Return-Path: Delivered-To: apmail-ant-ivy-user-archive@www.apache.org Received: (qmail 3175 invoked from network); 15 Apr 2009 17:17:16 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 15 Apr 2009 17:17:16 -0000 Received: (qmail 38528 invoked by uid 500); 15 Apr 2009 17:17:15 -0000 Delivered-To: apmail-ant-ivy-user-archive@ant.apache.org Received: (qmail 38445 invoked by uid 500); 15 Apr 2009 17:17:15 -0000 Mailing-List: contact ivy-user-help@ant.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: ivy-user@ant.apache.org Delivered-To: mailing list ivy-user@ant.apache.org Received: (qmail 38434 invoked by uid 99); 15 Apr 2009 17:17:15 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 15 Apr 2009 17:17:15 +0000 X-ASF-Spam-Status: No, hits=2.2 required=10.0 tests=HTML_MESSAGE,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of ray.racine@gmail.com designates 74.125.44.158 as permitted sender) Received: from [74.125.44.158] (HELO yx-out-1718.google.com) (74.125.44.158) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 15 Apr 2009 17:17:08 +0000 Received: by yx-out-1718.google.com with SMTP id 34so2370154yxf.70 for ; Wed, 15 Apr 2009 10:16:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:date:message-id:subject :from:to:content-type; bh=LpFhKAqZQjBuhLeosHhvYKhwcoALl4/LlZAOPAaAUnI=; b=s6TNSDyUQ6flwzP804rj/PbNcRuKDGAhmftcVYL2xib6PLtFzDSAJMSO5FgW1/nBne D8SoJ+qqoJafb2VKJjaA86vTh8yRK6YrlMEJWmyADxEmJoI8W1OiEjkRDMF2Q8oqNg7v RmWE1EITZ3/LuSFjkycO9YadIlUuhBsYdmoHk= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=hR7sxSJeJzgKjeSb9858dvwN0MjFsn3v2rlAL+VsCrk2Ds/z/BTgVV9R+t4r6j7ER8 C8z2u7BP05YVP98+lXtXBmLKo8V9trmWqm9m2XAjFBK+mxzBvhSP+vd+gEKfMqapwfD1 LE77oDNItA6TCymGv0ZaR9qEQ5xumwQ2nTUqE= MIME-Version: 1.0 Received: by 10.90.94.12 with SMTP id r12mr509611agb.35.1239815807616; Wed, 15 Apr 2009 10:16:47 -0700 (PDT) Date: Wed, 15 Apr 2009 13:16:47 -0400 Message-ID: Subject: Professional Repository - Artifact Verification From: Ray Racine To: ivy-user@ant.apache.org Content-Type: multipart/alternative; boundary=00163630f4e9ccc5b504679b1c22 X-Virus-Checked: Checked by ClamAV on apache.org --00163630f4e9ccc5b504679b1c22 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Trying to understand the Ivy way of setting up internal/shared/professional/enterprise repositories. I've looked through the Best Practices, examples etc. and the one thing I keep looking for is the verification aspect. Its one of those things "you know it has to be there somewhere" but I can't find it. Let's say I want to create an internal repository and as part of the process verify the jars using PGP, MD5 or SHA-1 sigs. Is this something supported by Ivy or are there other Ant tasks and scripts everyone is using that support this? Right now the best I can come up with would be something like this. - Create a local Stage Repository and populate it from public (Maven et al) repos via an Ant script with itemized Install tasks for each artifact. - Manually obtain sigs or keys from a non-mirror and verify a jar one-by-one. - Use another Ant script to move via an Install task a verified jar into MyEnterpriseRepo. - Then to avoid all this manual work, start building a tedious set of Ant scripts to fetch KEYS etc via fetch tasks and verify all Stage Repo. artifacts etc... What I've been searching for is some settings capability where for each artifact I can tell Ivy the expect PGP or SHA-1 and avoid the Stage Repository, in other words, Ivy will refuse to install an artifact info MyEnterpriseRepo which fails to verify. How is everyone dealing with the verification aspect?? Thanks, Ray --00163630f4e9ccc5b504679b1c22--