We use Artifactory for C/C++ packages, which we store on a remote repository on Artifactory using Conan. I want to achieve that Conan packages generated by a pipeline build are uploaded anonymously.
For Docker remotes on Artifactory, this is possible using the JFrog RT CLI tool. However, Conan packages are uploaded via conan upload to previously created and authenticated remotes.
Is there a way to upload Conan packages anonymously to Artifactory? If so, how can this be configured?
Here is an example of how to push a Docker image with the JFrog CLI tool:
jfrog rt docker-push my-docker-image:latest artifactory-repo
# Example command
jf rt docker-push my-docker-image:latest docker-local
There are a variety of integrations for JFrog, such as for Docker, Maven, Gradle, npm, and many others. Unfortunately, according to the documentation, there is no specific support for Conan packages.
We use Artifactory for C/C++ packages, which we store on a remote repository on Artifactory using Conan. I want to achieve that Conan packages generated by a pipeline build are uploaded anonymously.
For Docker remotes on Artifactory, this is possible using the JFrog RT CLI tool. However, Conan packages are uploaded via conan upload to previously created and authenticated remotes.
Is there a way to upload Conan packages anonymously to Artifactory? If so, how can this be configured?
Here is an example of how to push a Docker image with the JFrog CLI tool:
jfrog rt docker-push my-docker-image:latest artifactory-repo
# Example command
jf rt docker-push my-docker-image:latest docker-local
There are a variety of integrations for JFrog, such as for Docker, Maven, Gradle, npm, and many others. Unfortunately, according to the documentation, there is no specific support for Conan packages.
Share Improve this question edited Apr 16 at 21:27 TylerH 21.1k79 gold badges79 silver badges114 bronze badges asked Jan 23 at 19:14 zombieanfuehrerzombieanfuehrer 3002 silver badges16 bronze badges1 Answer
Reset to default 1Conan client can upload anonymously, as long as the server allows it. If there is a local liba package created in my cache, it is possible to upload it to Artifactory art remote:
$ conan upload "*" -r=art -c
Found 1 pkg/version recipes matching * in local cache
======== Uploading to remote art ========
-------- Checking server existing packages --------
liba/0.1: Checking which revisions exist in the remote server
Connecting to remote 'art' anonymously <==== ********
-------- Preparing artifacts for upload --------
-------- Uploading artifacts --------
liba/0.1: Uploading recipe 'liba/0.1#b743e10fde7a3e7b08b7e39332b9cff7' (2.6KB)
liba/0.1: Uploading package 'liba/0.1#b743e10fde7a3e7b08b7e39332b9cff7:4d8ab52ebb49f51e63d5193ed580b5a7672e23d5#64a77c135d9e923e7536faa774617f17' (5.8KB)
Upload completed in 0s
And it is possible to remove it too, if the anonymous user in Artifactory has permissions:
$ conan remove "liba*" -r=art
Connecting to remote 'art' anonymously
Found 1 pkg/version recipes matching liba* in art
Remove summary:
art
liba/0.1#b743e10fde7a3e7b08b7e39332b9cff7: Removed recipe and all binaries
This requires the appropriate configuration in the server side:
- Enabling anonymous usage
- Granting write/deploy/delete permissions to the
anonymoususer to the desired repo. - I also added the
anonymoususer to a "writers" group with write/deploy/delete permissions to the desired repo (I am not an expert in configuring the server side permissions, but this worked).
I guess there might be other security mechanisms in place, but in general, allowing anonymous uploads to the server wouldn't be a recommended practice, but rather the opposite, only CI can upload, and it will always require some authentication.