ant-ivy-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Archie Cobbs <arc...@dellroad.org>
Subject Re: IVY design opinion
Date Wed, 06 Apr 2011 18:37:01 GMT
What about just setting up an authenticated, HTTP-based ivy repository and
using the Apache server logs as your audit trail?

-Archie

On Wed, Apr 6, 2011 at 1:07 PM, Shawn Castrianni <
Shawn.Castrianni@halliburton.com> wrote:

> I have been using IVY for 3 years now and love it.  I use the filesystem
> resolver to get dependencies that I publish from my own builds and the svn
> resolver to get thirdparty dependencies that I have downloaded from the
> internet and manually checked in.  My company wants to be very strict on
> thirdparty dependencies so that is why we get them from a controlled SVN
> repository and not straight from the Internet using ibiblio or whatever.
>
> Anyway, I was recently given a new requirement.  I must track and trace all
> dependency downloads within the company so that I can produce an audit log
> when asked any time in the future.  This audit log would contain the
> date/time and artifacts downloaded by a given user.
>
> I have been thinking on how to implement this and here are my thoughts:
>
> 1.       Turn off read access on the filer server where the filesystem
> resolver is getting dependencies from so no one can bypass the auditing and
> grab artifacts directly.  Setup a special user with read credentials to the
> file server that only the ANT/IVY scripts know about.  Add custom ANT code
> to my master build script so that it captures the ivy resolve/retrieve log
> and sends it to some audit log storage server anytime a user runs the
> dependency command.
>
> 2.       Move all of my published artifacts currently on the file server to
> SVN (similar to the thirdparty SVN repo described above).  Change my
> filesystem resolver to an SVN resolver.  Then any user running the
> dependency command will be pulling artifacts from SVN.  I can then just use
> the SVN server logs as an audit trail.  However, I worry about using SVN for
> hundreds of Gigabytes of data as an IVY dependency artifact repository.  We
> produce about 4GB of data per day.  Imagine how big the SVN repo would get
> after a year.  With the current file server approach, we remove dependency
> artifacts older than a week to avoid this data accumulation problem.
>
> 3.       Make my own custom IVY resolver that has audit trail support that
> can still use a filesystem.  This is essentially the same as option #1 but
> the auditing is done in Java code as part of the custom IVY resolver instead
> of ANT code in the master build script.
>
>
> Anybody out there have any opinions or suggestions?
>
> ---
> Shawn Castrianni
>
> ----------------------------------------------------------------------
> This e-mail, including any attached files, may contain confidential and
> privileged information for the sole use of the intended recipient.  Any
> review, use, distribution, or disclosure by others is strictly prohibited.
>  If you are not the intended recipient (or authorized to receive information
> for the intended recipient), please contact the sender by reply e-mail and
> delete all copies of this message.
>



-- 
Archie L. Cobbs

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message