Merge pull request #2065 from JPRuskin/ENGTASKS-1599/nexus-repository

.github/CODEOWNERS

@@ -40,6 +40,7 @@
 */selenium-chromium-edge-driver* @chocolatey-community/chocolatey-team-maintainers @AdmiringWorm
 */jenkins*            @chocolatey-community/chocolatey-team-maintainers
 */brave*              @AdmiringWorm
+*/nexus-repository*   @chocolatey-community/chocolatey-team-maintainers
 
 # Other
 # This can be any file other that won't be matched as a package

automatic/nexus-repository/Readme.md

@@ -0,0 +1,38 @@
+# <img src="https://cdn.jsdelivr.net/gh/chocolatey-community/chocolatey-packages@icons/nexus-repository.png" width="48" height="48"/> [Nexus Repository OSS](https://chocolatey.org/packages/nexus-repository)
+
+Free open source version of popular Nexus Repository for binary artifacts including first class Nuget support.
+
+## Features
+
+Free OSS version supports advanced access control (groups, roles), LDAP and per-user api keys.
+Nexus product does not have a built-in web gallery for components.
+
+* Build quickly and reliably:  
+  Publish and cache components in a central repository that connects natively to all popular package managers.
+* Manage storage space efficiently:  
+  Automatically clean up old or unused artifacts from your repositories
+* Assess open source risk:  
+  Centralize your consumption of open source to gain insight into the risk in your software supply chain.
+* Block malicious components:  
+  Add Nexus Firewall to stop OSS risk from entering your SDLC using next-generation behavioral analysis and automated policy enforcement.
+* Flexible security:  
+  Control access to your components with role-based access controls and full auditability.
+
+## Package Parameters
+
+This package supports the following parameters:
+
+* `/Fqdn` - The fqdn that matches the subject you are using for your Nexus instance SSL certificate.
+* `/Port` - Specify what port Nexus should listen on. Defaults to `8081`.
+* `/BackupSslConfig` - Ensures that the ssl configuration survives an upgrade.
+* `/BackupLocation` - Species the path to backup ssl configuration to during upgrade. Defaults to `~/NexusSSLBackup`.
+
+You can pass parameters as follows:
+
+`choco install nexus-repository --parameters="/Fqdn='nexus.example.com' /Port=4443 /BackupSslConfig /BackupLocation='X:\Backup\NexusSSL'"`
+
+## Notes
+
+- **ATTENTION BREAKING CHANGE FOR UPGRADES FROM VERSIONS BEFORE 3.3.2.02**  
+    Nexus no longer provided a setup.exe for installing Nexus Repository 3.x on Windows.
+    If you previously installed this with a package that used a setup.exe, you must manually uninstall it first (use choco uninstall nexus-repository if you used Chocolatey to install it).    Once you are on 3.3.2.02 or later, upgrades will work smoothly.

automatic/nexus-repository/nexus-repository.nuspec

@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="utf-8"?>
+<package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd">
+  <metadata>
+    <id>nexus-repository</id>
+    <title>Nexus Repository OSS</title>
+    <version>3.49.0.02</version>
+    <authors>Sonatype</authors>
+    <owners>chocolatey-community,DarwinJS</owners>
+    <summary>Free open source version of popular Nexus Repository for binary artifacts including first class Nuget support.</summary>
+    <description></description>
+    <projectUrl>http://www.sonatype.com/nexus-repository-oss</projectUrl>
+    <projectSourceUrl>https://github.com/sonatype/nexus-public</projectSourceUrl>
+    <docsUrl>http://books.sonatype.com/nexus-book/3.0/reference/index.html</docsUrl>
+    <tags>nexus-repository server freeware cross-platform maven nuget npm java rubygems docker eclipse p2 osgi obr apt yum rpm artifact bower ssl respository sonatype nexus admin</tags>
+    <copyright>Sonatype</copyright>
+    <licenseUrl>http://www.eclipse.org/legal/epl-v10.html</licenseUrl>
+    <requireLicenseAcceptance>false</requireLicenseAcceptance>
+    <iconUrl>https://cdn.jsdelivr.net/gh/git@github.com:chocolatey-community/chocolatey-packages/icons/nexus-repository.png</iconUrl>
+    <releaseNotes>https://help.sonatype.com/repomanager3/release-notes</releaseNotes>
+    <dependencies>
+      <dependency id="temurinjre" version="11.0.12.7" />
+    </dependencies>
+  </metadata>
+  <files>
+    <file src="tools\**" target="tools" />
+  </files>
+</package>

