So I know that Sonatype have or had a feature in nexus that let you approve what dependencies could be consumed by developers from its hosted Maven repo. If you used that you could then replicate the nexus storage back-end to the offline network via sneaker-net (or better a dmz that only has access to the developer nexus)
Unclear if jfrog have a competitive feature On Thu 7 Nov 2019 at 23:22, Sean Horan <combus...@gmail.com> wrote: > Hi all, > > I am tasked with ensuring that the Maven build process of a large > government/enterprise-class system does not reach out to the Internet. Our > Jenkins server's local maven repository has 10,000 POMs. There are many > individual builds that are specific to our product and what we customize > for government clients. > > I have a lot of devops experience but practically no experience with Maven > and Java beyond struggling to set this up. > > We are using Artifactory and I'm not sure whether a generic or > Maven-specific repository is suitable for this project. > > As I'm trying to understand it, I am using curl in a find/curl loop adapted > from > > https://github.com/jfrog/project-examples/blob/master/bash-example/deploy-folder-by-checksum.sh > > to traverse the ~/.m2/repository on our existing Jenkins server and HTTP > PUT it over to Artifactory. This script would be hardened and sent to > internal customers to sync as part of the development process. > > The problem I am seeing is that the build process is looking for > maven-metadata.xml which does not exist on our server. We do have > -companyname and -central XML files for eg, the maven-source-plugin that > are slightly different. > > I have the sense that my approach to this is off and I'm in over my head so > I could use some help. > > Any pointers in the right direction would be more than welcome. > > We are using Maven 3.3.9 and JDK8 on Centos 7 and cannot upgrade at this > time. > > Sean Horan > -- Sent from my phone
