1) Connect to the Internet,
2) Set up your repo to point to the external repos that you trust.
3) Load your repo by doing builds that you do not install or deploy.
4) Upload the 3rd party libraries that are not available from public
Maven Repos - software with license restrictions
5) Disconnect from the internet
6) Delete any libraries that you want to disallow - can't imagine what
these would be since you did put them in a POM for a reason.
7) Fix the poms that call up disallowed libraries to use different
libraries.
8) Start building
We have done other things to restrict the libraries that users use. I
have bored people to death here describing this approach so you can
likely find it in the archives.
Ron
On 18/05/2011 5:36 PM, Heck, Gus (Patrick) wrote:
Hi Brian,
I think you missed the entire point of the exercise. The point is to NOT allow
it to pull from outside sources, as a proxy or not. The intent is to load it up
manually and never ever let it fetch serve any dependency or plugin I haven't
personally uploaded, and intentionally provided for use. This relates to a
coming set of network access restrictions as well as overseas developers not
accidentally downloading export controlled, or locally illegal software.
Also, you will note that I am currently working with artifactory.
-Gus
-----Original Message-----
From: Brian Fox [mailto:bri...@infinity.nu]
Sent: Wednesday, May 18, 2011 5:26 PM
To: Maven Users List
Subject: Re: Bootstraping a repository manager
You don't need to bootsrap it, just setup a repo like Nexus and let it
proxy on demand the things you need. In that case a bootstrap might
simply mean run all our builds and/or run mvn dependency:go-offline to
resolve everything you need.
On Wed, May 18, 2011 at 5:21 PM, Heck, Gus (Patrick)
<gus.h...@aspentech.com> wrote:
Hi Folks,
The list archives return hundreds or thousands of not very relevant
results when I search them, so this may have been answered, but I can't
find it. In any case, I'm also somewhat new to maven so I'm possibly
asking silly questions for that reason too. In either case I apologize
in advance...
I've got a project, that is derived from another project that was set up
with maven (else, I'd probably still be using ant). In our company, our
policies make it very important that I know exactly what is going into
the project, so I can't just let maven go slurping things up from
anywhere it feels like on the web. To this end, I'm testing out the free
version of artifactory, which looks like a nice solution to that
problem. I've managed to get my maven pointed at artifactory, and wiped
out my local repository. I also deleted artifactory's references to the
outside world. Now my builds complain that I can't find stuff, and the
messages are clearly looking at my artifactory. Perfect so far.
However, as pleased as I am to have broken my build, now I need to get
it going again :-). My first challenge seems to be getting the basic
maven plugins into the repository. I can't seem to find a place to
download something that I can upload directly to artifactory, so I tried
to start with the first plugin that was failing, and build that and see
if mvn deploy would deploy it to artifactory. (First, question... is
that a reasonable idea?)
Unfortunately, as soon as I did
svn checkout
http://svn.apache.org/repos/asf/maven/plugins/tags/maven-clean-plugin-2.
4.1 maven-clean-plugin
cd maven-clean-plugin
mvn deploy
I got
[INFO] Scanning for projects...
Downloading:
http://heckp2.corp.aspentech.com:8080/artifactory/libs-release/org/apach
e/maven/plugins/maven-plugins/18/maven-plugins-18.pom
Downloading:
http://heckp2.corp.aspentech.com:8080/artifactory/libs-snapshot/org/apac
he/maven/plugins/maven-plugins/18/maven-plugins-18.pom
[ERROR] The build could not read 1 project -> [Help 1]
[ERROR]
[ERROR] The project org.apache.maven.plugins:maven-clean-plugin:2.4.1
(C:\cygwin\home\gus\maven\plugins\maven-clean-plugin\pom.xml) has 1
error
[ERROR] Non-resolvable parent POM: Could not find artifact
org.apache.maven.plugins:maven-plugins:pom:18 in central
(http://heckp2.corp.aspentech.com:8080/artifactory/libs-release) and
'parent.relativePath' points at wrong local POM @ line 25, column 11 ->
[Help 2]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the
-e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions,
please read the following articles:
[ERROR] [Help 1]
http://cwiki.apache.org/confluence/display/MAVEN/ProjectBuildingExceptio
n
[ERROR] [Help 2]
http://cwiki.apache.org/confluence/display/MAVEN/UnresolvableModelExcept
ion
bash-4.1$
So I went and looked at the subversion repository and I found
maven-plugins-18, but when I tried to build that I got..
[INFO] Scanning for projects...
Downloading:
http://heckp2.corp.aspentech.com:8080/artifactory/libs-release/org/apach
e/maven/maven-parent/16/maven-parent-16.pom
Downloading:
http://heckp2.corp.aspentech.com:8080/artifactory/libs-snapshot/org/apac
he/maven/maven-parent/16/maven-parent-16.pom
[ERROR] The build could not read 1 project -> [Help 1]
[ERROR]
[ERROR] The project org.apache.maven.plugins:maven-plugins:18
(C:\cygwin\home\gus\maven\plugins\maven-plugins\pom.xml) has 1 error
[ERROR] Non-resolvable parent POM: Could not find artifact
org.apache.maven:maven-parent:pom:16 in central
(http://heckp2.corp.aspentech.com:8080/artifactory/libs-release) and
'parent.relativePath' points at wrong local POM @ line 23, column 11 ->
[Help 2]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the
-e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions,
please read the following articles:
[ERROR] [Help 1]
http://cwiki.apache.org/confluence/display/MAVEN/ProjectBuildingExceptio
n
[ERROR] [Help 2]
http://cwiki.apache.org/confluence/display/MAVEN/UnresolvableModelExcept
ion
When I look in subversion, I don't see a maven-parent...
So, now I don't see any clear path to walk up to wherever the root of
this is...
What is the best way to get fresh clean maven plugins for installation
into a repository manager without allowing it to just go download
whatever it wants from the web?
-Gus
This e-mail and any attachments are intended only for use by the
addressee(s) named herein and may contain legally privileged and/or
confidential information. If you are not the intended recipient of
this e-mail, you are hereby notified any dissemination,
distribution or copying of this email, and any attachments thereto,
is strictly prohibited. If you receive this email in error please
immediately notify the sender and permanently delete the original
copy and any copy of any e-mail, and any printout thereof.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@maven.apache.org
For additional commands, e-mail: users-h...@maven.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@maven.apache.org
For additional commands, e-mail: users-h...@maven.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@maven.apache.org
For additional commands, e-mail: users-h...@maven.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@maven.apache.org
For additional commands, e-mail: users-h...@maven.apache.org