automatic/nexus-repository/tools/chocolateyinstall.ps1

@@ -0,0 +1,144 @@
+$ErrorActionPreference = 'Stop'
+$toolsDir = Split-Path $MyInvocation.MyCommand.Definition
+. $toolsDir\helpers.ps1
+
+if (Get-OSArchitectureWidth 32) {
+  throw "Sonatype Nexus Repository 3.0 and greater only supports 64-bit Windows."
+}
+
+$Version = '[[VERSION]]'
+$NexusVersionedFolder = "nexus-$Version"
+$TargetFolder = "$env:ProgramData\nexus"
+$ExtractFolder = "$env:TEMP\NexusExtract"
+$TargetDataFolder = "$env:ProgramData\sonatype-work"
+$NexusConfigFile = "$TargetDataFolder\nexus3\etc\nexus.properties"
+$ServiceName = 'nexus'
+
+# Handle Package Parameters
+$pp = Get-PackageParameters
+
+$Hostname = if ($pp.ContainsKey("Fqdn")) {
+  $pp["Fqdn"]
+} else {
+  "localhost"
+}
+
+$NexusPort = if ($pp.ContainsKey("Port")) {
+  $pp["Port"]
+  Write-Host "/Port was used, Nexus will listen on port $($NexusPort)."
+} else {
+  "8081"
+}
+
+if (Test-Path "$env:ProgramFiles\nexus\bin") {
+  throw "Previous version of Nexus 3 installed by setup.exe is present, please uninstall before running this package."
+}
+
+if ((Get-Service $ServiceName -ErrorAction SilentlyContinue)) {
+  Write-Warning "Nexus web app is already present, shutting it down so that we can upgrade it."
+  Get-Service $ServiceName | Stop-Service -Force
+}
+
+if ($pp.ContainsKey("BackupSslConfig")) {
+  if ($pp.ContainsKey("BackupLocation")) {
+    Backup-NexusSSL -BackupLocation $pp["BackupLocation"]
+  } else {
+    Backup-NexusSSL
+  }
+}
+
+# Extract the Nexus program files, and overwrite any previous program files
+if (Test-Path "$ExtractFolder") {
+  Remove-Item "$ExtractFolder" -Recurse -Force
+}
+
+$PackageArgs = @{
+  packageName    = $env:ChocolateyPackageName
+  unzipLocation  = $ExtractFolder
+  url64          = '[[URL]]'
+  checksum64     = '[[CHECKSUM]]'
+  checksumType64 = 'SHA256'
+}
+
+Install-ChocolateyZipPackage @PackageArgs
+
+Write-Host "Copying files to '$TargetFolder' with overwrite"
+if (Test-Path "$TargetFolder") {
+  Copy-Item "$ExtractFolder\$nexusversionedfolder\*" "$TargetFolder" -Force -Recurse
+} else {
+  Copy-Item "$ExtractFolder\$nexusversionedfolder" "$TargetFolder" -Force -Recurse
+}
+
+# Create the Nexus data directory, if it doesn't exist
+if (!(Test-Path "$TargetDataFolder")) {
+  Move-Item "$extractfolder\sonatype-work" "$TargetDataFolder"
+} else {
+  Write-Warning "`"$TargetDataFolder`" already exists, not overwriting, residual data from previous installs will not be reset."
+}
+
+Remove-Item "$ExtractFolder" -Force -Recurse
+
+# Install the Nexus service
+$processArgs = @{
+  ExeToRun       = "$TargetFolder\bin\nexus.exe"
+  Statements     = "/install $servicename"
+  ValidExitCodes = @(0)
+}
+
+$null = Start-ChocolateyProcessAsAdmin @processArgs
+
+if ($pp.ContainsKey("BackupSslConfig")) {
+  if ($pp.ContainsKey("BackupLocation")) {
+    Restore-NexusSSL -BackupLocation $pp['BackupLocation']
+  } else {
+    Restore-NexusSSL
+  }
+}
+
+# Update Port in Configuration before starting the service
+if ($NexusPort -ne '8081') {
+  if (Test-Path "$NexusConfigFile") {
+    Write-Host "Configuring Nexus to listen on port $NexusPort."
+        (Get-Content "$NexusConfigFile") -replace "^#\s*application-port=.*$", "application-port=$NexusPort" |
+    Set-Content "$NexusConfigFile"
+  } else {
+    Write-Warning "Cannot find `"$NexusConfigFile`", skipping configuring Nexus to listen on port $NexusPort."
+  }
+}
+
+# Start the service, and wait for the site to become available
+if ((Start-Service $ServiceName -PassThru).Status -eq 'Running') {
+  Wait-NexusAvailability -Hostname $Hostname -Port $NexusPort -Config $NexusConfigFile -SSL:$pp.ContainsKey("BackupSslConfig")
+} else {
+  Write-Warning "The Nexus Repository service ($ServiceName) did not start."
+}
+
+$generatedAdminPasswordFile = Join-Path $TargetDataFolder '\nexus3\admin.password'
+Write-Host -ForegroundColor Yellow @"
+*******************************************************************************************
+*
+*  You MAY receive the error 'localhost refused to connect.' until Nexus is fully started.
+*
+*  For new installs, you must login as admin to complete some setup steps
+*  You can manage the repository by typing 'start http://$($Hostname):$($NexusPort)'
+*
+*  The default user is 'admin'
+*  ADMIN PASSWORD:
+$(if (Test-Path $generatedAdminPasswordFile) {
+"*    NEW INSTALLS: The password generated for your instance is recorded
+*       in '$($generatedAdminPasswordFile)'"
+} else {
+"*    UPGRADES/REINSTALLS: As you upgraded (or uninstalled and reinstalled) without cleaning
+*      up $TargetDataFolder - the password will be the same as it was before and the password file
+*      will not exist.
+*    RESET PASSWORD WITH INSTALL: Uninstall Nexus and remove the directory '$TargetDataFolder'
+*      and then reinstall.  This time a password file will be generated."
+})
+*
+*  Nexus availability is controlled via the service `"$Servicename`"
+*  Use the following command to open port $NexusPort for access from off this machine (one line):
+*   netsh advfirewall firewall add rule name=`"Nexus Repository`" dir=in action=allow
+*   protocol=TCP localport=$NexusPort
+*
+*******************************************************************************************
+"@

