Nexus 2.0 Released
New in 2.0 is the ability to store .NET packages so that builds from different languages can use the same repository store, health and reporting to provide real-time feedback of the state of the repository's assets, and blocks in place to restrict access to undesirable assets. In addition, the proxy support has been greatly improved for performance, so that large repository clouds can be provided with a single master for the source.
Nexus 2.0 also has 'popularity reporting' which shows how frequently assets are used, based on downloads from Maven Central and scanning of the repository's access, so that out-of-date plugin or asset usage can be detected.
For Java, OSGi integration has been made possible with the P2 repository storage type, which is now available in the Open Source as well as Professional versions of the repository manager. Although OSGi OBR is not supported yet, it may be added when the OBR specification is finalised (currently it is still an RFP).
InfoQ caught up with Jason van Zyl of Sonatype and started by asking what the significant new features are in 2.0:
Jason van Zyl: Nuget Support: Nuget is a Visual Studio extension that makes it easy to install, update and publish .NET components and tools from within Visual Studio. Dependency management is being adopted in the .NET ecosystem and Nexus is the first repository manager to provide full support for Nuget.
Smart Proxy: In a nutshell Smart Proxy allows the communication of repository state changes in near-real-time to downstream Nexus proxies. This will ensure that proxies are not passing on stale snapshots to their users. It also helps downstream proxies get the latest artifact information without having to wait for their cache timeouts to discover changes. Administrators can also optionally activate the experimental preemptive fetch capability to allow the proxies of a master to proactively keep a synchronized copy of the content on the master. This is the first step toward multi-site replication.
Sonatype Insight: 75% of organizations use their Nexus repository to understand and manage their use of open source components (Sonatype survey, 2012). Adding real time security, licensing, and popularity data is a natural and valuable extension to Nexus. By adding this information into Nexus, Sonatype is delivering actionable information in the context of the tool Developers use every day. Sonatype is offering this capability to its entire Nexus install base (17,000+ organizations). Open source users will get summary information about the health of their repository, and Pro users will get the full details.
Are there any introductions or webinars covering the new features?
Jason van Zyl: The release of Nexus 2.0 is scheduled for today, February 15th. Sonatype will also be following up with a live demo webinar to showcase the new features on Tuesday, February 21st. You can find out more about the webinar here.
InfoQ: You recently announced that the upcoming Nexus repository would be licensed under the EPL-1.0 rather than the AGPLv3. What prompted the change of license?
Jason van Zyl: We find that the community is not receptive to the use of the AGPL in general, and we've had a few cases with potential contributors unwilling to publicly release their Nexus plugins because of the AGPL. The AGPL is a fairly aggressive license and just hasn't been around as long as other well known licenses like the EPL. The AGPL tends to make lawyers wary and we don't want to hinder adoption because of legal concerns. To date we have only had a small handful of plugins contributed to the Nexus project and we hope to encourage more participation from the community and expand the plugin ecosystem by adopting the EPL.
InfoQ: Finally, why the choice of EPL? Are there thoughts about moving it to the Eclipse Foundation, like Hudson and Tycho?
Jason van Zyl: Sonatype has considered moving Nexus to the Eclipse Foundation in the past, and we will likely consider it again but in the near term Nexus will remain a Sonatype project. Hudson and Tycho have active contributors from many organizations.
Tycho, a Maven plugin build for Eclipse PDE projects, had version 0.14 released yesterday, and adds license features, source feature generation and bundle runtime execution environments. Meanwhile, Hudson 3.0 milestone 0 was released earlier this year from the Eclipse foundation.
About P2 repository storage type
Re: About P2 repository storage type
Download the "*-bundle.zip" archives and unpack them inside your Nexus 2.0 OSS installation like so:
unzip -d nexus-oss-webapp-2.0/nexus/WEB-INF/plugin-repository/ /tmp/nexus-capabilities-plugin-2.0-bundle.zip
unzip -d nexus-oss-webapp-2.0/nexus/WEB-INF/plugin-repository/ /tmp/nexus-p2-bridge-plugin-2.0-bundle.zip
unzip -d nexus-oss-webapp-2.0/nexus/WEB-INF/plugin-repository/ /tmp/nexus-p2-repository-plugin-2.0-bundle.zip
Restart Nexus and the P2 capabilities should now be available. See www.sonatype.com/books/nexus-book/reference/p2.... for configuration details.
Similarly you can download the OBR plugin from search.maven.org/#artifactdetails%7Corg.sonatyp...
The complete code for these plugins is available on github under github.com/sonatype/nexus-p2-repository-plugin etc...
Caitie McCaffrey Apr 24, 2015