Abstract: The present disclosure provides a method, system, and computer-readable storage media for operating a repository supporting multiple package types. To illustrate, the repository may be operated in accordance with an index framework that is used to maintain internal structures and interdependencies of each of the multiple package types. In a particular implementation, a REST API module may receive a REST request corresponding to a package type. In response to receiving the REST request, the REST API may initiate an index operation to generate index indicia based on the package type and a content of a portion of at least one memory corresponding to the package type. Based on the index indicia, an index model module may generate a packet type index and store, at a repository module, the package type index at a location in the at least one memory corresponding to the package type.

Abstract: The present disclosure provides systems, methods, and computer readable storage devices for validating that a software release has successfully completed multiple development stages of a development process without alteration. To illustrate, as software (e.g., one or more files or artifacts) completes at least a portion of a development process including the development stages, data components are generated. Digital signatures are generated based on the data components and a private key, and the digital signatures are stored in a secure data structure, such as a blockchain or a tree structure. Upon receipt of the data components (e.g., as validation data of a software release) by a node device, the node device generates validation signatures based on the data components and a public key and compares the validation signatures to the digital signatures stored in the secure data structure to validate the software before processing the software.

Abstract: The present disclosure provides a method, system, and device for distributing a software release. To illustrate, based on one or more files for distribution as a software release, a release bundle is generated that includes release bundle information, such as, for each file of the one or more files, a checksum, meta data, or both. One or more other aspects of the present disclosure further provide sending the release bundle to a node device. After receiving the release bundle at the node device, the node device receives and stores at least one file at a transaction directory. After verification that each of the one or more files is present/available at the node device, the one or more files may be provided to a memory of a node device and meta data included in the release bundle information may be applied to the one or more files transferred to the memory.

Abstract: The present disclosure provides a method, system, and device for verifying a software release. To illustrate, as software (e.g., one or more files or artifacts) completes one or more stages of a development process, one or more digital signatures are generated. The one or more digital signatures are generated using private keys that correspond to the stage of the development process that is completed. The one or more digital signatures, and one or more public keys corresponding to the private keys, are sent to a node device. Upon receipt of the one or more digital signatures and the public keys (e.g., as part of a software release), the node device verifies the digital signatures before processing the software.

Abstract: The present disclosure provides a method, system, and device for file replication. To illustrate, based on target replication information corresponding to a version of a file at a target device, a source device may determine one or more portions of a different version of the file at the source device to be provided to the target device. One or more other aspects of the present disclosure further provide sending, to the target device, the one or more portions and replication information corresponding to the version of the file at the source device. Based on the version of the file at the target device, the one or more portions, and the replication information corresponding to the version of the file at the source device, the target device may assemble and store a file that corresponds to the version of the file at the source device.

Abstract: The present disclosure provides systems, methods, and computer readable storage devices for validating that a software release has successfully completed multiple development stages of a development process without alteration. To illustrate, as software (e.g., one or more files or artifacts) completes at least a portion of a development process including the development stages, data components are generated. Digital signatures are generated based on the data components and a private key, and the digital signatures are stored in a secure data structure, such as a blockchain or a tree structure. Upon receipt of the data components (e.g., as validation data of a software release) by a node device, the node device generates validation signatures based on the data components and a public key and compares the validation signatures to the digital signatures stored in the secure data structure to validate the software before processing the software.

Abstract: The present disclosure provides a method, system, and device for peer-to-peer downloading across a network. To illustrate, a server may receive a request from a peer device for at least a portion of a file. The server may send, to the peer device, download information including a checksum corresponding to the portion of the file, a token corresponding to authorization for the peer device to perform P2P communication, an indicator that identifies at least one device that includes the portion of the file, or a combination thereof. The server may update tracking information to indicate that the peer device received the portion of the file.

Abstract: The present disclosure provides a method, system, and computer-readable storage media for operating a repository supporting multiple package types. To illustrate, the repository may be operated in accordance with an index framework that is used to maintain internal structures and interdependencies of each of the multiple package types. In a particular implementation, a REST API module may receive a REST request corresponding to a package type. In response to receiving the REST request, the REST API may initiate an index operation to generate index indicia based on the package type and a content of a portion of at least one memory corresponding to the package type. Based on the index indicia, an index model module may generate a packet type index and store, at a repository module, the package type index at a location in the at least one memory corresponding to the package type.

Abstract: The present disclosure provides a method, system, and device for security object synchronization at multiple nodes of an active-active environment. To illustrate, a source node may generate a corresponding security object sync request for each of multiple target nodes. The source node may send the security object sync request to the target nodes via a source queue and, for each target node, a corresponding distribution queue. A distribution queue may be closed based on an acknowledgement received from a corresponding target node, after a time period, or after a number of transmission attempts. A synchronization log may be maintained to indicate which security object sync requests have been delivered to which target nodes. In some implementations, the source node and the target nodes are part of an active-active environment that may be synchronized in time so the nodes resolve conflicts between received security object updates initiated from two different nodes.

Abstract: The present disclosure provides a method, system, and device for file replication. To illustrate, based on target replication information corresponding to a version of a file at a target device, a source device may determine one or more portions of a different version of the file at the source device to be provided to the target device. One or more other aspects of the present disclosure further provide sending, to the target device, the one or more portions and replication information corresponding to the version of the file at the source device. Based on the version of the file at the target device, the one or more portions, and the replication information corresponding to the version of the file at the source device, the target device may assemble and store a file that corresponds to the version of the file at the source device.

