update-ca-certificates -v
 fi
 
 
@@ -86,11 +87,11 @@ apt-get install -y --no-install-recommends httpie
 apt-get install -y --no-install-recommends jq
 
 # wait for nexus to come up.
-bash -c 'while [[ "$(wget -qO- http://localhost:8081/service/extdirect/poll/rapture_State_get | jq -r .data.data.status.value.edition)" != "OSS" ]]; do sleep 5; done'
+bash -c "while [[ \"\$(wget -qO- https://$nexus_domain/service/extdirect/poll/rapture_State_get | jq -r .data.data.status.value.edition)\" != 'OSS' ]]; do sleep 5; done"
 
 # print the version using the API.
-wget -qO- http://localhost:8081/service/extdirect/poll/rapture_State_get | jq --raw-output .data.data.uiSettings.value.title
-wget -qO- http://localhost:8081/service/extdirect/poll/rapture_State_get | jq .data.data.status.value
+wget -qO- https://$nexus_domain/service/extdirect/poll/rapture_State_get | jq --raw-output .data.data.uiSettings.value.title
+wget -qO- https://$nexus_domain/service/extdirect/poll/rapture_State_get | jq .data.data.status.value
 
 # configure nexus with the groovy script.
 bash /vagrant/provision/execute-provision.groovy-script.sh
diff --git a/provision/use-maven-repository-from-gradle.sh b/provision/use-maven-repository-from-gradle.sh
index 17a85ea..83cbf12 100644
--- a/provision/use-maven-repository-from-gradle.sh
+++ b/provision/use-maven-repository-from-gradle.sh
@@ -1,6 +1,8 @@
 #!/bin/bash
 set -eux
 
+nexus_domain=$(hostname --fqdn)
+
 mkdir -p tmp/use-maven-repository-from-gradle && cd tmp/use-maven-repository-from-gradle
 
 #
@@ -61,7 +63,7 @@ uploadArchives {
 EOF
 gradle build
 unzip -l build/libs/gradle-greeter-1.0.0.jar
-export NEXUS_REPOSITORY_URL='http://localhost:8081/repository/maven-releases'
+export NEXUS_REPOSITORY_URL="https://$nexus_domain/repository/maven-releases"
 export NEXUS_REPOSITORY_USERNAME='alice.doe'
 export NEXUS_REPOSITORY_PASSWORD='password'
 gradle upload
@@ -81,7 +83,7 @@ EOF
 cat >settings.gradle <<'EOF'
 rootProject.name = 'gradle-greeter-application'
 EOF
-cat >build.gradle <<'EOF'
+cat >build.gradle <<EOF
 // see https://docs.gradle.org/4.2.1/userguide/java_plugin.html
 // see https://docs.gradle.org/4.2.1/userguide/application_plugin.html
 // see http://imperceptiblethoughts.com/shadow/
@@ -109,7 +111,7 @@ jar {
 
 repositories {
     maven {
-        url 'http://localhost:8081/repository/maven-public'
+        url 'https://$nexus_domain/repository/maven-public'
     }
 }
 
diff --git a/provision/use-maven-repository-from-mvn.sh b/provision/use-maven-repository-from-mvn.sh
index 24715d7..f3c3437 100644
--- a/provision/use-maven-repository-from-mvn.sh
+++ b/provision/use-maven-repository-from-mvn.sh
@@ -1,6 +1,8 @@
 #!/bin/bash
 set -eux
 
+nexus_domain=$(hostname --fqdn)
+
 mkdir -p tmp/use-maven-repository-from-mvn && cd tmp/use-maven-repository-from-mvn
 
 #
@@ -16,7 +18,7 @@ sudo apt-get install -y xmlstarlet
 # see https://help.sonatype.com/display/NXRM3/Maven+Repositories
 # see https://maven.apache.org/guides/mini/guide-mirror-settings.html
 mkdir -p ~/.m2
-cat >~/.m2/settings.xml <<'EOF'
+cat >~/.m2/settings.xml <<EOF
 <settings>
   <servers>
     <server>
@@ -29,7 +31,7 @@ cat >~/.m2/settings.xml <<'EOF'
     <mirror>
       <id>nexus</id>
       <mirrorOf>central</mirrorOf>
-      <url>http://localhost:8081/repository/maven-public/</url>
+      <url>https://$nexus_domain/repository/maven-public/</url>
     </mirror>
   </mirrors>
   <profiles>
@@ -77,21 +79,21 @@ xmlstarlet ed --inplace -N pom=http://maven.apache.org/POM/4.0.0 \
   --name distributionManagement \
   --value '@@repositories@@' \
   pom.xml
-python -c '
-xml = open("pom.xml").read().replace("@@repositories@@", """
+python -c "
+xml = open('pom.xml').read().replace('@@repositories@@', '''
     <repository>
       <id>nexus</id>
       <name>Releases</name>
-      <url>http://localhost:8081/repository/maven-releases</url>
+      <url>https://$nexus_domain/repository/maven-releases</url>
     </repository>
     <snapshotRepository>
       <id>nexus</id>
       <name>Snapshot</name>
-      <url>http://localhost:8081/repository/maven-snapshots</url>
+      <url>https://$nexus_domain/repository/maven-snapshots</url>
     </snapshotRepository>
-  """)
-open("pom.xml", "w").write(xml)
-'
+  ''')
+open('pom.xml', 'w').write(xml)
+"
 # deploy.
 mvn \
   --batch-mode \
diff --git a/provision/use-npm-repository.sh b/provision/use-npm-repository.sh
index 4639785..9d127c6 100644
--- a/provision/use-npm-repository.sh
+++ b/provision/use-npm-repository.sh
@@ -1,6 +1,8 @@
 #!/bin/bash
 set -eux
 
