Re: download artefacts from managed repositories

[Arnaud HERITIER <ah...@gmail.com>]

I have the same problem.
Did you open an issue ?

arnaud

On 10/26/06, Ryan, Scott D <sc...@alservices.com> wrote:
>
> I will give the line 187 thing a shot and see how it works although with
> the latest build it seems to be working again and all repositories are
> accessed via the proxy. This has shown me that I really need some way to
> control what is accessed via the proxy and the order so it looks like I
> have to make all my accesses via a repoid.  I have not had any luck with
> the repoid but let me try again.  I want to avoid getting artifacts from
> the wrong repo.
>
> We actually package our ears with different build plans and properties
> for different environments so we actually need to keep copies of the
> artifacts for the various environments.  Also for different environments
> various people have access to different repositories.  For example dev
> cannot access the Qa, stage, or prod artifacts.  Other groups can see
> some and not others.
>
> In reviewing the security overview that was implemented it seemed to
> indicate there might be a way to secure repositories from update based
> on the framework.  I would think this would require you to do
> deployments via the archiva url.  Maybe this is coming in the future.
>
> Any way lets keep up this discussion and it will ferret out some of the
> needs for the offering and we can document a complex enterprise usecase
> for others to benefit from.  I will make the fix and see how it works
> then I can clarify my actual final implementation of repositories.
>
> Another thing I am struggling with is how to separate the artifacts
> during the build phase.  In maven 1 I used a property to dynamically
> change the local repo based on the build profile.  For example for dev
> builds I used c:mavenrepodev and for stage c:mavenrepostage.  Since
> maven 2 does not allow you to do much with properties inside the pom I
> can't seem to find a solution.  I tried using the group id and changing
> it based on a property but that is not working.  For example if my group
> id was Scott I might use dev.scott for dev and qa.scott for qa etc.  I
> am still trying to find a way to separate the artifacts based on build
> environment.  It is pretty easy to change the remote repositories based
> on a profile however I cannot figure out how to change the local
> repository or the artifact name to insure I am always using consistent
> artifacts.  For example if artifact 1 relies on artifact 2 I want to
> make sure when I build for dev I get the two artifacts that were built
> with the dev profile and qa etc.
>
> This discussion is useful and I look forward to more information coming
> onto this list and getting more of the functionality worked out and some
> best practices documented.
>
> So to clarify my current repo layout I have the following repos:
>
> Oss - proxied to the maven repos
> Snapshot oss - proxied to maven snapshot repos
> Internal - Internally developed libraries that are not built by our
> group
> Licensed - Licensed software jars
> OtherOss - jars not available via proxy like jta and mail
> Dev - dev artifacts that we build from our source
> Qa - qa artifacts that we build from our source
> Stage - stage artifacts that we build from our source
> Prod - production artifacts we build from our source
>
>
> I will probabaly create a snapshot repo to use for our continuum and
> cruise control builds so I can delete artifacts and manage the size.
> That is a good I idea I had not thought of that you suggest.
>
> I am still struggling with the checksum issue when downloading up to 30%
> of my artifacts from the proxy.
>
> Another issue I am seeing is that many of my artifacts are not being
> indexed.  I wonder if this is because not all the related artifacts are
> stored in the archiva repository due to the checksum issue or just do to
> the checksum issue itself.  I will look in to the logs more to see what
> is going on.
>
> Thanks for the dialog!!
>
> Scott D. Ryan
> Senior Java Developer/Architect
>
> -----Original Message-----
> From: Mohni, Daniel [mailto:daniel.mohni@ch.unisys.com]
> Sent: Thursday, October 26, 2006 12:00 AM
> To: archiva-users@maven.apache.org
> Subject: RE: download artefacts from managed repositories
>
> Hi Scott
>
> Answers inline...
>
> > I am having a similar issue.  I have defined several managed
> > repositories but the only ones that are consulted for artifacts are
> > those that have proxies defined.  I got around that by creating dummy
> > managed repositories and proxying them out to the real ones but that
> > is not a very secure solution.
>
> if you remove line 187 of the 'DefaultProxyManager' you can access all
> managed repositories without the use of dummies.
> This was the way it was handled a few revisions earlier...
>
> -> the download button on the web-app will not work anymore,
>    but this only works if you have only 1 repository...
>
> > Here are some questions that I would love to understand when setting
> > up my repos.
> >
> >
> > Can I push artifacts to specific managed repositories via the proxy
> > url.
> > (ie. http://localhost:8080/archiva/proxy/<repoId>/)
>
> As far as I know you currently can not publish tru archiva
>
> > Can I download artifacts from only certain repositories if desired
> > (ie.
> > http://localhost:8080/archiva/proxy/<repoId>/)
>
> Yes
>
> >
> > Can I access specific repositories by name rather than all of them.
> >       For example I have a repository that I push artifacts to for
> dev, qa,