Abstract: The present disclosure provides a method, system, and device for file replication. To illustrate, based on target replication information corresponding to a version of a file at a target device, a source device may determine one or more portions of a different version of the file at the source device to be provided to the target device. One or more other aspects of the present disclosure further provide sending, to the target device, the one or more portions and replication information corresponding to the version of the file at the source device. Based on the version of the file at the target device, the one or more portions, and the replication information corresponding to the version of the file at the source device, the target device may assemble and store a file that corresponds to the version of the file at the source device.

Abstract: The present disclosure provides a method, system, and device for security object synchronization at multiple nodes of an active-active environment. To illustrate, a source node may generate a corresponding security object sync request for each of multiple target nodes. The source node may send the security object sync request to the target nodes via a source queue and, for each target node, a corresponding distribution queue. A distribution queue may be closed based on an acknowledgement received from a corresponding target node, after a time period, or after a number of transmission attempts. A synchronization log may be maintained to indicate which security object sync requests have been delivered to which target nodes. In some implementations, the source node and the target nodes are part of an active-active environment that may be synchronized in time so the nodes resolve conflicts between received security object updates initiated from two different nodes.

Abstract: The present disclosure provides a method, system, and device for peer-to-peer downloading across a network. To illustrate, a server may receive a request from a peer device for at least a portion of a file. The server may send, to the peer device, download information including a checksum corresponding to the portion of the file, a token corresponding to authorization for the peer device to perform P2P communication, an indicator that identifies at least one device that includes the portion of the file, or a combination thereof. The server may update tracking information to indicate that the peer device received the portion of the file.

Abstract: The present disclosure provides a method, system, and device for generating and managing archived data. To illustrate, an archive request including an indication of a first set of files is received from an entity device. Archive information is generated based on the first set of files and stored at a first storage location and the first set of files are transmitted to an archival storage location. After the storage at the archival storage location, the archive information is accessed from the first storage location based on a retrieval request from the entity device and a request is transmitted to the archival storage location based on the archive information. The first set of files are received from the archival storage location and stored at a second storage location. A notification is sent to the entity device indicating the first set of files are available at the second storage location.

Abstract: The present disclosure provides systems, methods, and computer readable storage devices for managing a federated software repository. A method includes storing, at a first member of a multi-device software repository, at least one file and metadata corresponding to the at least one file. The method includes adding an entry to an event log queue. The entry indicates addition of the at least one file. The method includes sending the metadata corresponding to the at least one file to other members of the multi-device software repository for storage at the other devices. The method includes performing, at a later time from sending the metadata, one or more repository update operations that include sending the at least one file to at least a second member of the multi-device software repository.

Abstract: The present disclosure provides systems, methods, and computer readable storage devices for software distribution across a hierarchical network. A method includes sending, by a first node device, a registration request message to a second node device of a first distribution group of the hierarchical network. The registration request message indicates a request for the first node device to join the hierarchical network. The method further includes receiving, by the first node device, a registration response message from the second node device. The registration response message indicates an assignment of the first node device to a second distribution group corresponding to a tier that is below a tier that includes the first distribution group. The first node device may be authorized to perform peer-to-peer (P2P) communications to receive at least a portion of one or more files from node devices in the second distribution group or the second node device.

Abstract: The present disclosure provides a method, system, and device for generating and managing archived data. To illustrate, an archive request including an indication of a first set of files is received from an entity device. Archive information is generated based on the first set of files and stored at a first storage location and the first set of files are transmitted to an archival storage location. After the storage at the archival storage location, the archive information is accessed from the first storage location based on a retrieval request from the entity device and a request is transmitted to the archival storage location based on the archive information. The first set of files are received from the archival storage location and stored at a second storage location. A notification is sent to the entity device indicating the first set of files are available at the second storage location.

Abstract: The present disclosure provides a method, system, and device for securely updating a software release across a network. To illustrate, a server may compile a transaction log that includes information corresponding to one or more nodes in the network to which the software release has been transmitted. The server may analyze one or more files based on vulnerability information to identify at least one file of the one or more files that poses a risk. The server may also identify at least one node of the network at which the at least one file is deployed. Based on identifying the at least one node, the server may transmit a corrective action with respect to the at least one node.

Abstract: The present disclosure provides a method, system, and device for verifying a software release. To illustrate, as software (e.g., one or more files or artifacts) completes one or more stages of a development process, one or more digital signatures are generated. The one or more digital signatures are generated using private keys that correspond to the stage of the development process that is completed. The one or more digital signatures, and one or more public keys corresponding to the private keys, are sent to a node device. Upon receipt of the one or more digital signatures and the public keys (e.g., as part of a software release), the node device verifies the digital signatures before processing the software.

Abstract: The present disclosure provides a method, system, and device for securely updating a software release across a network. To illustrate, a server may compile a transaction log that includes information corresponding to one or more nodes in the network to which the software release has been transmitted. The server may analyze one or more files based on vulnerability information to identify at least one file of the one or more files that poses a risk. The server may also identify at least one node of the network at which the at least one file is deployed. Based on identifying the at least one node, the server may transmit a corrective action with respect to the at least one node.