You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@archiva.apache.org by "Martin Stockhammer (JIRA)" <ji...@apache.org> on 2016/10/17 20:17:58 UTC
[jira] [Resolved] (MRM-1926) Invalid checksum files in Archiva
repository after download from remote repository
[ https://issues.apache.org/jira/browse/MRM-1926?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Martin Stockhammer resolved MRM-1926.
-------------------------------------
Resolution: Fixed
I think I found the cause in RepositoryModelResolver.
See commit 5de7825b42441a17d3c7856032ef3d3d65827975
> Invalid checksum files in Archiva repository after download from remote repository
> ----------------------------------------------------------------------------------
>
> Key: MRM-1926
> URL: https://issues.apache.org/jira/browse/MRM-1926
> Project: Archiva
> Issue Type: Bug
> Components: system
> Affects Versions: 2.2.1
> Environment: Ubuntu Linux 16.04 LTS x64; Ubuntu Linux 15.10 x64; CentOS 7.2 x64; JDK 1.8
> Reporter: Maik F.
> Assignee: Martin Stockhammer
> Fix For: 2.2.2
>
>
> When downloading files from a remote repository, in numerous cases Archiva stores invalid checksum files (sha1|md5) in its local repository. Upon checking the remote repository, the checksum files are found to be valid. If that is the case, the invalid checksum files are usually identical copies of the artifact's POM file and thus can't be used for checksum validation.
> The issue can be reproduced using the minimal pre-configured Archiva package (apache-archiva-2.2.1-bin.zip).
> *Reproduction of the error*
> Prerequisites:
> * Downloaded/unpacked/started packaged (zip) Archiva 2.2.1
> * Configured archiva as local maven mirror
> {code}
> mvn compile
> .
> .
> .
> Downloading: http://localhost:8080/repository/internal/org/apache/maven/plugins/maven-plugins/28/maven-plugins-28.pom
> [WARNING] Checksum validation failed, expected <?xml but is ad21477ba223c7e4360600db11d6115344065d85 for http://localhost:8080/repository/internal/org/apache/maven/plugins/maven-plugins/28/maven-plugins-28.pom
> [WARNING] Could not validate integrity of download from http://localhost:8080/repository/internal/org/apache/maven/plugins/maven-plugins/28/maven-plugins-28.pom: Checksum validation failed, expected <?xml but is ad21477ba223c7e4360600db11d6115344065d85
> [WARNING] Checksum validation failed, expected <?xml but is ad21477ba223c7e4360600db11d6115344065d85 for http://localhost:8080/repository/internal/org/apache/maven/plugins/maven-plugins/28/maven-plugins-28.pom
> {code}
> When checking the filesystem of archiva local repository upon artifact download, it is immediately obvious that the *.[md5|sha1] files are invalid:
> {code}
> maik@tpx1:~/Downloads/apache-archiva-2.2.1/repositories/internal/org/apache/maven/plugins/maven-plugins/28$ ll
> total 68
> drwxr-xr-x 2 maik maik 4096 Sep 21 15:48 ./
> drwxr-xr-x 5 maik maik 4096 Sep 21 15:48 ../
> -rw-r--r-- 1 maik maik 12031 Sep 21 15:48 maven-plugins-28.pom
> -rw-r--r-- 1 maik maik 12031 Sep 21 15:48 maven-plugins-28.pom.md5
> -rw-r--r-- 1 maik maik 12031 Sep 21 15:48 maven-plugins-28.pom.sha1
> maik@tpx1:~/Downloads/apache-archiva-2.2.1/repositories/internal/org/apache/maven/plugins/maven-plugins/28$ head -n 4 maven-plugins-28.pom.sha1
> <?xml version='1.0' encoding='UTF-8'?>
> <!--
> Licensed to the Apache Software Foundation (ASF) under one
> or more contributor license agreements. See the NOTICE file
> {code}
> archiva.log shows no errors regarding the artifact in question. Checking the source repository (maven central -> http://central.maven.org/maven2/org/apache/maven/plugins/maven-plugins/28/) shows that the original sha1/md5 files are ok. This seems to happen unpredictably for arbitrary artifacts.
> This issue has been posted on StackOverflow (see external issue URL) using a more sophisticated configuration.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)