build nexus-public 3.61.0-02

[fbalicchia]

Hi,

this is a question issue type. First of all sorry for crossposting I've posted the same request on the user group and I Don't know if it was the right place.

I'd like to recompile nexus-public 3.61.0-02 and put my change on Nexus release. but the build fails with the following error:

error Couldn't find package "@sonatype/nexus-ui-plugin@workspace:*" required by "@sonatype/nexus-...@0.1.0" on the "npm" registry.

The strange thing is that the same package on the main I'm able to rebuild.

Could tell me please where I'm wrong?

Thanks

[nblair]

Hi @fbalicchia - thanks for opening an issue. This github repository is not equivalent to what you may have downloaded from Sonatype's download page (or docker image) for Nexus Repository. This project is a mirror of just the open source core of Nexus Repository, which is a subset of what Sonatype distributes. The product you download from Sonatype is a combination of this and Sonatype's proprietary offering, offered for use under the Sonatype EULA.

You may not need to build this project in order to drop a community or self developed plugin into an official Nexus Repository distribution. Does that help?

[fbalicchia]

Hello,

Thank you for your response and for clarifying how the solution is shipped.

The purpose of my question was to understand if it's possible to backport a specific fix without updating the entire Nexus repository.

As far as I understand it, components compiled on a particular tag cannot be replaced in Nexus because the OSGi layer used for shipping the Nexus repository is proprietary. Is this understanding correct?

Thank you for your attention.

[nblair]

Hi @fbalicchia - We don't have a runbook for backporting a specific fix by using the sources available here, so apologies that I don't have guidance. The OSGi layer isn't proprietary, but OSGi is difficult enough on it's own to navigate that each individual fix would likely need some inspection on how to properly bundle and configure in the end result.

[ryanwoodsmall]

You may not need to build this project in order to drop a community or self developed plugin into an official Nexus Repository distribution. Does that help?

For some clarity: there is no way to build the code sonatype/nexus-public into a deployable, correct? As a project requirement for something I'm working on, fully rebuildable if not reproducible builds of an OSS artifact repo and proxy are a must. This precludes Nexus OSS, as click-through downloads with license agreements are also not allowed; I also cannot rely on a Docker image that I cannot fully reproduce from a pretty much airgapped environment.

I've been an advocate for Nexus repo manager at a few places I've worked and it's disappointing if I can't at least package your OSS software for internal testing and use without agreeing to your licensing and resultant marketing spam. And is it really OSS at this point or is it "open core?" Artifactory is also a no-go as their open offering - which does build from source, btw - only supports a small subset of what I need. I'm now looking at Artpie and other more-integrated but likely worse alternatives, whereas Nexus OSS would have been my preference.