Monthly Archives: June 2009

Maven 2.2.0 Released!


June 30, 2009 By John Casey

I’m pleased to announce that we at the Apache Maven project have released Maven 2.2.0. You should definitely give it a spin! Maven 2.1.0 was probably the most stable release we’ve ever done, in terms of the number of reported regressions. Maven 2.2.0 improves on this stability by fixing the few critical bugs that did come up, along with adding some new functionality. You can grab the new version here.

This release includes some important bugfixes and other improvements, including:

Removed feature from 2.1.0 that resolved expressions in version elements within the POM on installation and deployment.

This code was causing inconsistencies between the POM that landed in the repository and artifacts that are derived from that POM. The most prominent example deals with the GPG plugin: since the POM was modified on deployment, the GPG signature generated during the build was useless. This by itself effectively made Maven 2.1.0 unusable for releases.

Switched to a HttpClient-based wagon implementation for reaching HTTP repositories.

This is crucial for people sending long passwords, since the HttpUrlConnection-driven wagon did not-nice things with BASIC authentication headers when the password was very long…it line-wrapped the Base-64 header value, rendering the HTTP request invalid. In addition, HttpClient offers a wide range of options for configuration over HttpUrlConnection.

New default execution IDs for goals bound from the default lifecycle mapping and those invoked from the command line.

Previously, the only way to configure plugins that were used from the command line was to put the configuration options into the plugin-level configuration. This meant that it was impossible to separate CLI-oriented configuration settings from those used in goals that were bound to the lifecycle. Now, you can simply use an execution block with an id of default-cli to compartmentalize CLI-specific options.

Likewise, Maven 2.1.0 forces users to add configuration at the plugin level for any goals bound to the build via default lifecycle mapping. This could be particularly troublesome when you had multiple goals from a single plugin bound in via lifecycle mapping, and needed to respecify the same configuration option differently for the different goals. For instance, using different includes or excludes between the compiler:compile and compiler:testCompile goal executions was basically impossible. In Maven 2.2.0, you can use executions with the new per-goal default execution-Ids. For the compiler example, you can use default-compile and default-testCompile, respectively, to separate configurations for these two default goal executions.

Java 1.5+ is now a requirement.

Maven 2.2.0 upgrades the Java requirement to 1.5 or later. This allows us to finally start making the migration onto the Java5 generics syntax, and other nice little perks that come with a less archaic version of Java.

…and more…

For the full list of updates, see the Release Notes.

Optimal Nexus Repository configuration


June 22, 2009 By Brian Fox

Once you decide to install a Repository Manager, the next decision is how to setup your repositories, particularly if you have multiple teams sharing the same instance. Nexus is very flexible in this area and supports a variety of configurations. I’ll first describe the options and then discuss the thought process used to decide what makes sense for your organization.

Repositories per Project/Team

The first and most obvious way to support multiple teams is to configure a pair of repositories per team (one release, one snapshot). The team is then given the appropriate C.R.U.D. permissions and they are able to use the system for their artifacts.

Our http://oss.sonatype.org instance is for the most part configured in this manner, where each project like Jetty has their own repositories separate from everyone else.

Partition Shared Repositories

Another option is to have a single (or a few) pair of Release/Snapshot repositories for your entire organization. In this case, the access is controlled by a mechanism we call “Repository Targets.”

Simply put, a Repository Target is a way to manage a set of artifacts based on their paths. A Repository Target is simply a list of regular expressions and a Name. For example, a Repo Target for Maven would be “./org/apache/maven/. and Nexus OSS would be “./org/sonatype/nexus/.

Note: while it is most common to manage artifacts based on the path of their groupId, the Regular Expression is matched against the entire path, and so it is also possible, for example, to define “Sources” as “.*-sources.jar” … it’s also worth noting that Repository Targets are not mutually exclusive. It is perfectly valid for a given path to be contained by multiple targets.

In this model, you would create a Repo Target for each project in your system. You are then able to take the Repo Target and associate it with one or more Repositories or Groups in your system. When you do this, new, specific, C.R.U.D. privileges are created. For example, I could take the Maven Repo target, associate it with my Release and Snapshot repository, and now I get privileges I can assign to Create, Read, Update, Delete “Maven” (./org/apache/maven/.) artifacts in my Release and Snapshot repositories.

This method is used to manage the http://repository.apache.org instance, where we have just one Release and Snapshot repository and each project team gets permissions to their artifacts based on the path.

Which Method is right for me?

First of all, these choices aren’t mutually exclusive. In fact, the first option builds upon the default Repository Target of “.*” which simply gives you access to all artifacts regardless of the path. You still associate the default Repo Target with specific repositories to create the assignable privileges

In general, it’s my opinion that fewer repositories will scale better and are easier to manage. It’s also easier to start off with a single pair of repos, with the default “All M2″ (.*) target and simply refine the permissions as you scale. Most things that are configured per repository (Cache, Storage location, Snapshot purging, etc) will generally be applicable for all projects, so this mode avoids the duplication of these tasks. Since everything will be stored together in a single folder on disk, it makes backups easier as well.

The reasons why you would want multiple sets of repositories is essentially the opposite of above: If you need different expiration, Snapshot purging or storage folders, then a single shared repo won’t work. Replication and failover strategies may also make this method easier to support. If you absolutely must maintain total separation between Project teams, ie they can’t read each other’s artifacts, then this solution might be more applicable as well. (but is still possible with Repo Targets…just grant Read to only the appropriate targets)

In Summary, Nexus allows you to control the security of your artifacts based on the repository and/or the path of the artifact, meaning it is possible to slice and dice the system any way you see fit. My default position is to use a few Hosted Repositories as possible and control the permissions by the Repository Target.

It’s also worth mentioning that the Staging functionality in Pro also uses the Repo Targets to decide how given artifacts are staged, so the definitions are reusable across the system…and if you are using Staging you will define the

Publishing Your Artifacts to the The Central Repository


June 19, 2009 By Brian Fox

If your project’s artifacts are published to the Central Repository it is trivial for your users to add a dependency and start using your project’s library or framework, but if your project is hosted somewhere like Sourceforge and there is no repository manager or repository setup for synchronizing to the Central Repository, getting your artifacts into Central can be a pain. The old process for publishing your artifacts to Central required several manual steps for you and for the Maven team to setup and enable an rsync location… assuming you can find a location to host your files at all.

At Sonatype, we want to make synchronizing and publishing your artifacts to Central easier both for you and for us, and we want to improve the quality of repository metadata for everyone at the same time. We have set up a dedicated instance of Sonatype Pro for Nexus at http://oss.sonatype.org specifically to host the artifacts of other Open Source projects. In this post, I talk about the process of creating a repository for your open source projects and publishing artifacts so that they will be available from the Central Repository.

Continue reading

Using Staging Repositories for Deployment in Nexus


June 17, 2009 By Brian Demers

For a number of reasons you might want to require your developers to use a staging repository.    Staged software releases in Nexus Professional are the best way to enable your development team to push a release to an artifact repository such as Nexus while providing management and quality assurance with a way to test and approve a release before “burning” it to production.  If you want to learn how to make a staged release, you can watch this video. or read the remainder of this blog post. Continue reading