You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@maven.apache.org by mi...@apache.org on 2020/09/30 19:19:30 UTC
[maven-resolver] 02/02: [MRESOLVER-140] Default to SHA-1 and MD5
hashing algorithms
This is an automated email from the ASF dual-hosted git repository.
michaelo pushed a commit to branch MRESOLVER-138
in repository https://gitbox.apache.org/repos/asf/maven-resolver.git
commit 464ae7d640331594d87faa1d83d38d40b41f019d
Author: Michael Osipov <mi...@apache.org>
AuthorDate: Wed Sep 30 21:16:04 2020 +0200
[MRESOLVER-140] Default to SHA-1 and MD5 hashing algorithms
---
.../impl/Maven2RepositoryLayoutFactory.java | 2 +-
.../impl/Maven2RepositoryLayoutFactoryTest.java | 42 ++++++++--------------
src/site/markdown/configuration.md | 4 +--
3 files changed, 18 insertions(+), 30 deletions(-)
diff --git a/maven-resolver-impl/src/main/java/org/eclipse/aether/internal/impl/Maven2RepositoryLayoutFactory.java b/maven-resolver-impl/src/main/java/org/eclipse/aether/internal/impl/Maven2RepositoryLayoutFactory.java
index 0372758..9f35142 100644
--- a/maven-resolver-impl/src/main/java/org/eclipse/aether/internal/impl/Maven2RepositoryLayoutFactory.java
+++ b/maven-resolver-impl/src/main/java/org/eclipse/aether/internal/impl/Maven2RepositoryLayoutFactory.java
@@ -48,7 +48,7 @@ public final class Maven2RepositoryLayoutFactory
static final String CONFIG_PROP_SIGNATURE_CHECKSUMS = "aether.checksums.forSignature";
static final String CONFIG_PROP_CHECKSUMS_ALGORITHMS = "aether.checksums.algorithms";
- static final String DEFAULT_CHECKSUMS_ALGORITHMS = "SHA-512,SHA-256,SHA-1,MD5";
+ static final String DEFAULT_CHECKSUMS_ALGORITHMS = "SHA-1,MD5";
private float priority;
diff --git a/maven-resolver-impl/src/test/java/org/eclipse/aether/internal/impl/Maven2RepositoryLayoutFactoryTest.java b/maven-resolver-impl/src/test/java/org/eclipse/aether/internal/impl/Maven2RepositoryLayoutFactoryTest.java
index bbf67cd..82fd2ea 100644
--- a/maven-resolver-impl/src/test/java/org/eclipse/aether/internal/impl/Maven2RepositoryLayoutFactoryTest.java
+++ b/maven-resolver-impl/src/test/java/org/eclipse/aether/internal/impl/Maven2RepositoryLayoutFactoryTest.java
@@ -155,11 +155,9 @@ public class Maven2RepositoryLayoutFactoryTest
DefaultArtifact artifact = new DefaultArtifact( "g.i.d", "a-i.d", "cls", "ext", "1.0" );
URI uri = layout.getLocation( artifact, false );
List<Checksum> checksums = layout.getChecksums( artifact, false, uri );
- assertEquals( 4, checksums.size() );
- assertChecksum( checksums.get( 0 ), "g/i/d/a-i.d/1.0/a-i.d-1.0-cls.ext.sha512", "SHA-512" );
- assertChecksum( checksums.get( 1 ), "g/i/d/a-i.d/1.0/a-i.d-1.0-cls.ext.sha256", "SHA-256" );
- assertChecksum( checksums.get( 2 ), "g/i/d/a-i.d/1.0/a-i.d-1.0-cls.ext.sha1", "SHA-1" );
- assertChecksum( checksums.get( 3 ), "g/i/d/a-i.d/1.0/a-i.d-1.0-cls.ext.md5", "MD5" );
+ assertEquals( 2, checksums.size() );
+ assertChecksum( checksums.get( 0 ), "g/i/d/a-i.d/1.0/a-i.d-1.0-cls.ext.sha1", "SHA-1" );
+ assertChecksum( checksums.get( 1 ), "g/i/d/a-i.d/1.0/a-i.d-1.0-cls.ext.md5", "MD5" );
}
@Test
@@ -181,11 +179,9 @@ public class Maven2RepositoryLayoutFactoryTest
DefaultArtifact artifact = new DefaultArtifact( "g.i.d", "a-i.d", "cls", "ext", "1.0" );
