archiva-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Deng Ching <>
Subject Re: Evaluatong Archive Managers
Date Fri, 26 Jun 2009 07:56:02 GMT
Hi Chris,

On Tue, Jun 23, 2009 at 10:12 PM, Chris Brooking <>wrote:

> Please read the warning at the end of this email
> ________________________________________________
> Hi, The company I work for are currently performing maven builds using a
> file-based repository on a shared drive. We would like the libraries to be
> under some form of configuration management, and are evaluating Nexus,
> Affinity, and Archiva - selected simply because they are mentioned on the
> Maven site. The requirements that we have are:
> Not Automatically Fetching Libraries
> ------------------------------------
> We would like to be able to set up a repository that does not automatically
> download a new library just because a developer specifies it in a .pom file.
> We would like an administrator to have to add the file to the repository
> deliberately. The initial archive would ideally be populated first from our
> file-based repository, alternatively a build could force an initial fetch
> then the archive configured not to fetch automatically.
> The reason that we want this is so that if a third party changes a library
> without changing the version number we won't pick up the new version
> unknowingly. Also we want to ensure that only known libraries and versions
> are in a build.

You can add existing repositories from the local file system where Archiva
is installed then configure it not to proxy any remote repository. Archiva
currently doesn't have the stage:copy feature yet, so if you have new
internal artifacts you want to add to the repository you have to do this via
the regular 'mvn deploy' or deploy the artifact from the web UI.

> Auditing of changes to repository
> ---------------------------------
> With information about who does what when. Ideally it would be nice to
> enable the administrator to add a comment, so they could say why and for
> which project.

Archiva has an audit log file for this but the info isn't currently viewable
from the web UI..

> "Normal" archiving of plug-ins
> ------------------------------
> The archive should ideally act as a cache for plug-ins, downloading from
> the internet when required.

This can be configured through Archiva's proxy connectors. You can configure
which remote repositories will be "proxied" and set the path patterns to
determine which artifacts will be fetched from a specific remote repository.
You can also configure download policies like how often it would fetch
artifacts from the remote repo, how Archiva would handle download failures,

> Security model for Administrators
> ---------------------------------
> Basically only administrators should be able to add or remove libraries or
> versions from the repository.

Archiva has a role-based security system. For each repository, there are two
roles available: Repository Manager and Repository Observer. With the
Repository Manager role, you can deploy and download artifacts from the
repository, while with the Repo Observer role, you're only allowed to
download artifacts from the repository. There's also a default System Admin
role for absolute access to Archiva and a special 'guest' role if you don't
want any authentication for a specific repository.

Hope I was able to answer your questions..


> I am looking at Archiva to see how it can achieve the above, Any pointers
> on what can/can't be done and how it can be achieved would be welcome.
> (Currently I have had a response from Nexus, who say the "pro" version is
> needed to meet requirement one, and that requirement two is not available
> directly but could probably be rigged by having some third-party application
> query the RSS feed.)
> Thanks,
> Chris
> ________________________________________________
> This email and any attachments are confidential and may contain privileged
> information.
> If you are not the person for whom they are intended please return the
> email and then delete all material from any computer. You must not use the
> email or attachments for any purpose, nor disclose its contents to anyone
> other than the intended recipient.
> Any statements made by an individual in this email do not necessarily
> reflect the views of the Yorkshire Building Society Group.
> ________________________________________________
> Yorkshire Building Society, which is authorised and regulated by the
> Financial Services Authority, chooses to introduce its customers to:
> -Legal & General for the purposes of advising on and arranging life
> assurance and investment products bearing Legal & General's name;
> and
> -Homeowners Friendly Society for the purpose of arranging stakeholder Child
> Trust Funds.
> We are entered in the FSA Register and our FSA registration number is
> 106085
> Head Office: Yorkshire Building Society, Yorkshire House, Yorkshire Drive,
> Bradford, BD5 8LJ
> Tel: 0845 1 200 100
> Visit Our Website
> All communications with us may be monitored/recorded to improve the quality
> of our service and for your protection and security.
> ________________________________________________________________________
> This e-mail has been scanned for all viruses by Star. The
> service is powered by MessageLabs. For more information on a proactive
> anti-virus service working around the clock, around the globe, visit:
> ________________________________________________________________________

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message