automatic/nexus-repository/tools/chocolateyuninstall.ps1

@@ -0,0 +1,25 @@
+$ErrorActionPreference = 'Stop'
+$ServiceName = 'nexus'
+$InstallFolder = "$env:ProgramData\Nexus"
+
+if (Test-Path "$Installfolder\bin\nexus.exe") {
+  if (Get-Process $ServiceName -ErrorAction SilentlyContinue) {
+    Get-Process $ServiceName | Stop-Process -Force
+  }
+
+  if (Get-Service $ServiceName -ErrorAction SilentlyContinue) {
+    Stop-Service $ServiceName
+  }
+
+  Start-Sleep -Seconds 5
+
+  $ProcessArgs = @{
+    ExeToRun       = "$InstallFolder\bin\nexus.exe"
+    Statements     = "/uninstall $ServiceName"
+    ValidExitCodes = @(0)
+  }
+  Start-ChocolateyProcessAsAdmin @ProcessArgs
+  Remove-Item $InstallFolder -Recurse -Force
+} else {
+  Write-Warning "It appears that the uninstall may have been run outside of chocolatey, skipping..."
+}

automatic/nexus-repository/tools/helpers.ps1

@@ -0,0 +1,107 @@
+function Backup-NexusSSL {
+  [CmdletBinding()]
+  param(
+    [Parameter()]
+    [String]$BackupLocation = $(Join-Path $env:UserProfile "NexusSSLBackup")
+  )
+  begin {
+    if (-not (Test-Path $BackupLocation)) {
+      Write-Host "Creating SSL Backup location"
+      $null = New-Item $BackupLocation -ItemType Directory
+    }
+  }
+  process {
+    if (Test-Path "$env:ProgramData\nexus\etc\ssl\keystore.jks") {
+      Copy-Item "$env:ProgramData\nexus\etc\ssl\keystore.jks" $BackupLocation
+    }
+
+    if (Test-Path "$env:ProgramData\nexus\etc\jetty\jetty-https.xml") {
+      Copy-Item "$env:ProgramData\nexus\etc\jetty\jetty-https.xml" $BackupLocation
+    }
+  }
+}
+
+function Restore-NexusSSL {
+  [CmdletBinding()]
+  param(
+    [Parameter()]
+    [String]$BackupLocation = $(Join-Path $env:UserProfile "NexusSSLBackup")
+  )
+  process {
+    Write-Host "Shutting down nexus Service to re-apply ssl configuration"
+    $null = Stop-Service nexus
+
+    Write-Host "Reapplying SSL Configuration"
+    if (Test-Path "$BackupLocation\keystore.jks") {
+      Copy-Item "$BackupLocation\keystore.jks" "$env:ProgramData\nexus\etc\ssl"
+    }
+
+    if (Test-Path "$BackupLocation\jetty-https.xml") {
+      Copy-Item "$BackupLocation\jetty-https.xml" "$env:ProgramData\nexus\etc\jetty"
+    }
+
+    Write-Host "Nexus is now available with the restored SSL configuration"
+  }
+}
+
+function Wait-NexusAvailability {
+  param(
+    [Parameter(Mandatory = $true)]
+    [string]$Hostname,
+
+    [Parameter(Mandatory = $true)]
+    [uint16]$Port,
+
+    [Parameter(Mandatory = $true)]
+    [Alias("Config")]
+    [string]$NexusConfigFile,
+
+    [switch]$SSL
+  )
+  # Even though windows reports service is ready - web url will not respond until Nexus is actually ready to serve content
