You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@maven.apache.org by mi...@apache.org on 2020/12/02 19:54:14 UTC
[maven] branch master updated: [MNG-5728] Switch the default
checksum policy from "warn" to "fail"
This is an automated email from the ASF dual-hosted git repository.
michaelo pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/maven.git
The following commit(s) were added to refs/heads/master by this push:
new 95ee890 [MNG-5728] Switch the default checksum policy from "warn" to "fail"
95ee890 is described below
commit 95ee8908370744153531aa2e80a9bce93dc5d9bc
Author: Nicolas Juneau <ni...@savoirfairelinux.com>
AuthorDate: Fri Nov 27 16:03:11 2020 +0100
[MNG-5728] Switch the default checksum policy from "warn" to "fail"
Signed-off-by: rfscholte <rf...@apache.org>
Signed-off-by: Michael Osipov <mi...@apache.org>
---
.../repository/ArtifactRepositoryPolicy.java | 4 +++-
.../AbstractArtifactComponentTestCase.java | 25 ++++++++++++++++++++++
.../repository/legacy/DefaultWagonManagerTest.java | 5 +++++
.../apache/maven/bridge/MavenRepositorySystem.java | 22 +++++++++----------
maven-model/src/main/mdo/maven.mdo | 7 +++---
.../internal/ArtifactDescriptorUtils.java | 18 +++++++++++++++-
6 files changed, 64 insertions(+), 17 deletions(-)
diff --git a/maven-artifact/src/main/java/org/apache/maven/artifact/repository/ArtifactRepositoryPolicy.java b/maven-artifact/src/main/java/org/apache/maven/artifact/repository/ArtifactRepositoryPolicy.java
index 5ce317f..6ad2a26 100644
--- a/maven-artifact/src/main/java/org/apache/maven/artifact/repository/ArtifactRepositoryPolicy.java
+++ b/maven-artifact/src/main/java/org/apache/maven/artifact/repository/ArtifactRepositoryPolicy.java
@@ -43,6 +43,8 @@ public class ArtifactRepositoryPolicy
public static final String CHECKSUM_POLICY_IGNORE = "ignore";
+ public static final String DEFAULT_CHECKSUM_POLICY = CHECKSUM_POLICY_FAIL;
+
private boolean enabled;
private String updatePolicy;
@@ -71,7 +73,7 @@ public class ArtifactRepositoryPolicy
if ( checksumPolicy == null )
{
- checksumPolicy = CHECKSUM_POLICY_WARN;
+ checksumPolicy = DEFAULT_CHECKSUM_POLICY;
}
this.checksumPolicy = checksumPolicy;
}
diff --git a/maven-compat/src/test/java/org/apache/maven/artifact/AbstractArtifactComponentTestCase.java b/maven-compat/src/test/java/org/apache/maven/artifact/AbstractArtifactComponentTestCase.java
index dbd6e8f..ab59ae6 100644
--- a/maven-compat/src/test/java/org/apache/maven/artifact/AbstractArtifactComponentTestCase.java
+++ b/maven-compat/src/test/java/org/apache/maven/artifact/AbstractArtifactComponentTestCase.java
@@ -60,6 +60,7 @@ import java.io.IOException;
import java.io.OutputStreamWriter;
import java.io.Writer;
import java.nio.charset.StandardCharsets;
+import java.security.MessageDigest;
import java.util.ArrayList;
import java.util.List;
@@ -298,6 +299,17 @@ public abstract class AbstractArtifactComponentTestCase
{
writer.write( artifact.getId() );
}
+
+ MessageDigest md = MessageDigest.getInstance( "MD5" );
+ md.update( artifact.getId().getBytes() );
+ byte[] digest = md.digest();
+
+ String md5path = repository.pathOf( artifact ) + ".md5";
+ File md5artifactFile = new File( repository.getBasedir(), md5path );
+ try ( Writer writer = new OutputStreamWriter( new FileOutputStream( md5artifactFile ), StandardCharsets.ISO_8859_1) )
+ {
+ writer.append( printHexBinary( digest ) );
+ }
}
protected Artifact createArtifact( String artifactId, String version )
@@ -371,4 +383,17 @@ public abstract class AbstractArtifactComponentTestCase