+nexus_domain=$(hostname --fqdn)
+
 mkdir -p tmp/use-npm-repository && cd tmp/use-npm-repository
 
 #
@@ -16,10 +18,14 @@ apt-get install -y nodejs
 node --version
 npm --version
 
+# configure npm to trust our system trusted CAs.
+# NB never turn off ssl verification with npm config set strict-ssl false
+npm config set cafile /etc/ssl/certs/ca-certificates.crt
+
 #
 # configure npm to use the npm-group repository.
 
-npm config set registry http://localhost:8081/repository/npm-group/
+npm config set registry https://$nexus_domain/repository/npm-group/
 
 # install a package that indirectly uses the npmjs.org-proxy repository.
 mkdir hello-world-npm
@@ -52,10 +58,10 @@ node hello-world.js
 export NPM_USER=alice.doe
 export NPM_PASS=password
 export NPM_EMAIL=alice.doe@example.com
-export NPM_REGISTRY=http://localhost:8081/repository/npm-hosted/
+export NPM_REGISTRY=https://$nexus_domain/repository/npm-hosted/
 npm install npm-registry-client@8.5.0
-npm_auth_token=$(NODE_PATH=$PWD/node_modules node /vagrant/provision/npm-login.js 2>/dev/null)
-npm set //localhost:8081/repository/npm-hosted/:_authToken $npm_auth_token
+npm_auth_token=$(NODE_PATH=$PWD/node_modules node --use-openssl-ca /vagrant/provision/npm-login.js 2>/dev/null)
+npm set //$nexus_domain/repository/npm-hosted/:_authToken $npm_auth_token
 
 # publish.
 npm publish --registry=$NPM_REGISTRY
diff --git a/provision/use-nuget-repository.sh b/provision/use-nuget-repository.sh
index dbcdb54..32c3d87 100644
--- a/provision/use-nuget-repository.sh
+++ b/provision/use-nuget-repository.sh
@@ -1,6 +1,8 @@
 #!/bin/bash
 set -eux
 
+nexus_domain=$(hostname --fqdn)
+
 . /vagrant/provision/nexus-groovy.sh
 
 mkdir -p tmp/use-nuget-repository && cd tmp/use-nuget-repository
@@ -20,8 +22,8 @@ function nuget {
   mono /tmp/nuget.exe $*
 }
 
-nuget_source_url=http://localhost:8081/repository/nuget-group/
-nuget_source_push_url=http://localhost:8081/repository/nuget-hosted/
+nuget_source_url=https://$nexus_domain/repository/nuget-group/
+nuget_source_push_url=https://$nexus_domain/repository/nuget-hosted/
 nuget_source_push_api_key=$(nexus-groovy get-jenkins-nuget-api-key | jq -r '.result | fromjson | .apiKey')
 echo -n $nuget_source_push_api_key >/vagrant/shared/jenkins-nuget-api-key
 
diff --git a/provision/use-raw-repository.sh b/provision/use-raw-repository.sh
index 022f416..31337ad 100644
--- a/provision/use-raw-repository.sh
+++ b/provision/use-raw-repository.sh
@@ -1,6 +1,8 @@
 #!/bin/bash
 set -eux
 
+nexus_domain=$(hostname --fqdn)
+
 mkdir -p tmp/use-raw-repository && cd tmp/use-raw-repository
 
 #
@@ -12,8 +14,8 @@ apt-get install -y curl
 # see https://help.sonatype.com/display/NXRM3/Raw+Repositories+and+Maven+Sites#RawRepositoriesandMavenSites-UploadingFilestoHostedRawRepositories
 expected='this is an adhoc package'
 echo "$expected" >package-1.0.0.txt
-curl --silent --user 'alice.doe:password' --upload-file package-1.0.0.txt http://localhost:8081/repository/adhoc-package/package-1.0.0.txt
+curl --silent --user 'alice.doe:password' --upload-file package-1.0.0.txt https://$nexus_domain/repository/adhoc-package/package-1.0.0.txt
 
 # download.
-actual=$(curl --silent http://localhost:8081/repository/adhoc-package/package-1.0.0.txt)
+actual=$(curl --silent https://$nexus_domain/repository/adhoc-package/package-1.0.0.txt)
 [ "$actual" = "$expected" ] || (echo 'upload adhoc package test failed' && false)