URI uri = layout.getLocation( artifact, true );
List<Checksum> checksums = layout.getChecksums( artifact, true, uri );
- assertEquals( 4, checksums.size() );
- assertChecksum( checksums.get( 0 ), "g/i/d/a-i.d/1.0/a-i.d-1.0-cls.ext.sha512", "SHA-512" );
- assertChecksum( checksums.get( 1 ), "g/i/d/a-i.d/1.0/a-i.d-1.0-cls.ext.sha256", "SHA-256" );
- assertChecksum( checksums.get( 2 ), "g/i/d/a-i.d/1.0/a-i.d-1.0-cls.ext.sha1", "SHA-1" );
- assertChecksum( checksums.get( 3 ), "g/i/d/a-i.d/1.0/a-i.d-1.0-cls.ext.md5", "MD5" );
+ assertEquals( 2, checksums.size() );
+ assertChecksum( checksums.get( 0 ), "g/i/d/a-i.d/1.0/a-i.d-1.0-cls.ext.sha1", "SHA-1" );
+ assertChecksum( checksums.get( 1 ), "g/i/d/a-i.d/1.0/a-i.d-1.0-cls.ext.md5", "MD5" );
}
@Test
@@ -209,14 +205,10 @@ public class Maven2RepositoryLayoutFactoryTest
Metadata.Nature.RELEASE_OR_SNAPSHOT );
URI uri = layout.getLocation( metadata, false );
List<Checksum> checksums = layout.getChecksums( metadata, false, uri );
- assertEquals( 4, checksums.size() );
- assertChecksum( checksums.get( 0 ), "org/apache/maven/plugins/maven-jar-plugin/maven-metadata.xml.sha512",
- "SHA-512" );
- assertChecksum( checksums.get( 1 ), "org/apache/maven/plugins/maven-jar-plugin/maven-metadata.xml.sha256",
- "SHA-256" );
- assertChecksum( checksums.get( 2 ), "org/apache/maven/plugins/maven-jar-plugin/maven-metadata.xml.sha1",
+ assertEquals( 2, checksums.size() );
+ assertChecksum( checksums.get( 0 ), "org/apache/maven/plugins/maven-jar-plugin/maven-metadata.xml.sha1",
"SHA-1" );
- assertChecksum( checksums.get( 3 ), "org/apache/maven/plugins/maven-jar-plugin/maven-metadata.xml.md5", "MD5" );
+ assertChecksum( checksums.get( 1 ), "org/apache/maven/plugins/maven-jar-plugin/maven-metadata.xml.md5", "MD5" );
}
@Test
@@ -227,14 +219,10 @@ public class Maven2RepositoryLayoutFactoryTest
Metadata.Nature.RELEASE_OR_SNAPSHOT );
URI uri = layout.getLocation( metadata, true );
List<Checksum> checksums = layout.getChecksums( metadata, true, uri );
- assertEquals( 4, checksums.size() );
- assertChecksum( checksums.get( 0 ), "org/apache/maven/plugins/maven-jar-plugin/maven-metadata.xml.sha512",
- "SHA-512" );
- assertChecksum( checksums.get( 1 ), "org/apache/maven/plugins/maven-jar-plugin/maven-metadata.xml.sha256",
- "SHA-256" );
- assertChecksum( checksums.get( 2 ), "org/apache/maven/plugins/maven-jar-plugin/maven-metadata.xml.sha1",
+ assertEquals( 2, checksums.size() );
+ assertChecksum( checksums.get( 0 ), "org/apache/maven/plugins/maven-jar-plugin/maven-metadata.xml.sha1",
"SHA-1" );
- assertChecksum( checksums.get( 3 ), "org/apache/maven/plugins/maven-jar-plugin/maven-metadata.xml.md5", "MD5" );
+ assertChecksum( checksums.get( 1 ), "org/apache/maven/plugins/maven-jar-plugin/maven-metadata.xml.md5", "MD5" );
}
@Test
@@ -243,7 +231,7 @@ public class Maven2RepositoryLayoutFactoryTest
DefaultArtifact artifact = new DefaultArtifact( "g.i.d", "a-i.d", "cls", "asc", "1.0" );
URI uri = layout.getLocation( artifact, false );
List<Checksum> checksums = layout.getChecksums( artifact, false, uri );
- assertChecksums( checksums, "g/i/d/a-i.d/1.0/a-i.d-1.0-cls.asc", "SHA-512", "SHA-256", "SHA-1", "MD5" );
