Quarkus build does not use the proxy settings in maven settings.xml

[smil2k]

Describe the bug

In case of changing the quarkus version the first build has to be called with implicit java proxy settings on the command line in order to get a build behind proxy.

Maven downloads all the necessary jars, but some of them are downloaded by the quarkus plugin which does not honor the setting.

Expected behavior

in case the setting is set in maven, every plugin should honor it.

Actual behavior

[INFO] 
[INFO] --- maven-surefire-plugin:3.0.0-M7:test (default-test) @ sc-datasource-rest ---
[INFO] Tests will run in random order. To reproduce ordering use flag -Dsurefire.runOrder.random.seed=201451074564952
[INFO] Using auto detected provider org.apache.maven.surefire.junitplatform.JUnitPlatformProvider
[INFO] 
[INFO] -------------------------------------------------------
[INFO]  T E S T S
[INFO] -------------------------------------------------------
[INFO] Running RestDataSourceTest
Downloading from central: https://repo.maven.apache.org/maven2/io/quarkus/quarkus-resteasy-reactive-kotlin/2.12.1.Final/quarkus-resteasy-reactive

Stuck here and times out.

How to Reproduce?

Delete quarkus version and rebuild something with tests inside.

Output of uname -a or ver

No response

Output of java -version

No response

GraalVM version (if different from Java)

No response

Quarkus version or git rev

3.2.1.Final

Build tool (ie. output of mvnw --version or gradlew --version)

No response

Additional information

No response

[quarkus-bot]

/cc @evanchooly, @geoand, @quarkusio/devtools

[geoand]

cc @aloubyansky

[aloubyansky]

@smil2k thanks for reporting the issue. Could you please give a settings.xml (snippet) with a proxy config as an example? I suppose it's nothing extraordinary but just in case. Thanks.

[smil2k]

<?xml version="1.0" encoding="UTF-8"?>

<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
          xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 http://maven.apache.org/xsd/settings-1.0.0.xsd">

  <proxies>
    <proxy>
      <id>p</id>
      <active>true</active>
      <protocol>http</protocol>
      <host>proxy</host>
      <port>3128</port>
    </proxy>
  </proxies>
</settings>

[aloubyansky]

Haven't been able to reproduce it so far. Here is what I tried:

• setup a local Nexus server running on port 8085
• deployed Quarkus version 999-SNAPSHOT to the local Nexus
• created a settings.xml with
  • local repo pointing to my project's target/local-repo to make sure it's cleaned with mvn clean test
  • configured Maven repositories in an active by default profile for my local Nexus, except with the port 8083 instead of 8085 (having nothing running on 8083)
  • configured my local proxy
• launched a local LittleProxy that intercepts requests that go to localhost:8083 and redirects them to localhost:8085
• launched my project's build with mvn clean test -s settings.xml

The idea was that if the Quarkus resolver was not applying the proxy settings to the configured repos I would see a request to a Maven repo with port 8083 which would fail because nothing is listening on that port. That didn't happen though. I get a successful test run.

I see it's failing on quarkus-resteasy-reactive-kotlin in your case. Which is a conditional dependency that gets activated having quarkus-resteasy-reactive and quarkus-kotlin in the project, which I also have and see quarkus-resteasy-reactive-kotlin being downloaded through my proxy.

[dastrobu]

It would be even more convenient if quarkus CLI would honour the environment variable HTTP_PROXY and HTTPS_PROXY.

[smil2k]

@aloubyansky It is not the build which fails but the integration test. It is downloading the runtime parts of the extensions. Probably the forked process is doing it.

[aloubyansky]

@dastrobu could you be more specific?

@smil2k if you could provide a reproducer or instructions for me to reproduce the issue locally I'll look into it asap.

[smil2k]

Try the following:

1. take any example project which has @QuarkusTest
2. clean m2 directory
3. setup proxy a proxy at another machine
4. setup proxy in settings
5. disable outgoing port 443

mvn clean install

maven will use the proxy, and during surefire execution it will try to download extra jars, which are not part of the build.
They would be downloaded directly.

i can try to reproduce it with -X maybe I can offer a stacktrace.

I think you tried something similar, just with custom nexus.

