You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@maven.apache.org by Mikis <ms...@dk.ibm.com> on 2007/03/09 14:17:32 UTC
Preventing transitive snapshot downloading
I have being struggling with problems regarding dependencies on apparently
released artifacts (not snapshots), which contain snapshot or faulty
dependencies (maybe transitive). If the artifacts also define their own
remote repositories, I'm unable to fix the problem by patching the intranet
or proxy repository, as this are circumvented .
Is it possible to prevent Maven from downloading artifacts from Internet
repositories using the intranet/proxy repository as the only remote
repository? One way of doing this would be to define some kind of repository
whitelist defining the intranet repositories allowed. The offline line
option is not quite what I need as this would prevent usage of the intranet
repositories.
I fell I'm currently unable to guarantee my intranet Maven users that a
fully version controlled dependency definition in the poms will ensure a
fixed dependency tree (broken configuration management :-( ).
--
View this message in context: http://www.nabble.com/Preventing-transitive-snapshot-downloading-tf3375610s177.html#a9394154
Sent from the Maven - Users mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
For additional commands, e-mail: users-help@maven.apache.org
Re: Preventing transitive snapshot downloading
Posted by Wayne Fay <wa...@gmail.com>.
This has been added to JIRA (already fixed by Brett, thanks) and the
Mirror mini-guide has been updated:
http://maven.apache.org/guides/mini/guide-mirror-settings.html
Wayne
On 3/9/07, Greg_Vaughn@countrywide.com <Gr...@countrywide.com> wrote:
> Yes, this mailing list is where I heard of it. Perhaps searching the
> archives would yield more info.
>
> -Greg Vaughn
>
> "Wayne Fay" <wa...@gmail.com> wrote on 03/09/2007 10:08:42 AM:
>
> > The <mirrorOf>* is a new feature that we've discussed here on M-U and
> > M-D a bit the last few months. But it seems like it has not been
> > documented anywhere (!).
> >
> > I'll post an issue in JIRA about this. Thanks for the note, Tamás.
> >
> > Wayne
> >
> > On 3/9/07, Tamás Cservenák <t....@gmail.com> wrote:
> > > What about some (possibly maven-aware) HTTP proxy? Something like DSMP
> > > should be able to solve the problem, no?
> > >
> > > Greg, where did you find this about <mirrorOf>*</mirrorOf>?
> > >
> > > I did not find anything about it in release notes and Jira issues....
> > >
> > > ~t~
> > >
> > > On 3/9/07, Greg_Vaughn@countrywide.com <Gr...@countrywide.com>
> wrote:
> > > > "Mikis" <ms...@dk.ibm.com> wrote on 03/09/2007 07:17:32 AM:
> > > >
> > > > >
> > > > > I have being struggling with problems regarding dependencies on
> > > > apparently
> > > > > released artifacts (not snapshots), which contain snapshot or
> faulty
> > > > > dependencies (maybe transitive). If the artifacts also define
> their own
> > > > > remote repositories, I'm unable to fix the problem by patching the
> > > > intranet
> > > > > or proxy repository, as this are circumvented .
> > > > >
> > > > > Is it possible to prevent Maven from downloading artifacts from
> Internet
> > > > > repositories using the intranet/proxy repository as the only
> remote
> > > > > repository? One way of doing this would be to define some kind of
> > > > repository
> > > > > whitelist defining the intranet repositories allowed. The offline
> line
> > > > > option is not quite what I need as this would prevent usage of the
> > > > intranet
> > > > > repositories.
> > > > >
> > > > > I fell I'm currently unable to guarantee my intranet Maven users
> that a
> > > > > fully version controlled dependency definition in the poms will
> ensure a
> > > > > fixed dependency tree (broken configuration management :-( ).
> > > >
> > > > I have not verified this, but I recall 2.0.5 was to have a new
> feature so
> > > > that in settings.xml you could specify a repository as a
> > > > <mirrorOf>*</mirrorOf> for just this sort of situation. Sorry I
> can't give
> > > > more specific advice, but that may head you down the right path.