+ assertChecksums( checksums, "g/i/d/a-i.d/1.0/a-i.d-1.0-cls.asc", "SHA-1", "MD5" );
artifact = new DefaultArtifact( "g.i.d", "a-i.d", "cls", "jar.asc", "1.0" );
uri = layout.getLocation( artifact, false );
@@ -257,7 +245,7 @@ public class Maven2RepositoryLayoutFactoryTest
DefaultArtifact artifact = new DefaultArtifact( "g.i.d", "a-i.d", "cls", "asc", "1.0" );
URI uri = layout.getLocation( artifact, true );
List<Checksum> checksums = layout.getChecksums( artifact, true, uri );
- assertChecksums( checksums, "g/i/d/a-i.d/1.0/a-i.d-1.0-cls.asc", "SHA-512", "SHA-256", "SHA-1", "MD5" );
+ assertChecksums( checksums, "g/i/d/a-i.d/1.0/a-i.d-1.0-cls.asc", "SHA-1", "MD5" );
artifact = new DefaultArtifact( "g.i.d", "a-i.d", "cls", "jar.asc", "1.0" );
uri = layout.getLocation( artifact, true );
@@ -274,7 +262,7 @@ public class Maven2RepositoryLayoutFactoryTest
DefaultArtifact artifact = new DefaultArtifact( "g.i.d", "a-i.d", "cls", "jar.asc", "1.0" );
URI uri = layout.getLocation( artifact, true );
List<Checksum> checksums = layout.getChecksums( artifact, true, uri );
- assertChecksums( checksums, "g/i/d/a-i.d/1.0/a-i.d-1.0-cls.jar.asc", "SHA-512", "SHA-256", "SHA-1", "MD5" );
+ assertChecksums( checksums, "g/i/d/a-i.d/1.0/a-i.d-1.0-cls.jar.asc", "SHA-1", "MD5" );
}
}
diff --git a/src/site/markdown/configuration.md b/src/site/markdown/configuration.md
index eb7f781..eff0a1f 100644
--- a/src/site/markdown/configuration.md
+++ b/src/site/markdown/configuration.md
@@ -19,10 +19,10 @@ under the License.
-->
Option | Type | Description | Default Value | Supports Repo ID Suffix
---- | --- | --- | --- | ---
+--- | --- | --- | --- | ---
`aether.artifactResolver.snapshotNormalization` | boolean | It replaces the timestamped snapshot file name with a filename containing the `SNAPSHOT` qualifier only. This only affects resolving/retrieving artifacts but not uploading those. | `true` | no
`aether.checksums.forSignature` | boolean | Flag indicating if signature artifacts (`.asc`) should have checksums. | `false` | no
-`aether.checksums.algorithms` | String | List of [algorithms](https://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#MessageDigest) passed to [`MessageDigest`](https://docs.oracle.com/javase/7/docs/api/java/security/MessageDigest.html) with which checksums are validated (downloaded) and generated (uploaded). | `"SHA-512,SHA-256,SHA-1,MD5"` | no
+`aether.checksums.algorithms` | String | List of [algorithms](https://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#MessageDigest) passed to [`MessageDigest`](https://docs.oracle.com/javase/7/docs/api/java/security/MessageDigest.html) with which checksums are validated (downloaded) and generated (uploaded). | `"SHA-1,MD5"` | no
`aether.conflictResolver.verbose` | boolean | Flag controlling the conflict resolver's verbose mode. | `false` | no
`aether.connector.basic.threads` or `maven.artifact.threads` | int | Number of threads to use for uploading/downloading. | `5` | no
`aether.connector.classpath.loader` | ClassLoader | `ClassLoader` from which resources should be retrieved which start with the `classpath:` protocol. | `Thread.currentThread().getContextClassLoader()` | no