You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@maven.apache.org by "Asmann, Roland" <Ro...@adesso.at> on 2010/11/17 11:15:02 UTC
Forbid users to use a certain artifact and/or version
Hi all,
For one of my customers, I have to come up with a solution to have maven
completely ignore certain artifacts and/or versions.
Does anybody have any ideas on how to do this?
I was thinking about using a preant-POM and the enforcer-plugin, but as
soon as I make an update, all projects would have to update their
parents as well -- which is exactly what they don't want, otherwise they
could've changed the dependencies themselves...
The problem here is that the architecture-department wants to get rid of
certain artifacts and the developers don't want to update their POMs...
I know, it's not ideal, but I have to find some sort of solution for this...
The setup they have here is using Nexus, maybe I can tinker around with
that a bit as well?
Any help would be greatly appreciated!
--
Roland Asmann
Senior Software Engineer
adesso Austria GmbH
Floridotower 26. Stock T +43 1 2198790-27
Floridsdorfer Hauptstr. 1 F +43 1 2198790-927
A-1210 Wien M +43 664 88657566
E roland.asmann@adesso.at
W www.adesso.at
-------------------------------------------------------------
>>> business. people. technology. <<<
-------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
For additional commands, e-mail: users-help@maven.apache.org
RE: Forbid users to use a certain artifact and/or version
Posted by "Haszlakiewicz, Eric" <EH...@transunion.com>.
>-----Original Message-----
>From: Antonio Petrelli [mailto:antonio.petrelli@gmail.com]
>
>2010/11/17 Asmann, Roland <Ro...@adesso.at>:
>> Does anybody have any ideas on how to do this?
>> I was thinking about using a preant-POM and the enforcer-plugin, but as
>> soon as I make an update, all projects would have to update their
>> parents as well -- which is exactly what they don't want, otherwise they
>> could've changed the dependencies themselves...
>>
>> The problem here is that the architecture-department wants to get rid of
>> certain artifacts and the developers don't want to update their POMs...
>> I know, it's not ideal, but I have to find some sort of solution for
>this...
>
>I'm sorry but I think that magic cannot happen, at least in Maven world.
>Either update your parent and encourage developers to change parent
>version, or encourage developers to change dependencies.
>I mean, if you update parent POM and it is not a SNAPSHOT version, and
>child POMs are not connected to this SNAPSHOT, then developers must
>change parent POM version.
IMO, there's nothing wrong with using a snapshot version for this. You'll need to update all the individual project poms once to change to the snapshot version, but then you can leave them alone.
>You can (very bad! don't do it!) modify the original deployed version
>of that parent POM to add those rules, developers should clean their
>local repository and redownload the parent POM.
Yeah, this causes problems because maven doesn't ever recheck non-snapshot artifacts that are in it's .m2/repository cache. You can't even force it to [*1], so the only option you have it to remove the entire cache. You certainly don't want to make this part of your normal build procedure!
eric
[*1] which IMO is a bug/missing important feature: it should have a way to verify checksums, to at least be able to detect corrupted files.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
For additional commands, e-mail: users-help@maven.apache.org
Re: Forbid users to use a certain artifact and/or version
Posted by Yoav Landman <yl...@gmail.com>.
If you only wish to limit artifact downloads based on path information then
this is already possible to do in Artifactory OSS version by using
include/exclude patterns. If you wish to have more elaborate control then in
Artifactory Pro you can use a custom groovy plugin to veto remote downloads
based on whatever criteria you choose.
HTH,
On Wed, Nov 17, 2010 at 1:49 PM, Asmann, Roland <Ro...@adesso.at>wrote:
> Yes, the customer in this case is a larger company that is starting to
> use Maven, or at least, starting to use it correctly now.
>
>
> On 17.11.2010 12:29, Antonio Petrelli wrote:
> > 2010/11/17 Asmann, Roland <Ro...@adesso.at>:
> > > I fully agree with you, but as the saying goes 'the customer is
> king'...
> >
> > Just curious, the customer develops too?
> >
> > Antonio
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
> > For additional commands, e-mail: users-help@maven.apache.org
> >
>
> --
> Roland Asmann
> Senior Software Engineer
>
> adesso Austria GmbH
> Floridotower 26. Stock T +43 1 2198790-27
> Floridsdorfer Hauptstr. 1 F +43 1 2198790-927
> A-1210 Wien M +43 664 88657566
> E roland.asmann@adesso.at
> W www.adesso.at
>
> -------------------------------------------------------------
> >>> business. people. technology. <<<
> -------------------------------------------------------------
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
> For additional commands, e-mail: users-help@maven.apache.org
>
>
--
Yoav
Re: Forbid users to use a certain artifact and/or version
Posted by "Asmann, Roland" <Ro...@adesso.at>.