> > > >
> > > > -Greg Vaughn
> > > >
> > > >
> ======================================================================
> > > > Confidentiality Notice: The information contained in and
> > transmitted with this communication is strictly confidential, is
> > intended only for the use of the intended recipient, and is the
> > property of Countrywide Financial Corporation or its affiliates and
> > subsidiaries. If you are not the intended recipient, you are hereby
> > notified that any use of the information contained in or transmitted
> > with the communication or dissemination, distribution, or copying of
> > this communication is strictly prohibited by law. If you have
> > received this communication in error, please immediately return this
> > communication to the sender and delete the original message and any
> > copy of it in your possession.
> > > >
> ======================================================================
> > > >
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
> > > For additional commands, e-mail: users-help@maven.apache.org
> > >
> > >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
> > For additional commands, e-mail: users-help@maven.apache.org
> >
> >
>
> ======================================================================
> Confidentiality Notice: The information contained in and transmitted with this communication is strictly confidential, is intended only for the use of the intended recipient, and is the property of Countrywide Financial Corporation or its affiliates and subsidiaries. If you are not the intended recipient, you are hereby notified that any use of the information contained in or transmitted with the communication or dissemination, distribution, or copying of this communication is strictly prohibited by law. If you have received this communication in error, please immediately return this communication to the sender and delete the original message and any copy of it in your possession.
> ======================================================================
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
For additional commands, e-mail: users-help@maven.apache.org
Re: Preventing transitive snapshot downloading
Posted by Gr...@Countrywide.Com.
Yes, this mailing list is where I heard of it. Perhaps searching the
archives would yield more info.
-Greg Vaughn
"Wayne Fay" <wa...@gmail.com> wrote on 03/09/2007 10:08:42 AM:
> The <mirrorOf>* is a new feature that we've discussed here on M-U and
> M-D a bit the last few months. But it seems like it has not been
> documented anywhere (!).
>
> I'll post an issue in JIRA about this. Thanks for the note, Tamás.
>
> Wayne
>
> On 3/9/07, Tamás Cservenák <t....@gmail.com> wrote:
> > What about some (possibly maven-aware) HTTP proxy? Something like DSMP
> > should be able to solve the problem, no?
> >
> > Greg, where did you find this about <mirrorOf>*</mirrorOf>?
> >
> > I did not find anything about it in release notes and Jira issues....
> >
> > ~t~
> >
> > On 3/9/07, Greg_Vaughn@countrywide.com <Gr...@countrywide.com>
wrote:
> > > "Mikis" <ms...@dk.ibm.com> wrote on 03/09/2007 07:17:32 AM:
> > >
> > > >
> > > > I have being struggling with problems regarding dependencies on
> > > apparently
> > > > released artifacts (not snapshots), which contain snapshot or
faulty
> > > > dependencies (maybe transitive). If the artifacts also define
their own
> > > > remote repositories, I'm unable to fix the problem by patching the
> > > intranet
> > > > or proxy repository, as this are circumvented .
> > > >
> > > > Is it possible to prevent Maven from downloading artifacts from
Internet
> > > > repositories using the intranet/proxy repository as the only
remote
> > > > repository? One way of doing this would be to define some kind of
> > > repository
> > > > whitelist defining the intranet repositories allowed. The offline
line
> > > > option is not quite what I need as this would prevent usage of the
> > > intranet
> > > > repositories.
> > > >
> > > > I fell I'm currently unable to guarantee my intranet Maven users
that a
> > > > fully version controlled dependency definition in the poms will
ensure a
> > > > fixed dependency tree (broken configuration management :-( ).
> > >
> > > I have not verified this, but I recall 2.0.5 was to have a new
feature so
> > > that in settings.xml you could specify a repository as a
> > > <mirrorOf>*</mirrorOf> for just this sort of situation. Sorry I
can't give
> > > more specific advice, but that may head you down the right path.
> > >
> > > -Greg Vaughn
> > >
> > >
======================================================================
> > > Confidentiality Notice: The information contained in and
> transmitted with this communication is strictly confidential, is
> intended only for the use of the intended recipient, and is the
> property of Countrywide Financial Corporation or its affiliates and
> subsidiaries. If you are not the intended recipient, you are hereby
> notified that any use of the information contained in or transmitted
> with the communication or dissemination, distribution, or copying of
> this communication is strictly prohibited by law. If you have
> received this communication in error, please immediately return this
> communication to the sender and delete the original message and any
> copy of it in your possession.