+  # We need to use this method to collect the port number so we can properly test the website has returned OK.
+  $nexusScheme, $portConfigLine = if ($SSL) {
+    # This is to combat Package Internalizer's over-enthusiastic URL matching
+        ('http' + 's'), 'application-port-ssl'
+  } else {
+    'http', 'application-port'
+  }
+
+  # As the service is started, this should be present momentarily
+  $Timer = [System.Diagnostics.Stopwatch]::StartNew()
+  while (-not ($ConfigPresent = Test-Path $NexusConfigFile) -and $Timer.Elapsed.TotalSeconds -le 60) {
+    Write-Verbose "Waiting for '$($NexusConfigFile)' to become available ($($Timer.Elapsed.TotalSeconds) seconds waited)..."
+    Start-Sleep -Seconds 5
+  }
+
+  if ($ConfigPresent) {
+    $nexusPort = (Get-Content $NexusConfigFile | Where-Object {
+        $_ -match $portConfigLine
+      }).Split('=')[-1]
+
+    $nexusPath = (Get-Content $NexusConfigFile | Where-Object {
+        $_ -match "nexus-context-path"
+      }).Split("=")[-1]
+  } else {
+    Write-Warning "Expected Nexus Config file '$($NexusConfigFile)' is not present."
+    $nexusPath, $nexusPort = '/', $Port
+  }
+
+  $NexusUri = "$($nexusScheme)://$($hostname):$($nexusPort)$($nexusPath)"
+
+  Write-Host "Waiting on Nexus Web UI to be available at '$($NexusUri)'"
+  while ($Response.StatusCode -ne '200' -and $Timer.Elapsed.TotalMinutes -lt 3) {
+    try {
+      $Response = Invoke-WebRequest -Uri $NexusUri -UseBasicParsing
+    } catch {
+      Write-Verbose "Waiting on Nexus Web UI to be available at '$($NexusUri)'"
+      Start-Sleep -Seconds 1
+    }
+  }
+
+  if ($Response.StatusCode -eq '200') {
+    Write-Host "Nexus is ready!"
+  } else {
+    Write-Error "Nexus did not respond to requests at '$($NexusUri)' within 3 minutes of the service being started."
+  }
+}

automatic/nexus-repository/update.ps1

@@ -0,0 +1,24 @@
+Import-Module AU
+
+function global:au_GetLatest {
+  $LatestRelease = Get-GitHubRelease sonatype nexus-public
+  $ReleaseVersion = $LatestRelease.tag_name -replace 'release-', ''
+
+  @{
+    NexusVersion = $ReleaseVersion
+    Version      = $ReleaseVersion -replace '-', '.'
+    URL64        = "https://sonatype-download.global.ssl.fastly.net/repository/downloads-prod-group/3/nexus-$($ReleaseVersion)-win64.zip"
+  }
+}
+
+function global:au_SearchReplace {
+  @{
+    ".\tools\chocolateyInstall.ps1" = @{
+      "(^[$]Version\s*=\s*)('.*')"    = "`$1'$($Latest.NexusVersion)'"
+      "(^\s*url64\s*=\s*)('.*')"      = "`$1'$($Latest.URL64)'"
+      "(^\s*checksum64\s*=\s*)('.*')" = "`$1'$($Latest.Checksum64)'"
+    }
+  }
+}
+
+update -ChecksumFor 64