Yes, the customer in this case is a larger company that is starting to
use Maven, or at least, starting to use it correctly now.
On 17.11.2010 12:29, Antonio Petrelli wrote:
> 2010/11/17 Asmann, Roland <Ro...@adesso.at>:
> > I fully agree with you, but as the saying goes 'the customer is king'...
>
> Just curious, the customer develops too?
>
> Antonio
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
> For additional commands, e-mail: users-help@maven.apache.org
>
--
Roland Asmann
Senior Software Engineer
adesso Austria GmbH
Floridotower 26. Stock T +43 1 2198790-27
Floridsdorfer Hauptstr. 1 F +43 1 2198790-927
A-1210 Wien M +43 664 88657566
E roland.asmann@adesso.at
W www.adesso.at
-------------------------------------------------------------
>>> business. people. technology. <<<
-------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
For additional commands, e-mail: users-help@maven.apache.org
Re: Forbid users to use a certain artifact and/or version
Posted by Antonio Petrelli <an...@gmail.com>.
2010/11/17 Asmann, Roland <Ro...@adesso.at>:
> I fully agree with you, but as the saying goes 'the customer is king'...
Just curious, the customer develops too?
Antonio
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
For additional commands, e-mail: users-help@maven.apache.org
Re: Forbid users to use a certain artifact and/or version
Posted by "Asmann, Roland" <Ro...@adesso.at>.
I fully agree with you, but as the saying goes 'the customer is king'...
Ah well, I'll give it another couple of days to tinker around and if
nothing else works, I'll tell them to just enforce one of the changes.
On 17.11.2010 11:43, Antonio Petrelli wrote:
> 2010/11/17 Asmann, Roland <Ro...@adesso.at>:
> > Does anybody have any ideas on how to do this?
> > I was thinking about using a preant-POM and the enforcer-plugin, but as
> > soon as I make an update, all projects would have to update their
> > parents as well -- which is exactly what they don't want, otherwise they
> > could've changed the dependencies themselves...
> >
> > The problem here is that the architecture-department wants to get rid of
> > certain artifacts and the developers don't want to update their POMs...
> > I know, it's not ideal, but I have to find some sort of solution for
> this...
>
> I'm sorry but I think that magic cannot happen, at least in Maven world.
> Either update your parent and encourage developers to change parent
> version, or encourage developers to change dependencies.
> I mean, if you update parent POM and it is not a SNAPSHOT version, and
> child POMs are not connected to this SNAPSHOT, then developers must
> change parent POM version.
> You can (very bad! don't do it!) modify the original deployed version
> of that parent POM to add those rules, developers should clean their
> local repository and redownload the parent POM.
>
> Anyway, you already found two good solutions to your problem.
> This kind of war is nonsense IMHO.
>
> Antonio
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
> For additional commands, e-mail: users-help@maven.apache.org
>
--
Roland Asmann
Senior Software Engineer
adesso Austria GmbH
Floridotower 26. Stock T +43 1 2198790-27
Floridsdorfer Hauptstr. 1 F +43 1 2198790-927
A-1210 Wien M +43 664 88657566
E roland.asmann@adesso.at
W www.adesso.at
-------------------------------------------------------------
>>> business. people. technology. <<<
-------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
For additional commands, e-mail: users-help@maven.apache.org
Re: Forbid users to use a certain artifact and/or version
Posted by Antonio Petrelli <an...@gmail.com>.
2010/11/17 Asmann, Roland <Ro...@adesso.at>:
> Does anybody have any ideas on how to do this?
> I was thinking about using a preant-POM and the enforcer-plugin, but as
> soon as I make an update, all projects would have to update their
> parents as well -- which is exactly what they don't want, otherwise they
> could've changed the dependencies themselves...
>
> The problem here is that the architecture-department wants to get rid of
> certain artifacts and the developers don't want to update their POMs...
> I know, it's not ideal, but I have to find some sort of solution for this...
I'm sorry but I think that magic cannot happen, at least in Maven world.
Either update your parent and encourage developers to change parent
version, or encourage developers to change dependencies.
I mean, if you update parent POM and it is not a SNAPSHOT version, and
child POMs are not connected to this SNAPSHOT, then developers must
change parent POM version.