> > >
======================================================================
> > >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
> > For additional commands, e-mail: users-help@maven.apache.org
> >
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
> For additional commands, e-mail: users-help@maven.apache.org
>
>
======================================================================
Confidentiality Notice: The information contained in and transmitted with this communication is strictly confidential, is intended only for the use of the intended recipient, and is the property of Countrywide Financial Corporation or its affiliates and subsidiaries. If you are not the intended recipient, you are hereby notified that any use of the information contained in or transmitted with the communication or dissemination, distribution, or copying of this communication is strictly prohibited by law. If you have received this communication in error, please immediately return this communication to the sender and delete the original message and any copy of it in your possession.
======================================================================
Re: Preventing transitive snapshot downloading
Posted by Wayne Fay <wa...@gmail.com>.
The <mirrorOf>* is a new feature that we've discussed here on M-U and
M-D a bit the last few months. But it seems like it has not been
documented anywhere (!).
I'll post an issue in JIRA about this. Thanks for the note, Tamás.
Wayne
On 3/9/07, Tamás Cservenák <t....@gmail.com> wrote:
> What about some (possibly maven-aware) HTTP proxy? Something like DSMP
> should be able to solve the problem, no?
>
> Greg, where did you find this about <mirrorOf>*</mirrorOf>?
>
> I did not find anything about it in release notes and Jira issues....
>
> ~t~
>
> On 3/9/07, Greg_Vaughn@countrywide.com <Gr...@countrywide.com> wrote:
> > "Mikis" <ms...@dk.ibm.com> wrote on 03/09/2007 07:17:32 AM:
> >
> > >
> > > I have being struggling with problems regarding dependencies on
> > apparently
> > > released artifacts (not snapshots), which contain snapshot or faulty
> > > dependencies (maybe transitive). If the artifacts also define their own
> > > remote repositories, I'm unable to fix the problem by patching the
> > intranet
> > > or proxy repository, as this are circumvented .
> > >
> > > Is it possible to prevent Maven from downloading artifacts from Internet
> > > repositories using the intranet/proxy repository as the only remote
> > > repository? One way of doing this would be to define some kind of
> > repository
> > > whitelist defining the intranet repositories allowed. The offline line
> > > option is not quite what I need as this would prevent usage of the
> > intranet
> > > repositories.
> > >
> > > I fell I'm currently unable to guarantee my intranet Maven users that a
> > > fully version controlled dependency definition in the poms will ensure a
> > > fixed dependency tree (broken configuration management :-( ).
> >
> > I have not verified this, but I recall 2.0.5 was to have a new feature so
> > that in settings.xml you could specify a repository as a
> > <mirrorOf>*</mirrorOf> for just this sort of situation. Sorry I can't give
> > more specific advice, but that may head you down the right path.
> >
> > -Greg Vaughn
> >
> > ======================================================================
> > Confidentiality Notice: The information contained in and transmitted with this communication is strictly confidential, is intended only for the use of the intended recipient, and is the property of Countrywide Financial Corporation or its affiliates and subsidiaries. If you are not the intended recipient, you are hereby notified that any use of the information contained in or transmitted with the communication or dissemination, distribution, or copying of this communication is strictly prohibited by law. If you have received this communication in error, please immediately return this communication to the sender and delete the original message and any copy of it in your possession.
> > ======================================================================
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
> For additional commands, e-mail: users-help@maven.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
For additional commands, e-mail: users-help@maven.apache.org
Re: Preventing transitive snapshot downloading
Posted by Tamás Cservenák <t....@gmail.com>.
What about some (possibly maven-aware) HTTP proxy? Something like DSMP
should be able to solve the problem, no?
Greg, where did you find this about <mirrorOf>*</mirrorOf>?
I did not find anything about it in release notes and Jira issues....
~t~
On 3/9/07, Greg_Vaughn@countrywide.com <Gr...@countrywide.com> wrote:
> "Mikis" <ms...@dk.ibm.com> wrote on 03/09/2007 07:17:32 AM:
>
> >
> > I have being struggling with problems regarding dependencies on
> apparently
> > released artifacts (not snapshots), which contain snapshot or faulty
> > dependencies (maybe transitive). If the artifacts also define their own
> > remote repositories, I'm unable to fix the problem by patching the
> intranet
> > or proxy repository, as this are circumvented .
