Discussion:
duplicate artifacts consumer : cross repositories ?
Isabelle Guimiot
2015-03-17 14:37:13 UTC
Permalink
Hi,

I'm currently playing with Archiva 2.2, and I was having a look at the
duplicate artifact consumer : it seems that it only seeks duplicate
artifacts in the same repo, see the line below, from
DuplicateArtifactsConsumer.java :

results = metadataRepository.getArtifactsByChecksum( repoId, checksumSha1 );

"repoId" is specified in the method's arguments, so I suppose that the
result only contains artifacts from this repo ...

Obviously, it's better than nothing, but in my configuration, I have a
"proxy-repo" connected to maven central and other Internet repos, and I use
the internal repos (releases + snapshots) only for the artifacts that our
users deploy through their maven builds.

The duplicate artifact consumer would be really helpful for me, to identify
the naughty users that deploy open source jars in our internal repo.

But if the consumer doesn't make a cross repo research, I won't find out
the open source jars that are both in the proxy-repo and in our internal
releases repo. Do you think it would be possible to improve this for a
future version ? Do you want me to create a jira ?

Thank you !

Isabelle
Olivier Lamy
2015-03-22 23:49:08 UTC
Permalink
Post by Isabelle Guimiot
Hi,
I'm currently playing with Archiva 2.2, and I was having a look at the
duplicate artifact consumer : it seems that it only seeks duplicate
artifacts in the same repo, see the line below, from
results = metadataRepository.getArtifactsByChecksum( repoId, checksumSha1 );
"repoId" is specified in the method's arguments, so I suppose that the
result only contains artifacts from this repo ...
Obviously, it's better than nothing, but in my configuration, I have a
"proxy-repo" connected to maven central and other Internet repos, and I use
the internal repos (releases + snapshots) only for the artifacts that our
users deploy through their maven builds.
The duplicate artifact consumer would be really helpful for me, to identify
the naughty users that deploy open source jars in our internal repo.
But if the consumer doesn't make a cross repo research, I won't find out
the open source jars that are both in the proxy-repo and in our internal
releases repo. Do you think it would be possible to improve this for a
future version ? Do you want me to create a jira ?
Yes sounds an acceptable improvement :-)
A jira entry would be nice.

Thanks
Olivier
Post by Isabelle Guimiot
Thank you !
Isabelle
--
Olivier Lamy
http://twitter.com/olamy | http://linkedin.com/in/olamy
Isabelle Guimiot
2015-03-23 10:20:08 UTC
Permalink
New jira here : https://jira.codehaus.org/browse/MRM-1878 :)
Post by Isabelle Guimiot
Post by Isabelle Guimiot
Hi,
I'm currently playing with Archiva 2.2, and I was having a look at the
duplicate artifact consumer : it seems that it only seeks duplicate
artifacts in the same repo, see the line below, from
results = metadataRepository.getArtifactsByChecksum( repoId, checksumSha1 );
"repoId" is specified in the method's arguments, so I suppose that the
result only contains artifacts from this repo ...
Obviously, it's better than nothing, but in my configuration, I have a
"proxy-repo" connected to maven central and other Internet repos, and I
use
Post by Isabelle Guimiot
the internal repos (releases + snapshots) only for the artifacts that our
users deploy through their maven builds.
The duplicate artifact consumer would be really helpful for me, to
identify
Post by Isabelle Guimiot
the naughty users that deploy open source jars in our internal repo.
But if the consumer doesn't make a cross repo research, I won't find out
the open source jars that are both in the proxy-repo and in our internal
releases repo. Do you think it would be possible to improve this for a
future version ? Do you want me to create a jira ?
Yes sounds an acceptable improvement :-)
A jira entry would be nice.
Thanks
Olivier
Post by Isabelle Guimiot
Thank you !
Isabelle
--
Olivier Lamy
http://twitter.com/olamy | http://linkedin.com/in/olamy
Loading...