You can (very bad! don't do it!) modify the original deployed version
of that parent POM to add those rules, developers should clean their
local repository and redownload the parent POM.
Anyway, you already found two good solutions to your problem.
This kind of war is nonsense IMHO.
Antonio
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
For additional commands, e-mail: users-help@maven.apache.org
Re: Forbid users to use a certain artifact and/or version
Posted by "Asmann, Roland" <Ro...@adesso.at>.
Now that is useful info! I hadn't looked at the Pro version yet, but
they were already discussing buying it because of better security measures.
Thanks!
On 17.11.2010 12:34, Anders Hammar wrote:
> I possible solution if they already use Nexus, is to upgrade to Nexus Pro
> and use the procurement feature. Then they can easily block specific
> artifacts, effectively forcing the developers to change their dependencies.
> Otherwise they will not be able to build...very effective! :-)
>
> /Anders
>
> On Wed, Nov 17, 2010 at 11:15, Asmann, Roland
> <Ro...@adesso.at>wrote:
>
> > Hi all,
> >
> > For one of my customers, I have to come up with a solution to have maven
> > completely ignore certain artifacts and/or versions.
> >
> > Does anybody have any ideas on how to do this?
> > I was thinking about using a preant-POM and the enforcer-plugin, but as
> > soon as I make an update, all projects would have to update their
> > parents as well -- which is exactly what they don't want, otherwise they
> > could've changed the dependencies themselves...
> >
> > The problem here is that the architecture-department wants to get rid of
> > certain artifacts and the developers don't want to update their POMs...
> > I know, it's not ideal, but I have to find some sort of solution for
> > this...
> >
> > The setup they have here is using Nexus, maybe I can tinker around with
> > that a bit as well?
> >
> > Any help would be greatly appreciated!
> >
> > --
> > Roland Asmann
> > Senior Software Engineer
> >
> > adesso Austria GmbH
> > Floridotower 26. Stock T +43 1 2198790-27
> > Floridsdorfer Hauptstr. 1 F +43 1 2198790-927
> > A-1210 Wien M +43 664 88657566
> > E roland.asmann@adesso.at
> > W www.adesso.at
> >
> > -------------------------------------------------------------
> > >>> business. people. technology. <<<
> > -------------------------------------------------------------
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
> > For additional commands, e-mail: users-help@maven.apache.org
> >
> >
>
--
Roland Asmann
Senior Software Engineer
adesso Austria GmbH
Floridotower 26. Stock T +43 1 2198790-27
Floridsdorfer Hauptstr. 1 F +43 1 2198790-927
A-1210 Wien M +43 664 88657566
E roland.asmann@adesso.at
W www.adesso.at
-------------------------------------------------------------
>>> business. people. technology. <<<
-------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
For additional commands, e-mail: users-help@maven.apache.org
Re: Forbid users to use a certain artifact and/or version
Posted by Anders Hammar <an...@hammar.net>.
I possible solution if they already use Nexus, is to upgrade to Nexus Pro
and use the procurement feature. Then they can easily block specific
artifacts, effectively forcing the developers to change their dependencies.
Otherwise they will not be able to build...very effective! :-)
/Anders
On Wed, Nov 17, 2010 at 11:15, Asmann, Roland <Ro...@adesso.at>wrote:
> Hi all,
>
> For one of my customers, I have to come up with a solution to have maven
> completely ignore certain artifacts and/or versions.
>
> Does anybody have any ideas on how to do this?
> I was thinking about using a preant-POM and the enforcer-plugin, but as
> soon as I make an update, all projects would have to update their
> parents as well -- which is exactly what they don't want, otherwise they
> could've changed the dependencies themselves...
>
> The problem here is that the architecture-department wants to get rid of
> certain artifacts and the developers don't want to update their POMs...
> I know, it's not ideal, but I have to find some sort of solution for
> this...
>
> The setup they have here is using Nexus, maybe I can tinker around with
> that a bit as well?
>
> Any help would be greatly appreciated!
>
> --
> Roland Asmann
> Senior Software Engineer
>
> adesso Austria GmbH
> Floridotower 26. Stock T +43 1 2198790-27
> Floridsdorfer Hauptstr. 1 F +43 1 2198790-927
> A-1210 Wien M +43 664 88657566
> E roland.asmann@adesso.at
> W www.adesso.at
>
> -------------------------------------------------------------
> >>> business. people. technology. <<<
> -------------------------------------------------------------
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
> For additional commands, e-mail: users-help@maven.apache.org
>
>