> >
> > Is it possible to prevent Maven from downloading artifacts from Internet
> > repositories using the intranet/proxy repository as the only remote
> > repository? One way of doing this would be to define some kind of
> repository
> > whitelist defining the intranet repositories allowed. The offline line
> > option is not quite what I need as this would prevent usage of the
> intranet
> > repositories.
> >
> > I fell I'm currently unable to guarantee my intranet Maven users that a
> > fully version controlled dependency definition in the poms will ensure a
> > fixed dependency tree (broken configuration management :-( ).
>
> I have not verified this, but I recall 2.0.5 was to have a new feature so
> that in settings.xml you could specify a repository as a
> <mirrorOf>*</mirrorOf> for just this sort of situation. Sorry I can't give
> more specific advice, but that may head you down the right path.
>
> -Greg Vaughn
>
> ======================================================================
> Confidentiality Notice: The information contained in and transmitted with this communication is strictly confidential, is intended only for the use of the intended recipient, and is the property of Countrywide Financial Corporation or its affiliates and subsidiaries. If you are not the intended recipient, you are hereby notified that any use of the information contained in or transmitted with the communication or dissemination, distribution, or copying of this communication is strictly prohibited by law. If you have received this communication in error, please immediately return this communication to the sender and delete the original message and any copy of it in your possession.
> ======================================================================
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
For additional commands, e-mail: users-help@maven.apache.org
Re: [m2] Preventing transitive snapshot downloading
Posted by Wayne Fay <wa...@gmail.com>.
A good point. Perhaps this * functionality needs some rework in 2.0.6? ;-)
Wayne
On 3/12/07, Tamás Cservenák <t....@gmail.com> wrote:
> This puzzles me too.... :)
>
> ~t~
>
> > By convention, snapshots and releases are in separate repositories.
> > So how is this going to work in practice? I don't have *one*
> > repository that can proxy all other repos.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
> For additional commands, e-mail: users-help@maven.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
For additional commands, e-mail: users-help@maven.apache.org
Re: [m2] Preventing transitive snapshot downloading
Posted by Tamás Cservenák <t....@gmail.com>.
This puzzles me too.... :)
~t~
> By convention, snapshots and releases are in separate repositories.
> So how is this going to work in practice? I don't have *one*
> repository that can proxy all other repos.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
For additional commands, e-mail: users-help@maven.apache.org
Re: [m2] Preventing transitive snapshot downloading
Posted by Mikis <ms...@dk.ibm.com>.
You can do this by configuring your proxy to retrieve artifacts from all your
repositories, both release, snapshot and others. You would still deploy to
the individual repos, but the proxy would act as 'single point of
retrieval'.
The problem then remains of how to achieve the occasional need to access
non-proxied repositories. For local usage of other repositories you can just
disable the wildcard mirrorOf.
When needing this functionality for general intranet usage, you could
manually download and install the required artifacts (this could be a
repository dedicated for this purpose). This would ensure the proxies
repository 'whitelist' wasen't hacked to allow for the occasional artifact
experiments.
Wendy Smoak-3 wrote:
>
> On 3/10/07, Mikis <ms...@dk.ibm.com> wrote:
>>
>> Thanks, the global <mirrorOf>*</mirrorOf> is exactly the bullet-proof
>> internet decoupling mechanisme I was looking for :-)
>
> From the docs, "The repository must contain all of the desired
> artifacts, or be able to proxy the requests to other repositories."
>
> By convention, snapshots and releases are in separate repositories.
> So how is this going to work in practice? I don't have *one*
> repository that can proxy all other repos.
>
> --
> Wendy
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
> For additional commands, e-mail: users-help@maven.apache.org
>
>
>
--
View this message in context: http://www.nabble.com/Preventing-transitive-snapshot-downloading-tf3375610s177.html#a9449869
Sent from the Maven - Users mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
For additional commands, e-mail: users-help@maven.apache.org
Re: [m2] Preventing transitive snapshot downloading
Posted by Wendy Smoak <ws...@gmail.com>.
On 3/10/07, Mikis <ms...@dk.ibm.com> wrote:
>
> Thanks, the global <mirrorOf>*</mirrorOf> is exactly the bullet-proof
> internet decoupling mechanisme I was looking for :-)
>From the docs, "The repository must contain all of the desired
artifacts, or be able to proxy the requests to other repositories."