return session;
}
+ private static final char[] hexCode = "0123456789ABCDEF".toCharArray();
+
+ private static final String printHexBinary( byte[] data )
+ {
+ StringBuilder r = new StringBuilder( data.length * 2 );
+ for ( byte b : data )
+ {
+ r.append( hexCode[( b >> 4 ) & 0xF] );
+ r.append( hexCode[( b & 0xF )] );
+ }
+ return r.toString();
+ }
+
}
diff --git a/maven-compat/src/test/java/org/apache/maven/repository/legacy/DefaultWagonManagerTest.java b/maven-compat/src/test/java/org/apache/maven/repository/legacy/DefaultWagonManagerTest.java
index 1b3cb79..3424ac1 100644
--- a/maven-compat/src/test/java/org/apache/maven/repository/legacy/DefaultWagonManagerTest.java
+++ b/maven-compat/src/test/java/org/apache/maven/repository/legacy/DefaultWagonManagerTest.java
@@ -101,7 +101,10 @@ public class DefaultWagonManagerTest
StringWagon wagon = (StringWagon) wagonManager.getWagon( "string" );
wagon.addExpectedContent( repos.get( 0 ).getLayout().pathOf( artifact ), "expected" );
+ wagon.addExpectedContent( repos.get( 0 ).getLayout().pathOf( artifact ) + ".md5", "cd26d9e10ce691cc69aa2b90dcebbdac" );
wagon.addExpectedContent( repos.get( 1 ).getLayout().pathOf( artifact ), "expected" );
+ wagon.addExpectedContent( repos.get( 1 ).getLayout().pathOf( artifact ) + ".md5", "cd26d9e10ce691cc69aa2b90dcebbdac" );
+
class TransferListener
extends AbstractTransferListener
@@ -170,6 +173,7 @@ public class DefaultWagonManagerTest
StringWagon wagon = (StringWagon) wagonManager.getWagon( "string" );
wagon.addExpectedContent( repo.getLayout().pathOf( artifact ), "expected" );
+ wagon.addExpectedContent( repo.getLayout().pathOf( artifact ) + ".md5", "cd26d9e10ce691cc69aa2b90dcebbdac" );
wagonManager.getArtifact( artifact, repo, null, false );
@@ -271,6 +275,7 @@ public class DefaultWagonManagerTest
ArtifactRepository repo = createStringRepo();
StringWagon wagon = (StringWagon) wagonManager.getWagon( "string" );
wagon.addExpectedContent( repo.getLayout().pathOf( artifact ), "expected" );
+ wagon.addExpectedContent( repo.getLayout().pathOf( artifact ) + ".md5", "cd26d9e10ce691cc69aa2b90dcebbdac" );
/* getArtifact */
assertFalse( "Transfer listener is registered before test",
diff --git a/maven-core/src/main/java/org/apache/maven/bridge/MavenRepositorySystem.java b/maven-core/src/main/java/org/apache/maven/bridge/MavenRepositorySystem.java
index 752e659..f723cde 100644
--- a/maven-core/src/main/java/org/apache/maven/bridge/MavenRepositorySystem.java
+++ b/maven-core/src/main/java/org/apache/maven/bridge/MavenRepositorySystem.java
@@ -419,8 +419,8 @@ public class MavenRepositorySystem
}
return new ArtifactRepositoryPolicy( enabled, updatePolicy, checksumPolicy );
- }
-
+ }
+
public ArtifactRepository createArtifactRepository( String id, String url, String layoutId,
ArtifactRepositoryPolicy snapshots,
ArtifactRepositoryPolicy releases )
@@ -442,7 +442,7 @@ public class MavenRepositorySystem
repositoryId ) );
}
}
-
+
public static ArtifactRepository createArtifactRepository( String id, String url,
ArtifactRepositoryLayout repositoryLayout,
ArtifactRepositoryPolicy snapshots,
@@ -568,20 +568,20 @@ public class MavenRepositorySystem
return new DefaultArtifact( groupId, artifactId, versionRange, desiredScope, type, classifier, handler,
optional );
}
-
+
//
// Code taken from LegacyRepositorySystem
//
-
+
public ArtifactRepository createDefaultRemoteRepository( MavenExecutionRequest request )
throws Exception
{
return createRepository( RepositorySystem.DEFAULT_REMOTE_REPO_URL, RepositorySystem.DEFAULT_REMOTE_REPO_ID,
