While most systems will not need the class path passed to the JVM with
the `-cp` parameter to be in quotes, apparently some exist where that
will not work without the quotes, e.g. FreeBSD.
So always use quotes for the class path in all scripts.
Issue #1333
Delete password from memory in AuthenticationManager
Zero out the password to remove it from memory after use.
This is only a first step, implementing it for one method:
`AuthenticationManager.authenticate(String, char[], String)`.
The upgrade of a MD5 stored password hash to a PBKDF password hash
destroys the stored password. The has check zeroes out the password that
is tested, so that the new hash is built over the zeroed out value.
This fix prevents that an also adds a check to the test.
Fixes #1335
The Eclipse maven repositories changed to only allow HTTPS and not
serve HTTP anymore. HTTP will redirect to HTTPS, which moxie does
not handle well and fails.
So the registered Eclipse repositories are changed to 'https://'
transport.
Fixes #1334
If requested, by setting a file name in the `versionInfo`
property, store release version and tag in a file, for
other scripts and programs to pick up.
Moxie does have these defined by default, but with transport HTTP.
Since January 2020, Maven Central only accepts HTTPS, no HTTP
anymore. So we add them here explicitly, with `https://`.
We add it to the `build.moxie` file, instead of keeping it in a
local `settings.moxie`, so that a CI server can immediately use it.
Doc: Update built-in docs with missing pages and links
Add pages for `fail2ban` and GFS to the `generateDocs` target, so that
they also show up in the documentation on GO etc.
Also adjust the links to issues and commits.
Add the replacement of the download base URL.
Add project property `release.tag` as a global `project.tag`
Add property `release.tag` to keep a generally available property.
The `project.tag` was getting used in many places, so I need a global
definition for it. The property `project.tag`, defined in the target
`tagRelease` could not be reused, since when that target runs, the
version is still a SNAPSHOT version. (And properties don't get
re-assigned.) So instead a new property `release.tag` is defined,
just like `release.name`, which can be only used sensible in a
release stage, i.e. after `tagRelease` ran.
Adjust `release.template` for publishing releases on GitHub
The major change is switching from `publishBinaries`, which still
exists and uploads to Bintray, to `releaseBinaries`, which creates
a draft release on GitHub and uploads the binaries.
Another change is some reordering. Now first the binaries are
uploaded, the maven artifacts pubished and the tag and site pages
pushed. Then the GitHub release is made public.
Only after that is the minor version bumped and pushed.
The whole script could use some error checking and stoping when
things go wrong, instead of blindly continuing.
A minor change, and temporary, is that we need and check for Ant 1.9,
as we still build with Java 7.
Add Ant tasks and macros to deploy binaries to GitHub,
using GitHub's releases.
Adds an Awk script to extract GH flavoured markdown release notes
from the release.moxie file.
Adds `ok.sh` to the repository so that it is readily available.
This is a Bourne shell GitHub API client, used to create a release
on GitHub and upload the binaries.
Add a job to run a build with Java 7.
The job currently only runs on Linux.
In order to run on Java 7, an old Ant version is downloaded and
installed. We use moxie+ant for this, so we build with moxie.
Adjust versions of JaCoCo and parboiled to match and work.
Adjust the version of JaCoCo down to 0.8.4 and the version
of parboiled-java up to 1.3.1. They need to match because both
use ASM. This combination has the same dependency on ASM: 7.1.
And it seems to work, at least the docs get generated and the
`moxie test` doesn't fail building the report anymore.
With the feature of passwords getting automatically
upgraded to a hashed version, the default `admin`
password in the test-users file will get stored
as MD5 hashed during test execution. Commit this
change, so that the file isn't always showing up
as changed.