Unauthorized errors attempting to import from a package repository

RobertBrown3 · December 5, 2023, 5:30am

In my self-hosted Gitlab installation, I have two projects that create JAR libraries that I want to placce in Maven package registries. The first project, one with an ID of “gitlab-maven”, is a dependency of the second project, which I have given an ID of “proxy-repo”.

I am using gitlab V16.5.

I have successfully built gitlab-maven and have deployed it to the project’s package repository. My problems occur when attempting to build proxy-repo.

My build procedure is pretty straightforward:

    build_job:
      stage: build
      tags:
        - proxy 

      script: 
        - echo "Compiling the library"
        - "mvn compile"

When running the build job, I get the following output:

    [INFO] Scanning for projects...
    [INFO] 
    [INFO] --------------------------< f3proxy:f3proxy >---------------------------
    [INFO] Building Proxy 4.3.1
    [INFO]   from pom.xml
    [INFO] --------------------------------[ jar ]---------------------------------
    Downloading from gitlab-maven: https://git.solishome.net/api/v4/projects/4/packages/maven/net/factor3/libs/resultclass/1.2.0/resultclass-1.2.0.pom
    Downloading from central: https://repo.maven.apache.org/maven2/net/factor3/libs/resultclass/1.2.0/resultclass-1.2.0.pom
    [INFO] ------------------------------------------------------------------------
    [INFO] BUILD FAILURE
    [INFO] ------------------------------------------------------------------------
    [INFO] Total time:  1.607 s
    [INFO] Finished at: 2023-12-02T01:13:51Z
    [INFO] ------------------------------------------------------------------------
    [ERROR] Failed to execute goal on project f3proxy: Could not resolve dependencies for project f3proxy:f3proxy:jar:4.3.1: Failed to collect dependencies at net.factor3.libs:resultclass:jar:1.2.0: Failed to read artifact descriptor for net.factor3.libs:resultclass:jar:1.2.0: The following artifacts could not be resolved: net.factor3.libs:resultclass:pom:1.2.0 (absent): Could not transfer artifact net.factor3.libs:resultclass:pom:1.2.0 from/to gitlab-maven (https://git.solishome.net/api/v4/projects/4/packages/maven): status code: 401, reason phrase: Unauthorized (401) -> [Help 1]
    [ERROR] 
    [ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
    [ERROR] Re-run Maven using the -X switch to enable full debug logging.
    [ERROR] 
    [ERROR] For more information about the errors and possible solutions, please read the following articles:
    [ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/DependencyResolutionException

It is clear that this is being caused by a misconfiguration of my pom file and/or settings, but I cannot find the error(s) in my configuration.

My pom.xml file for proxy-repo is set up to include my dependency for the jar file created for gitlab-maven, to include the gitlab-maven repository, and to publish the proxy jar file:

               .
		   lines skipped for brevity
    		  .
         <dependency>
           <groupId>com.fasterxml.jackson.dataformat</groupId>
           <artifactId>jackson-dataformat-yaml</artifactId>
           <version>2.11.0</version>
         </dependency>
         <dependency>
           <groupId>net.factor3.libs</groupId>
           <artifactId>resultclass</artifactId>
           <version>1.2.0</version>
         </dependency> 
        </dependencies>
      <repositories>
         <repository>
            <id>gitlab-maven</id>
            <url>https://git.solishome.net/api/v4/projects/${RESULT_ID}/packages/maven</url>
         </repository>
      </repositories>
      <distributionManagement>
         <repository>
            <id>proxy_repo</id>
            <url>https://git.solishome.net/api/v4/projects/${PROJECT_ID}/packages/maven</url>
         </repository>
         <snapshotRepository>
            <id>proxy_repo</id>
            <url>https://git.solishome.net/api/v4/projects/${PROJECT_ID}/packages/maven</url>
         </snapshotRepository>
      </distributionManagement>

RESULT_ID refers to the project ID of the gitlab-maven repository. PROJECT_ID refers to proxy-repo’s project ID, for the purpose of publishing its jar file to its package repository.