true, ArtifactRepositoryPolicy.UPDATE_POLICY_DAILY, false,
ArtifactRepositoryPolicy.UPDATE_POLICY_DAILY,
- ArtifactRepositoryPolicy.CHECKSUM_POLICY_WARN );
+ ArtifactRepositoryPolicy.DEFAULT_CHECKSUM_POLICY );
}
-
+
public ArtifactRepository createRepository( String url, String repositoryId, boolean releases,
String releaseUpdates, boolean snapshots, String snapshotUpdates,
String checksumPolicy ) throws Exception
@@ -594,7 +594,7 @@ public class MavenRepositorySystem
return createArtifactRepository( repositoryId, url, "default", snapshotsPolicy, releasesPolicy );
}
-
+
public Set<String> getRepoIds( List<ArtifactRepository> repositories )
{
Set<String> repoIds = new HashSet<>();
@@ -707,8 +707,8 @@ public class MavenRepositorySystem
ArtifactRepositoryPolicy.UPDATE_POLICY_ALWAYS, true,
ArtifactRepositoryPolicy.UPDATE_POLICY_ALWAYS,
ArtifactRepositoryPolicy.CHECKSUM_POLICY_IGNORE );
- }
-
+ }
+
private static final String WILDCARD = "*";
private static final String EXTERNAL_WILDCARD = "external:*";
@@ -873,5 +873,5 @@ public class MavenRepositorySystem
}
return result;
- }
+ }
}
diff --git a/maven-model/src/main/mdo/maven.mdo b/maven-model/src/main/mdo/maven.mdo
index 61d9ceb..c0d253b 100644
--- a/maven-model/src/main/mdo/maven.mdo
+++ b/maven-model/src/main/mdo/maven.mdo
@@ -1995,12 +1995,11 @@
<description>
<![CDATA[
What to do when verification of an artifact checksum fails. Valid values are
- <code>ignore</code>
- ,
+ <code>ignore</code>,
<code>fail</code>
- or
+ (default for Maven 4 and above) or
<code>warn</code>
- (the default).
+ (default for Maven 2 and 3)
]]>
</description>
<type>String</type>
diff --git a/maven-resolver-provider/src/main/java/org/apache/maven/repository/internal/ArtifactDescriptorUtils.java b/maven-resolver-provider/src/main/java/org/apache/maven/repository/internal/ArtifactDescriptorUtils.java
index 7d4ede8..17fbb10 100644
--- a/maven-resolver-provider/src/main/java/org/apache/maven/repository/internal/ArtifactDescriptorUtils.java
+++ b/maven-resolver-provider/src/main/java/org/apache/maven/repository/internal/ArtifactDescriptorUtils.java
@@ -19,6 +19,7 @@ package org.apache.maven.repository.internal;
* under the License.
*/
+import org.apache.maven.artifact.repository.ArtifactRepositoryPolicy;
import org.apache.maven.model.Repository;
import org.eclipse.aether.artifact.Artifact;
import org.eclipse.aether.artifact.DefaultArtifact;
@@ -59,7 +60,7 @@ public class ArtifactDescriptorUtils
public static RepositoryPolicy toRepositoryPolicy( org.apache.maven.model.RepositoryPolicy policy )
{
boolean enabled = true;
- String checksums = RepositoryPolicy.CHECKSUM_POLICY_WARN;
+ String checksums = toRepositoryChecksumPolicy( ArtifactRepositoryPolicy.DEFAULT_CHECKSUM_POLICY );
String updates = RepositoryPolicy.UPDATE_POLICY_DAILY;
if ( policy != null )
@@ -78,4 +79,19 @@ public class ArtifactDescriptorUtils
return new RepositoryPolicy( enabled, updates, checksums );
}
+ public static String toRepositoryChecksumPolicy( final String artifactRepositoryPolicy )
+ {
+ switch ( artifactRepositoryPolicy )
+ {
+ case ArtifactRepositoryPolicy.CHECKSUM_POLICY_FAIL:
+ return RepositoryPolicy.CHECKSUM_POLICY_FAIL;
+ case ArtifactRepositoryPolicy.CHECKSUM_POLICY_IGNORE:
+ return RepositoryPolicy.CHECKSUM_POLICY_IGNORE;
+ case ArtifactRepositoryPolicy.CHECKSUM_POLICY_WARN:
+ return RepositoryPolicy.CHECKSUM_POLICY_WARN;
+ default:
+ throw new IllegalArgumentException( "unknown repository checksum policy: " + artifactRepositoryPolicy );
+ }
+ }
+
}