ant-ivy-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Geoff Clitheroe <>
Subject Re: IVY design opinion
Date Wed, 06 Apr 2011 20:35:38 GMT
Ivy can generate poms, search for ivy-generate-pom in

FWIW we use Apache Archiva e.g.,

I've also rolled it myself with httpd. Either works just fine.
Archiva has some nicer functionality (search etc).


On Thu, Apr 7, 2011 at 8:22 AM, James Carr <> wrote:
> It's possible to produce pom files as part of your build system. I know gradle has a
plugin for it (apply plugin:'maven') and I'm sure ant will let you do the same thing through
a custom task or something.
> Thanks,
> james
> ________________________________________
> From: Matt Benson []
> Sent: Wednesday, April 06, 2011 4:16 PM
> To:
> Subject: Re: IVY design opinion
> On Wed, Apr 6, 2011 at 2:32 PM, Shawn Castrianni
> <> wrote:
>> I see a lot of Maven stuff with Nexus, but no mention of IVY.  Artifactory does
mention IVY.  Does Nexus have any support for IVY directly?
> Not directly, no.  But it works with Ivy as any other m2 repo.
> Matt
>> ---
>> Shawn Castrianni
>> -----Original Message-----
>> From: Matt Benson []
>> Sent: Wednesday, April 06, 2011 2:03 PM
>> To:
>> Subject: Re: IVY design opinion
>> On Wed, Apr 6, 2011 at 1:53 PM, Shawn Castrianni <>
>>> Kirby and Archie have similar suggestions to using an http resolver with authentication.
 I will look into that.
>>> What does everyone think about Artifactory?  It seems like it might also solve
the problem but also bring other cool features too?
>> I've not used Artifactory, but you should be able to get at least logging info out
of Sonatype Nexus OSS, possible more, or look into their Professional product.
>> $0.02
>> Matt
>>> ---
>>> Shawn Castrianni
>>> -----Original Message-----
>>> From: Kirby Files []
>>> Sent: Wednesday, April 06, 2011 1:44 PM
>>> To:
>>> Cc: Shawn Castrianni
>>> Subject: Re: IVY design opinion
>>> Do you have an objection to using an http resolver or ftp resolver?
>>> Both of these could be used with authentication, supplying ant in a
property. Not sure if you require actual secure authentication, or just username.
>>> Either of these resolvers could also share the same filesystem with your private
filesystem resolver, which could be restricted to be used only on build systems. Both the
web server and ftp server would give you a good audit trail. You can use either a URL resolver
or VFS resolver to access HTTP and FTP.
>>> Thanks,
>>> ---
>>> Kirby Files
>>> Software Engineer
>>> Masergy Communications
>>> Shawn Castrianni wrote on 04/06/2011 02:07 PM:
>>>> I have been using IVY for 3 years now and love it.  I use the filesystem
resolver to get dependencies that I publish from my own builds and the svn resolver to get
thirdparty dependencies that I have downloaded from the internet and manually checked in.
 My company wants to be very strict on thirdparty dependencies so that is why we get them
from a controlled SVN repository and not straight from the Internet using ibiblio or whatever.
>>>> Anyway, I was recently given a new requirement.  I must track and trace
all dependency downloads within the company so that I can produce an audit log when asked
any time in the future.  This audit log would contain the date/time and artifacts downloaded
by a given user.
>>>> I have been thinking on how to implement this and here are my thoughts:
>>>> 1.       Turn off read access on the filer server where the filesystem
resolver is getting dependencies from so no one can bypass the auditing and grab artifacts
directly.  Setup a special user with read credentials to the file server that only the ANT/IVY
scripts know about.  Add custom ANT code to my master build script so that it captures the
ivy resolve/retrieve log and sends it to some audit log storage server anytime a user runs
the dependency command.
>>>> 2.       Move all of my published artifacts currently on the file server
to SVN (similar to the thirdparty SVN repo described above).  Change my filesystem resolver
to an SVN resolver.  Then any user running the dependency command will be pulling artifacts
from SVN.  I can then just use the SVN server logs as an audit trail.  However, I worry
about using SVN for hundreds of Gigabytes of data as an IVY dependency artifact repository.
 We produce about 4GB of data per day.  Imagine how big the SVN repo would get after a year.
 With the current file server approach, we remove dependency artifacts older than a week
to avoid this data accumulation problem.
>>>> 3.       Make my own custom IVY resolver that has audit trail support
that can still use a filesystem.  This is essentially the same as option #1 but the auditing
is done in Java code as part of the custom IVY resolver instead of ANT code in the master
build script.
>>>> Anybody out there have any opinions or suggestions?
>>>> ---
>>>> Shawn Castrianni
>>>> ---------------------------------------------------------------------
>>>> - This e-mail, including any attached files, may contain confidential
>>>> and privileged information for the sole use of the intended recipient.  Any
review, use, distribution, or disclosure by others is strictly prohibited.  If you are not
the intended recipient (or authorized to receive information for the intended recipient),
please contact the sender by reply e-mail and delete all copies of this message.

View raw message