I have created access tokens for both projects, which I use for authentication/access in my settings.xml file shown below:

    <?xml version="1.0" encoding="UTF-8"?>
    <settings xmlns="http://maven.apache.org/SETTINGS/1.2.0"
              xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
              xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.2.0 https://maven.apache.org/xsd/settings-1.2.0.xsd">
       <servers>
          <server>
             <id>proxy_repo</id>
             <username>${MY_USERNAME}</username>
             <password>${PROXY_REPO_ACCESS_TOKN}</password>
             <configuration>
                <httpHeaders>
                   <property>
                      <name>Private-Token</name>
                     <value>${PROXY_REPO_ACCESS_TOKN}</value>
                   </property>
                </httpHeaders>
             </configuration>
          </server>
          <server>
             <id>gitlab-maven</id>
             <username>${MY_USERNAME}</username>
             <password>${GITLAB_MAVEN_ACCESS_TOKEN}</password>
             <configuration>
                <httpHeaders>
                   <property>
                      <name>Private-Token</name>
                      <value${GITLAB_MAVEN_ACCESS_TOKEN}</value>
                   </property>
                </httpHeaders>
             </configuration>
          </server>
       </servers>
    </settings>

NOTE: each access token was created within its individual project. The token for gitlab-maven was created in that project, while the proxy-repo token was created in the proxy-token project.

I also made the gitlab-maven project available to my other project by going to Settings->CI/CD, expanding “Token Access”, turning off the “Limit Access to this project” switch, and adding the proxy-repo project to the list of projects that have access.
Can someone tell me what is wrong with my setup/configuration? What mistake(s) have I made that have caused these 401 Unauthorized errors to occur?

marcosp · December 12, 2023, 4:41pm

Hi!
Check that you have a sintax error there.
It lacks of the closing “>” before the variable declaration.
Pls check it and share your results!
I’m curious about the RESULT_ID usage, 'cause you can consume packages at your instance level, which is a way to consume published libraries from multiple projects.

Best regards!

marcosp · December 12, 2023, 4:42pm

Some other thing:
You can set a global deploy token at root namespace, scoped to “read_package_registry” and set it as a group variable, so all dependent groups / projects will inherit that token and all can use it to read the package registry (using GPR at instance level).

RobertBrown3 · December 22, 2023, 7:25pm

Greetings Marcosp:

Sorry it took so long to get back about your response. I have had some somewhat gnarly problems that have kept my attention for a while.

I did correct the typo you pointed out (that was rather embarrassing!) and am attempting to run my pipeline. Unfortunately, now I am getting weird compilation errors that male absolutely no sense:

    [ERROR] Failed to execute goal org.apache.maven.plugins:maven-compiler-plugin:3.8.1:compile (default-compile) on project readinglib: Fatal error compiling: java.lang.NoSuchFieldError: Class com.sun.tools.javac.tree.JCTree$JCImport does not have member field 'com.sun.tools.javac.tree.JCTree qualid' -> [Help 1]
    [ERROR] 
    [ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
    [ERROR] Re-run Maven using the -X switch to enable full debug logging.

When I run maven on my development machine, I can build and install (mvn compile or mvn install) without problems. Unfortunately, when I run maven nin my pipeline I get the compilation failure shown above!

I am not using JCTree class anywhere in my application.I do not know where my pipeline is getting it from.

Once I can determine the cause of this compile error, I will be testing the deployment to the Gitlab repository. Then I’ll be able to tell you whether or not fixing my typo fixed the authentication error problem.

imed-ivowles · January 18, 2024, 12:32am

I’m suffering a similar problem with the 401 error. As a complete beginner with GitLab using a group level token sounds like a good way to get the related elements I am working on to play nice with each other. Unfortunately with my poor existing knowledge it is not clear to me how this is actually done, and how things might look. I’ve been trying permutations and combinations of tokens, ci_setting.xml, .gitlab-ci.yml entries found in other forum posts, without much understanding hoping I can jag the right answer. Are you able to elaborate somewhat please?