You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@maven.apache.org by Greg Morgan <dr...@cox.net> on 2007/10/29 02:34:32 UTC

Sonatype Book and Repository Configuration

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

So I am following this page http://www.sonatype.com/book/repository.html
.  I get the idea that after I have a closed source local repo inplace,
I can configure the parent pom.xml with the information and the
settings.xml with the passwords.   So I am feeling a bit stretched and
google isn't being kind about 'setup apache "REST server"' I was
wondering if someone can provide me with some additional background?

I have pasted my apache maven-snap.conf below.  At first I just want a
simple solution.  Later I can try archiva and similar solutions. What I
find unsavory about the path I am taking, in the file below is enabling
a shared upload mechanism and all the pathological problems of squaring
away team security and apache security.  If I already have a working
authz_mod_svn security configuration and basic auth scheme going for
subversion, might I be able to revise the maven-snap.conf below so that
webdav is used for the transport?  Can anyone point me to a URL for an
example configuration?  Also would I use webdav_fs with this configuration?

Regards,
Greg






# Ident: maven-snap.conf
#
# maven-snap.conf provides steps to configure a simple Maven
# Snap_shot_repo, Release_repo, and required_files location
# on a maven box,
#
# Steps
# su - root
# cd /var/www
# mkdir maven2
# cd maven2
# mkdir snapshot_repo
# mkdir release_repo
# mkdir required_files
# cd /var/www
# chown -R apache.apache maven2
# chmod -R g+rwsx maven2
# copy this file to fedora /etc/httpd/conf.d directory
# /etc/rc.d/init.d/httpd restart
# exit # root login
#
<IfModule !mod_dir.c>
    LoadModule dir_module modules/mod_dir.so
</IfModule>
<IfModule !mod_autoindex.c>
     LoadModule autoindex_module modules/mod_autoindex.so
</IfModule>

# This error_log message on linux said I needed to remove a security
setting.
# this may be OK on an internal network!
#
# [Sun Oct 28 17:31:41 2007] [error] [client 172.20.3.25] ModSecurity:
Access denied with code 403 (phase 4). Pattern match "(?:>\\\\[To Parent
Directory\\\\]<\\\\/[Aa]><br>|<title>Index of.*?<h1>Index of)" at
RESPONSE_BODY. [id "970013"] [msg "Directory Listing"] [severity
"WARNING"] [hostname "bagheera"] [uri "/maven-snap/"] [unique_id
"0vxS86wUAxcAAF7zk4IAAAAA"]
#
# Note remove error for directory listing?
# Found in /etc/httpd/modsecurity.d/modsecurity_crs_50_outbound.conf
# SecRule RESPONSE_BODY "(?:>\[To Parent
Directory\]<\/[Aa]><br>|<title>Index of.*?<h1>Index of)" \
#
"ctl:auditLogParts=+E,deny,log,auditlog,status:403,msg:'Directory
Listing',,id:'970013',severity:'4'"
#

Alias /maven-snap "/var/www/maven2/snapshot_repo"

<Directory "/var/www/maven2/snapshot_repo">
  DirectoryIndex index.html index.htm
  Options Indexes
  IndexOptions FancyIndexing
  Order allow,deny
  Allow from all
</Directory>

# Maven Release repo

Alias /maven-release "/var/www/maven2/release_repo"

<Directory "/var/www/maven2/release_repo">
  DirectoryIndex index.html index.htm
  Options Indexes
  IndexOptions FancyIndexing
  Order allow,deny
  Allow from all
</Directory>

# Required files for dependencies.  The idea behind this
# web location is that you store all the jars and other archives
# that were used to build your application.  Team would go to this
# URL to make sure that a common set of JDKs and other applications
# are used on all developer's work stations.

Alias /required-files "/var/www/maven2/required_files"

<Directory "/var/www/maven2/required_files">
  DirectoryIndex index.html index.htm
  Options Indexes
  IndexOptions FancyIndexing
  Order allow,deny
  Allow from all
</Directory>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFHJTioxyxe5L6mr7IRAmaJAKCfc3PJzQ/5gYqms3U/78Bjj5KEUQCfati6
nL+Mv7zbFV550gfArwrCgwc=
=BXam
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
For additional commands, e-mail: users-help@maven.apache.org

Re: Sonatype Book and Repository Configuration

Posted by Greg Morgan <dr...@cox.net>.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Insitu wrote:
> Hello Greg,
> Setting up webdav in Apache (2.2) is kind of trivial:
> 
> DavLockDB "/var/lock/dav/lock"
> 
> Alias /maven2 "/var/www/maven2"
> 
> <Directory /var/www/maven2>
>     Dav On
>     AllowOverride None
> </Directory>
> 
> That said, this is a maven list and your question is rather httpd
> specific. Did you have a look at /usr/share/doc/apache2 for example on
> a debian like linux system, or better http://httpd.apache.org  ? 

Yes Yes you are correct about the httpd specifics and the maven list.
However, you provided me with the pointer to get going.  Thank you very
much for posting a response.

> 
> If your question is about configuring webdav in maven, this is covered
> http://maven.apache.org/wagon/ in great details ;-). More seriously,
> you just add wagon-dav extension to your pom and you can use dav://
> urls.
> 
> REgards,
> 

Thanks again.

Regards,
Greg
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFHKY3sxyxe5L6mr7IRArG9AJ9yBPCnaN+5o7N5LH1RWV8Ym0aJxgCeJLA/
ov77jzw5/uFWUkc+q9Om61A=
=os9R
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
For additional commands, e-mail: users-help@maven.apache.org

Re: Sonatype Book and Repository Configuration

Posted by Insitu <ab...@oqube.com>.

Hello Greg,
Setting up webdav in Apache (2.2) is kind of trivial:

DavLockDB "/var/lock/dav/lock"

Alias /maven2 "/var/www/maven2"

<Directory /var/www/maven2>
    Dav On
    AllowOverride None
</Directory>

That said, this is a maven list and your question is rather httpd
specific. Did you have a look at /usr/share/doc/apache2 for example on
a debian like linux system, or better http://httpd.apache.org  ? 

If your question is about configuring webdav in maven, this is covered
http://maven.apache.org/wagon/ in great details ;-). More seriously,
you just add wagon-dav extension to your pom and you can use dav://
urls.

REgards,

-- 
OQube < software engineering \ génie logiciel >
Arnaud Bailly, Dr.
\web> http://www.oqube.com


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
For additional commands, e-mail: users-help@maven.apache.org