By convention, snapshots and releases are in separate repositories.
So how is this going to work in practice? I don't have *one*
repository that can proxy all other repos.
--
Wendy
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
For additional commands, e-mail: users-help@maven.apache.org
Re: [m2] Preventing transitive snapshot downloading
Posted by Mikis <ms...@dk.ibm.com>.
Thanks, the global <mirrorOf>*</mirrorOf> is exactly the bullet-proof
internet decoupling mechanisme I was looking for :-)
Greg_Vaughn wrote:
>
> "Mikis" <ms...@dk.ibm.com> wrote on 03/09/2007 07:17:32 AM:
>
>>
>> I have being struggling with problems regarding dependencies on
> apparently
>> released artifacts (not snapshots), which contain snapshot or faulty
>> dependencies (maybe transitive). If the artifacts also define their own
>> remote repositories, I'm unable to fix the problem by patching the
> intranet
>> or proxy repository, as this are circumvented .
>>
>> Is it possible to prevent Maven from downloading artifacts from Internet
>> repositories using the intranet/proxy repository as the only remote
>> repository? One way of doing this would be to define some kind of
> repository
>> whitelist defining the intranet repositories allowed. The offline line
>> option is not quite what I need as this would prevent usage of the
> intranet
>> repositories.
>>
>> I fell I'm currently unable to guarantee my intranet Maven users that a
>> fully version controlled dependency definition in the poms will ensure a
>> fixed dependency tree (broken configuration management :-( ).
>
> I have not verified this, but I recall 2.0.5 was to have a new feature so
> that in settings.xml you could specify a repository as a
> <mirrorOf>*</mirrorOf> for just this sort of situation. Sorry I can't give
> more specific advice, but that may head you down the right path.
>
> -Greg Vaughn
>
> ======================================================================
> Confidentiality Notice: The information contained in and transmitted with
> this communication is strictly confidential, is intended only for the use
> of the intended recipient, and is the property of Countrywide Financial
> Corporation or its affiliates and subsidiaries. If you are not the
> intended recipient, you are hereby notified that any use of the
> information contained in or transmitted with the communication or
> dissemination, distribution, or copying of this communication is strictly
> prohibited by law. If you have received this communication in error,
> please immediately return this communication to the sender and delete the
> original message and any copy of it in your possession.
> ======================================================================
>
>
--
View this message in context: http://www.nabble.com/Preventing-transitive-snapshot-downloading-tf3375610s177.html#a9414232
Sent from the Maven - Users mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
For additional commands, e-mail: users-help@maven.apache.org
Re: Preventing transitive snapshot downloading
Posted by Gr...@Countrywide.Com.
"Mikis" <ms...@dk.ibm.com> wrote on 03/09/2007 07:17:32 AM:
>
> I have being struggling with problems regarding dependencies on
apparently
> released artifacts (not snapshots), which contain snapshot or faulty
> dependencies (maybe transitive). If the artifacts also define their own
> remote repositories, I'm unable to fix the problem by patching the
intranet
> or proxy repository, as this are circumvented .
>
> Is it possible to prevent Maven from downloading artifacts from Internet
> repositories using the intranet/proxy repository as the only remote
> repository? One way of doing this would be to define some kind of
repository
> whitelist defining the intranet repositories allowed. The offline line
> option is not quite what I need as this would prevent usage of the
intranet
> repositories.
>
> I fell I'm currently unable to guarantee my intranet Maven users that a
> fully version controlled dependency definition in the poms will ensure a
> fixed dependency tree (broken configuration management :-( ).
I have not verified this, but I recall 2.0.5 was to have a new feature so
that in settings.xml you could specify a repository as a
<mirrorOf>*</mirrorOf> for just this sort of situation. Sorry I can't give
more specific advice, but that may head you down the right path.
-Greg Vaughn
======================================================================
Confidentiality Notice: The information contained in and transmitted with this communication is strictly confidential, is intended only for the use of the intended recipient, and is the property of Countrywide Financial Corporation or its affiliates and subsidiaries. If you are not the intended recipient, you are hereby notified that any use of the information contained in or transmitted with the communication or dissemination, distribution, or copying of this communication is strictly prohibited by law. If you have received this communication in error, please immediately return this communication to the sender and delete the original message and any copy of it in your possession.
======================================================================