> > stage and prod.  When I build I want to only upload and download to
> > those repositories and some of my open source repos.  This allows me
> > to build using profiles for all of my environments without risk of
> > intermixing artifacts from different environments.
>
> You defenitly can do this, this implies that the proxy url shoud stay
> different for any repo.
>
>
> > It would really help to clarify a set of use cases for how to set up a
>
> > group of proxied and managed repositories for a complex enterprise.
> > Once I understand how this all works I am more than happy to write a
> > section for inclusion in the user guide.
>
> I currently have setup 6 repositories
>
> -> Maven_Release  (proxy to iBiblio and the sun legacy maven repo)
> -> Maven_Snapshot (proxied to apache snapshot lib)
>
> -> Internal_Release
> -> Internal_Snapshot
>         this repository is populated by continuum with internal
>         snapshot builds...
> -> thirdParty_Release
>         this are not public jar's in release state (commercial)
> -> thirdParty_Snapshot
>         this is were the unstable non public jars go (commercial)
>
> now when I read your post, i should maybe also have a Milestone repo or
> even one for pre-integration builds.
>
> btw. my idea to build milestones is tho have a separte build project
> only containing the artifact pom with the correct dependencies...
>
> what do you think about this ?
>
> Regarding my earlier post:
>
> I checked some more code and saw, that the indexer already uses the
> repo_id.
> currently org.apache.maven.model.Model to represent the artefacts, and
> this model doesn't care about repositories and therefore you can not
> access the repoId from the model.
>
> -> one solution is to update the model with a repoId or
>    make an ArchivaModel with the repoId.
>
> i can have a look at this if one of the lead developers can give me a
> hint in what subproject, package the new classes
> - ArchivaModel extends org.apache.maven.model.Model
> - ArchivaProject extends org.apache.maven.project.MavenProject
> - ArchivaProjectBuilder extends
> org.apache.maven.project.MavenProjectBuilder
> should go.
>
> is this the correct way to go further ????
>
> Any comments on this ?
>
> - Daniel
>
> > -----Original Message-----
> > From: Mohni, Daniel [mailto:daniel.mohni@ch.unisys.com]
> > Sent: Tuesday, October 24, 2006 9:42 AM
> > To: archiva-users@maven.apache.org
> > Subject: download artefacts from managed repositories
> >
> > Hello
> >
> > I was checking the daily build for archiva today and I configured
> > 2 repositories, one proxied to ibiblio and one without proxy.
> >
> > Browsing the repository I can only download artefacts from proxied
> > repositories. Artefacts in managed repositories are not handled.
> >
> > I checked the code and found the problem in
> >
> > DefaultProxyManager.getProxyGroups()
> >
> > Only Proxied Repositories are added to the group, and therefore only
> > managed repositories will be searched for a requested artefact.
> >
> > If I comment line 178
> >
> > // if ( !proxiedRepositories.isEmpty() )
> >
> > then I can only download artefacts when I add the repoId in the url
> > for the download
> >
> > http://localhost:8080/archiva/proxy/<repoId>/...
> >
> > now all artefacts are accessible...
> >
> > Is this the way it should work, or should this be changed ?
> >
> > if only 1 proxied repository is defined, then the downloads will work,
>
> > because it is hendled like the default repo (Line 187-190).
> >
> > -> as soon as you have more than on proxied repository (release,
> > snapshot)
> >    you will get problems.
> >
> > If the indexer would add the repository_id to the model, the url could
>
> > be modified to contain the repo_id
> >
> > now, I can have a closer look, if this is the way to go...
> >
> > - Daniel
> >
> >
> >
> > --------------------------------------------------------------
> > ----------------
> > This message is intended only for the personal and confidential use of
>
> > the designated recipient(s) named. If you are not the intended
> > recipient of this message, you are hereby notified that any review,
> > dissemination, distribution or copying of this message is strictly
> > prohibited. This communication is for information purposes only and
> > should not be regarded as an offer to sell or as a solicitation of an
> > offer to buy any financial product, an official confirmation of any
> > transaction, or as an official statement of Aurora Loan Services.
> > Email transmission cannot be guaranteed to be secure or error-free.
> > Therefore, we do not represent that this information is complete or
> > accurate and it should not be relied upon as such. All information is
> > subject to change without notice.
> >
> >
>
>
>
>
> ------------------------------------------------------------------------------
> This message is intended only for the personal and confidential use of the
> designated recipient(s) named. If you are not the intended recipient of this
> message, you are hereby notified that any review, dissemination,
> distribution or copying of this message is strictly prohibited. This
> communication is for information purposes only and should not be regarded as
> an offer to sell or as a solicitation of an offer to buy any financial
> product, an official confirmation of any transaction, or as an official
> statement of Aurora Loan Services. Email transmission cannot be guaranteed
> to be secure or error-free. Therefore, we do not represent that this
> information is complete or accurate and it should not be relied upon as
> such. All information is subject to change without notice.
>
>