[dastrobu]

@aloubyansky thanks for your comment. To be more specific, here is a SSCCE:

quarkus create app org.acme:getting-started
cd getting-started
quarkus build --verbose 

This fails with

$ quarkus build --verbose 
[DEBUG] Build project with initial parameters: Build [buildOptions=BuildOptions [buildNative=false, clean=false, offline=false, skipTests=false], properties={}, output=OutputOptions [testMode=false, showErrors=false, verbose=true], params=[]]
/Users/Q453358/tmp/proxy/getting-started/mvnw -Dstyle.color=always -DquarkusRegistryClient=true install

Exception in thread "main" java.net.UnknownHostException: repo.maven.apache.org
	at java.base/sun.nio.ch.NioSocketImpl.connect(NioSocketImpl.java:572)
	at java.base/java.net.SocksSocketImpl.connect(SocksSocketImpl.java:327)
	at java.base/java.net.Socket.connect(Socket.java:633)
	at java.base/sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:304)
	at java.base/sun.security.ssl.BaseSSLSocketImpl.connect(BaseSSLSocketImpl.java:174)
	at java.base/sun.net.NetworkClient.doConnect(NetworkClient.java:183)
	at java.base/sun.net.www.http.HttpClient.openServer(HttpClient.java:533)
	at java.base/sun.net.www.http.HttpClient.openServer(HttpClient.java:638)
	at java.base/sun.net.www.protocol.https.HttpsClient.<init>(HttpsClient.java:266)
	at java.base/sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:380)
	at java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(AbstractDelegateHttpsURLConnection.java:193)
	at java.base/sun.net.www.protocol.http.HttpURLConnection.plainConnect0(HttpURLConnection.java:1242)
	at java.base/sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:1128)
	at java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:179)
	at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1665)
	at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1589)
	at java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:224)
	at org.apache.maven.wrapper.DefaultDownloader.downloadInternal(DefaultDownloader.java:95)
	at org.apache.maven.wrapper.DefaultDownloader.download(DefaultDownloader.java:85)
	at org.apache.maven.wrapper.Installer.createDist(Installer.java:84)
	at org.apache.maven.wrapper.WrapperExecutor.execute(WrapperExecutor.java:160)
	at org.apache.maven.wrapper.MavenWrapperMain.main(MavenWrapperMain.java:73)

When running the command, which was printed (without the mvnw wrapper) everything runs fine:

mvn -Dstyle.color=always -DquarkusRegistryClient=true install
[INFO] Scanning for projects...
... 
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time:  23.893 s
[INFO] Finished at: 2023-07-25T13:21:11+02:00
[INFO] ------------------------------------------------------------------------

Here is my proxy config:

$ env | grep -iE https?_proxy
https_proxy=http://localhost:3128
HTTPS_PROXY=http://localhost:3128
HTTP_PROXY=http://localhost:3128
http_proxy=http://localhost:3128

$ cat ~/.m2/settings.xml 
<settings xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
          xmlns="http://maven.apache.org/SETTINGS/1.0.0"
          xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0
                  https://maven.apache.org/xsd/settings-1.0.0.xsd">
    <proxies>
        <proxy>
            <id>local</id>
            <active>true</active>
            <protocol>http</protocol>
            <host>localhost</host>
            <port>3128</port>
        </proxy>
    </proxies>
</settings>

Where http://localhost:3128 points to a CNTLM proxy I am running locally.

So all I am saying is that quarkus should either enable reading the proxy config from the settings.xml or, even better should directly use the configuration form the https?_proxy environment variables. Currently, neither of those works for me.

For reference, some version info:

$ mvn --version
Apache Maven 3.9.3 (21122926829f1ead511c958d89bd2f672198ae9f)
Maven home: /usr/local/Cellar/maven/3.9.3/libexec
Java version: 17.0.8, vendor: Homebrew, runtime: /usr/local/Cellar/openjdk@17/17.0.8/libexec/openjdk.jdk/Contents/Home
Default locale: en_DE, platform encoding: UTF-8
OS name: "mac os x", version: "13.4.1", arch: "x86_64", family: "mac"

$ quarkus --version
3.2.2.Final

[aloubyansky]

Thanks, so it's a Maven wrapper issue? Does it fail with mvnw instead of mvn?

[smil2k]

No it is a bit different. (Albeit it might have similar ground).

My problem is during testing, wrapper is not involved.

[dastrobu]

Thanks, so it's a Maven wrapper issue? Does it fail with mvnw instead of mvn?

