Shibboleth Developer's Meeting, 2021-11-05

Call Administrivia

09:00 Central US / 10:00 Eastern US / 14:00 UK / 16:00 FI Note unusual time this week due to DST changes

Calls are normally the 1st and 3rd Fridays of each month. Next call would be Friday 2021-11-19. Any reason to deviate from this?

60 to 90 minute call window.

Call Details

This week's call will use the Zoom system at GU, see ZoomGU for access info.

AGENDA

• Ian Young https://shibboleth.atlassian.net/browse/JPAR-195

• Rod Widdowson Philip Smart Site builds (which generate java doc and run weekly) x Nightly builds (which consume javadoc) x version revision == broken nightlys

• Maven Central Repository - see my (Tom) section below for details - do we want to :

  • (a) publish our repo URL in the POM and maintain long-term / forever-ish ? in a profile not activated by default ?

  • or (b) remove from POM and publish our repo URL in the wiki as documentation for developers to add to ~/.m2/settings.xml ? (that’s my suggestion)

• Quick q: did/do we intend to remove the jvmTrust option for LDAP authentication?
  

Add items for discussion here

Attendees:

Brent

Daniel

Henri

Ian

John

Marvin

Phil

Rod

• Busy elsewhere

• OpenSSL3 https://shibboleth.atlassian.net/browse/SSPCPP-946 & testing

• Next stage sig checking- work mostly understood. Pending https://shibboleth.atlassian.net/browse/JPAR-195

• Questions about https://shibboleth.atlassian.net/browse/IDP-1874 & https://shibboleth.atlassian.net/browse/IDP-1877

Scott

• Santuario release done (and done again)

• Bumped log4shib to fix some modern compiler issues

• Most of SP work is done unless I can think of something else to actually deprecate (vs. all the stuff I really want to deprecate)

  • Tested cpp-linbuild process successfully

• IdP odds and ends

Tom

• Maven Central :

  • Looks like we will not publish artifacts to Central due to indemnity clause in ToS :

    https://central.sonatype.org/publish/producer-terms/

  • Priority is to firewall our Nexus instance and host our repo via Apache at :

    https://build.shibboleth.net/maven

    • for backwards compat with our POMs will need to redirect

      • https://build.shibboleth.net/nexus/content/groups/public
        to
        https://build.shibboleth.net/maven/releases

      • https://build.shibboleth.net/nexus/content/repositories/snapshots
        to
        https://build.shibboleth.net/maven/snapshots

      • https://build.shibboleth.net/nexus/content/repositories/thirdparty-snapshots
        to
        https://build.shibboleth.net/maven/thirdparty-snapshots

      • and remove thirdparty/ when “Rod’s Rules” are in place

• As to whether someone else publishes to Central (for us), I think they would need to indemnify us but we do not really exist (as a legal entity).
  Looking for confirmation - technical details in the agenda above.

• Making some progress running Nexus/Jenkins in ECS/Fargate using Docker Compose (which wraps CloudFormation) - is that ok ?

  • Plan is to use docker-compose.yml as infrastructure-as-code, open to alternatives (awscli, AWS console, Terraform) but this seems simplest / easiest.

• Working through IdP browser tests in Jenkins with Jetty 9.4 versions (a) up to 9.4.43 as well as (b) 9.4.44 and up (conditional build step to inject idp-jetty-base version)

Other