Publishing a public artifact but with private sources

[Valerio Angelini <an...@imaa.cnr.it>]

Hello list,

i have an Archiva setup (1.0.2) with two repositories: one is of public
domain (A) and one is a private repository (B).

Now i have the need to deploy some artifacts that are public in binary form
(jar) but their source should be accessible only for authorized users.

I tried to make a double deploy of the same artifact: a partial deploy on
repo A (jar + javadoc) and a full deploy on repo B (jar + javadoc + source).

This solution works well for the use with maven, unauthorized users can
download only jar and authorizer one can download all, but this is not
compatible with the archiva web interface:
- guest users see the souce jar listed (wrong) and cannot download it
(right)
- auth users see the source jar listed (right) and cannot dowload it (wrong)
because the link is wrong (it links to the public repository)
- sometimes the guest user does not see at all the deployed artifact

Shoud I try to deploy only jar + javadoc in the repo A and only sources in
repo B ? Will this work?

Is there a better solution to handle this use case?

Regards

Valerio
-- 
View this message in context: http://www.nabble.com/Publishing-a-public-artifact-but-with-private-sources-tp18510912p18510912.html
Sent from the archiva-users mailing list archive at Nabble.com.

Re: Publishing a public artifact but with private sources

[Brett Porter <br...@gmail.com>]

2008/7/19 Valerio Angelini <an...@imaa.cnr.it>:
>
>
> Brett Porter wrote:
>>
>> It's a stretch but what might work is this:
>> - deploy only to the private repo
>> - set up a connector between your public and private repo, and set the
>> whitelist to **/*.jar
>>
>
> 1) To setup a connector between public and private repo, should I add my
> private repo as an external repo and then setup a connector? In this case am
> I proxying my own repo?

That's right.

>
> 2) I haven't tryed by now, but could this solution rise the same issues of
> the double deploy? Because even in this case there is a single artifact
> published in two different repositories.

Some of the UI issues might still be present but it should achieve
what you need from the webdav end.

It is a bit of a workaround though - I'd still encourage you to report
the original issues and help us work through them for future versions.

Cheers,
Brett

>
> Valerio
> --
> View this message in context: http://www.nabble.com/Publishing-a-public-artifact-but-with-private-sources-tp18510912p18530604.html
> Sent from the archiva-users mailing list archive at Nabble.com.
>
>



-- 
Brett Porter
Blog: http://blogs.exist.com/bporter/

Re: Publishing a public artifact but with private sources

[Valerio Angelini <an...@imaa.cnr.it>]

Brett Porter wrote:
> 
> It's a stretch but what might work is this:
> - deploy only to the private repo
> - set up a connector between your public and private repo, and set the
> whitelist to **/*.jar
> 

1) To setup a connector between public and private repo, should I add my
private repo as an external repo and then setup a connector? In this case am
I proxying my own repo?

2) I haven't tryed by now, but could this solution rise the same issues of
the double deploy? Because even in this case there is a single artifact
published in two different repositories.

Valerio
-- 
View this message in context: http://www.nabble.com/Publishing-a-public-artifact-but-with-private-sources-tp18510912p18530604.html
Sent from the archiva-users mailing list archive at Nabble.com.

Re: Publishing a public artifact but with private sources

[Valerio Angelini <an...@imaa.cnr.it>]

Brett Porter wrote:
> 
> 
> It's a stretch but what might work is this:
> - deploy only to the private repo
> - set up a connector between your public and private repo, and set the
> whitelist to **/*.jar
> 
> Does that make sense?
> 
> 

Thank you for the suggestion. I'll try this configuration.

Valerio
-- 
View this message in context: http://www.nabble.com/Publishing-a-public-artifact-but-with-private-sources-tp18510912p18525362.html
Sent from the archiva-users mailing list archive at Nabble.com.

Re: Publishing a public artifact but with private sources

[Brett Porter <br...@gmail.com>]

Archiva currently keys everything on the POM and considers all
derivatives to be associated with the same artifact, so it doesn't
handle scenarios where derivatives reside in different repositories to
the rest of the POM. This would be a worthwhile feature request - in
addition to the one that already exists for allowing some finer
grained security on artifacts.

It's a stretch but what might work is this:
- deploy only to the private repo
- set up a connector between your public and private repo, and set the
whitelist to **/*.jar

Does that make sense?

2008/7/18 Valerio Angelini <an...@imaa.cnr.it>:
>
> Hello list,
>
> i have an Archiva setup (1.0.2) with two repositories: one is of public
> domain (A) and one is a private repository (B).
>
> Now i have the need to deploy some artifacts that are public in binary form
> (jar) but their source should be accessible only for authorized users.
>
> I tried to make a double deploy of the same artifact: a partial deploy on
> repo A (jar + javadoc) and a full deploy on repo B (jar + javadoc + source).
>
> This solution works well for the use with maven, unauthorized users can
> download only jar and authorizer one can download all, but this is not
> compatible with the archiva web interface:
> - guest users see the souce jar listed (wrong) and cannot download it
> (right)
> - auth users see the source jar listed (right) and cannot dowload it (wrong)
> because the link is wrong (it links to the public repository)
> - sometimes the guest user does not see at all the deployed artifact
>
> Shoud I try to deploy only jar + javadoc in the repo A and only sources in
> repo B ? Will this work?
>
> Is there a better solution to handle this use case?
>
> Regards
>
> Valerio
> --
> View this message in context: http://www.nabble.com/Publishing-a-public-artifact-but-with-private-sources-tp18510912p18510912.html
> Sent from the archiva-users mailing list archive at Nabble.com.
>
>



-- 
Brett Porter
Blog: http://blogs.exist.com/bporter/