@aloubyansky yes, it fails with the same exception as quarkus build does:

$ ./mvnw -Dstyle.color=always -DquarkusRegistryClient=true install
Exception in thread "main" java.net.UnknownHostException: repo.maven.apache.org
	at java.base/sun.nio.ch.NioSocketImpl.connect(NioSocketImpl.java:572)
	at java.base/java.net.SocksSocketImpl.connect(SocksSocketImpl.java:327)
	at java.base/java.net.Socket.connect(Socket.java:633)
	at java.base/sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:304)
	at java.base/sun.security.ssl.BaseSSLSocketImpl.connect(BaseSSLSocketImpl.java:174)
	at java.base/sun.net.NetworkClient.doConnect(NetworkClient.java:183)
	at java.base/sun.net.www.http.HttpClient.openServer(HttpClient.java:533)
	at java.base/sun.net.www.http.HttpClient.openServer(HttpClient.java:638)
	at java.base/sun.net.www.protocol.https.HttpsClient.<init>(HttpsClient.java:266)
	at java.base/sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:380)
	at java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(AbstractDelegateHttpsURLConnection.java:193)
	at java.base/sun.net.www.protocol.http.HttpURLConnection.plainConnect0(HttpURLConnection.java:1242)
	at java.base/sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:1128)
	at java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:179)
	at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1665)
	at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1589)
	at java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:224)
	at org.apache.maven.wrapper.DefaultDownloader.downloadInternal(DefaultDownloader.java:95)
	at org.apache.maven.wrapper.DefaultDownloader.download(DefaultDownloader.java:85)
	at org.apache.maven.wrapper.Installer.createDist(Installer.java:84)
	at org.apache.maven.wrapper.WrapperExecutor.execute(WrapperExecutor.java:160)
	at org.apache.maven.wrapper.MavenWrapperMain.main(MavenWrapperMain.java:73)

[aloubyansky]

Ok, thanks for the info. The quarkusRegistryClient isn't relevant for install, btw, in case you run these commands yourself.

[aloubyansky]

@dastrobu have you tried adding proxy properties to ~/.mavenrc? E.g.

MAVEN_OPTS="-Dhttp.proxyHost=localhost -Dhttp.proxyPort=3128 -Dhttps.proxyHost=localhost -Dhttps.proxyPort=3128 -Dhttp.proxyUser=proxy_user -Dhttp.proxyPassword=secret -Djdk.http.auth.tunneling.disabledSchemes="

@smil2k I've been kind of struggling setting up a reproducer. In case you could look into providing a reproducer using a tinyproxy or squid docker image, it'd be highly appreciated.

[smil2k]

@aloubyansky
Can you execute firewall commands on your laptop? Maybe I would provide you the commands to shut down direct communication to the internet using these rules.

I was thinking in lines a docker compose file: build and proxy and firewall the build docker from accessing the internet.
This way it will be a good reproducer.

What do you think?

Regarding -Dhttp.proxy, it used to work, probably in the 2.x era, but now it is not working anymore. Even if I put it into JAVA_TOOL_OPTIONS.

[aloubyansky]

Sure, I'll give it a try @smil2k

[aloubyansky]

As to the -Dhttp.proxy that's for the wrapper. The wrapper is a plain Java client, not a maven resolver transport.

[dastrobu]

@dastrobu have you tried adding proxy properties to ~/.mavenrc? E.g.

MAVEN_OPTS="-Dhttp.proxyHost=localhost -Dhttp.proxyPort=3128 -Dhttps.proxyHost=localhost -Dhttps.proxyPort=3128 -Dhttp.proxyUser=proxy_user -Dhttp.proxyPassword=secret -Djdk.http.auth.tunneling.disabledSchemes="

@aloubyansky somehow I am not able to reproduce the error anymore, with or without the .mavenrc file. I have no clue what changed, though.

[aloubyansky]

@dastrobu thanks for checking, let us know in case you hit it again.

[aloubyansky]

@smil2k not sure it'll help your case but just in case you may want to check #34875 (comment)

[smil2k]

Thanks, this seems to be relevant, I’ll try to apply the patch to my pom.

[smil2k]

I can simulate the environment using docker:

docker run -v ./m2:/root/.m2 -v "$(pwd)":/usr/src/mymaven -w /usr/src/mymaven --add-host="repo.maven.apache.org:127.0.0.1" --add-host="proxy:127.0.0.1" --net host   --rm maven:3.9-amazoncorretto-11 mvn install

plus

docker run -p 3128:8888 --rm vimagick/tinyproxy

and a settings.xml in the m2 directory, contents can be found above.

The added host to repo.maven disables normal downloads, the downloads are enabled though the proxy entry.

It seems that I was not able to reproduce the problem yet. But this might be connected to the issue you pointed me to. Can be the maven docker image does something special to the maven. (extra env vars or similar).

I'll try it with some vanilla image next.

[aloubyansky]

Thanks a lot for looking into this @smil2k. Do builds still fail in your actual build environment though?

[smil2k]

Fixed by 3.2.4

[aloubyansky]

@smil2k did you have to adjust your project config beyond simply upgrading the Quarkus version to fix your builds?

[smil2k]

Just by using the latest the problem resolved.
(change log included an issue about the missing maven settings transfer, so I gave it a spin)

[aloubyansky]

Great, thanks @smil2k