Nexus中的发布存储库策略是否可以确保jar永远不会改变? [英] Is Release repository policy in Nexus ensures a jar will never change?
问题描述
我正在将Nexus OSS部署为公司内部存储库. 主要要求之一是,一旦Nexus下载了一个jar(例如,当使用jar作为Maven Central的代理时),它就永远不会改变. 我知道Maven Central拥有该策略,但是我正在使用不受我控制的其他存储库,因此我必须在我这一方面验证该要求.
I'm in the process of deploying Nexus OSS as internal company repository. One of the main requirements is that once a jar has been downloaded by Nexus (for example, when using is as a proxy of Maven Central) it will never change. I know that Maven Central has that policy, but I'm using other repositories which are not under my control, and I have to validate that requirement on my side.
发布存储库策略是否可以确保将jar下载到该存储库后就不会更改?
Does a Release repository policy ensures that once a jar is downloaded into that respository, it will never change?
存在确保我们可以返回到1.5年前创建的产品版本的要求,并确保该产品使用的存储库工件在现在构建时是相同的.
The requirement exists to ensure we can go back to a version of our product created 1.5 years ago, and make sure the repository artifacts used by the product are the same when building it now.
推荐答案
实际上,发布存储库应严格禁止发布后进行内容修改,这是Maven Central所做的:
Indeed, a release repository should strictly forbid content modification after a release, which is what Maven Central is doing:
2.2.4.中央Maven存储库
(...)这里有一些 释放特性 中央Maven等存储库 储存库:
2.2.4. The Central Maven Repository
(...) Here are some of the properties of release repositories such as the Central Maven repository:
...
发布稳定性
一旦发布到Central Maven 存储库,工件和 描述该工件的元数据 从不改变.此属性的发布 仓库保证项目 取决于版本 随着时间的推移可重复且稳定.尽管 新的软件工件正在出现 每天一次发布到中央 为工件分配了发布 环号上有一个严格的 禁止修改内容的政策 一个软件工件后 释放.
Once published to the Central Maven repository, an artifact and the metadata describing that artifact never change. This property of release repositories guarantees that projects which depend on releases will be repeatable and stable over time. While new software artifacts are being published to central every day, once an artifact is assigned a release number on Central, there is a strict policy against modifying the contents of a software artifact after a release.
话虽这么说,Maven客户端是否会(重新)下载工件并不真正取决于存储库及其策略,这是Maven DNA的一部分,并且不会发生(除非您删除给定的当然来自您本地存储库中的工件.在
That being said, whether a Maven client will (re)download an artifact or not does not really depend on the repository and its policy, this is part of Maven DNA and it just won't happen (unless you delete the given artifact from your local repository of course). Quoting Brett Porter in [MNG-2528] - updatePolicy "always" does not work for repositories with "releases", at least not for transitive dependencies:
根据定义,Maven中的发行版保持不变. always标志是检查是否有新版本(就像它寻找新的快照一样),而不是对现有版本进行修改.
Releases in Maven are, by definition, unchanging. The always flag is to check for new releases (like it looks for new snapshots), not modifications to the existing one.
换句话说,如果您不删除Nexus存储库中的内容,那么Nexus将永远不会再次重新下载已发布的工件,因此您将能够使用来重建两年前创建的产品版本.完全相同的库.
In other words, if you don't delete the content of your Nexus repository, Nexus will never re-download a released artifact again and you will thus be able to rebuild the version of your product created two years ago, using the exact same libraries.
这篇关于Nexus中的发布存储库策略是否可以确保jar永远不会改变?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
