You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@maven.apache.org by jv...@apache.org on 2003/01/03 03:37:05 UTC
cvs commit: jakarta-turbine-maven/src/java/org/apache/maven/verifier ChecksumVerificationException.java DependencyVerifier.java ArtifactCorruptionException.java
jvanzyl 2003/01/02 18:37:05
Modified: src/java/org/apache/maven/cli App.java
src/java/org/apache/maven/plugin PluginManager.java
src/java/org/apache/maven/project Project.java
src/java/org/apache/maven/repository AbstractArtifact.java
Artifact.java
src/java/org/apache/maven/util HttpUtils.java MD5Sum.java
src/java/org/apache/maven/verifier DependencyVerifier.java
Added: src/java/org/apache/maven/verifier
ChecksumVerificationException.java
Removed: src/java/org/apache/maven/verifier
ArtifactCorruptionException.java
Log:
o wired in the checksum verification logic which appears to be working but
i can't turn it on until we get the permissions sorted out on ibiblio. No
biggie.
Revision Changes Path
1.18 +7 -1 jakarta-turbine-maven/src/java/org/apache/maven/cli/App.java
Index: App.java
===================================================================
RCS file: /home/cvs/jakarta-turbine-maven/src/java/org/apache/maven/cli/App.java,v
retrieving revision 1.17
retrieving revision 1.18
diff -u -r1.17 -r1.18
--- App.java 2 Jan 2003 01:30:22 -0000 1.17
+++ App.java 3 Jan 2003 02:37:04 -0000 1.18
@@ -68,6 +68,7 @@
import org.apache.maven.MavenSession;
import org.apache.maven.verifier.RepoConfigException;
import org.apache.maven.verifier.UnsatisfiedDependencyException;
+import org.apache.maven.verifier.ChecksumVerificationException;
import org.apache.maven.UnknownGoalException;
import org.apache.maven.jelly.MavenJellyContext;
@@ -523,6 +524,11 @@
}
}
catch ( UnsatisfiedDependencyException e )
+ {
+ failed = true;
+ System.err.println( e.getLocalizedMessage() );
+ }
+ catch ( ChecksumVerificationException e )
{
failed = true;
System.err.println( e.getLocalizedMessage() );
1.24 +2 -2 jakarta-turbine-maven/src/java/org/apache/maven/plugin/PluginManager.java
Index: PluginManager.java
===================================================================
RCS file: /home/cvs/jakarta-turbine-maven/src/java/org/apache/maven/plugin/PluginManager.java,v
retrieving revision 1.23
retrieving revision 1.24
diff -u -r1.23 -r1.24
--- PluginManager.java 1 Jan 2003 03:10:30 -0000 1.23
+++ PluginManager.java 3 Jan 2003 02:37:04 -0000 1.24
@@ -320,7 +320,7 @@
// This method should not be here and is currently used from the Project class.
- public void loadMavenJellyScript( Project project )
+ void loadMavenJellyScript( Project project )
throws Exception
{
File mavenXmlFile = new File( project.getFile().getParentFile(), "maven.xml" );
1.58 +5 -2 jakarta-turbine-maven/src/java/org/apache/maven/project/Project.java
Index: Project.java
===================================================================
RCS file: /home/cvs/jakarta-turbine-maven/src/java/org/apache/maven/project/Project.java,v
retrieving revision 1.57
retrieving revision 1.58
diff -u -r1.57 -r1.58
--- Project.java 2 Jan 2003 13:32:23 -0000 1.57
+++ Project.java 3 Jan 2003 02:37:04 -0000 1.58
@@ -64,6 +64,7 @@
import org.apache.maven.verifier.RepoConfigException;
import org.apache.maven.verifier.UnsatisfiedDependencyException;
import org.apache.maven.verifier.DependencyVerifier;
+import org.apache.maven.verifier.ChecksumVerificationException;
import org.apache.maven.jelly.MavenJellyContext;
import org.apache.maven.jelly.JellyUtils;
import org.apache.tools.ant.types.Path;
@@ -1151,7 +1152,9 @@
* @throws UnsatisfiedDependencyException If an error occurs due to missing exceptions.
*/
public void verifyDependencies()
- throws RepoConfigException, UnsatisfiedDependencyException
+ throws RepoConfigException,
+ UnsatisfiedDependencyException,
+ ChecksumVerificationException
{
// Only attempt to verify the dependencies if a project.xml file exists.
if ( getFile() != null )
1.17 +75 -1 jakarta-turbine-maven/src/java/org/apache/maven/repository/AbstractArtifact.java
Index: AbstractArtifact.java
===================================================================
RCS file: /home/cvs/jakarta-turbine-maven/src/java/org/apache/maven/repository/AbstractArtifact.java,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -r1.16 -r1.17
--- AbstractArtifact.java 31 Dec 2002 07:03:56 -0000 1.16
+++ AbstractArtifact.java 3 Jan 2003 02:37:04 -0000 1.17
@@ -57,9 +57,14 @@
*/
import org.apache.maven.MavenConstants;
+import org.apache.maven.MavenUtils;
+import org.apache.maven.verifier.ChecksumVerificationException;
+import org.apache.maven.util.MD5Sum;
import org.apache.maven.project.Dependency;
import java.io.File;
+import java.io.IOException;
+import java.io.FileInputStream;
/**
* Base class from which all artifact subclasses are derived.
@@ -173,5 +178,74 @@
public File getFile()
{
return new File( getPath() );
+ }
+
+ // ----------------------------------------------------------------------
+ // C H E C K S U M V E R I F I C A T I O N
+ // ----------------------------------------------------------------------
+
+ public void verify()
+ throws ChecksumVerificationException
+ {
+ File checksumFile = new File( getFile() + ".md5" );
+
+ // The central repository is not fully populated with md5
+ // checksum files yet so we'll be a little lax right now but
+ // hopefully in the future we can differentiate or specify
+ // repositories whose artifacts must undergo verification.
+ if ( checksumFile.exists() == false )
+ {
+ return;
+ }
+
+ String actualChecksum = null;
+ MD5Sum md5 = null;
+
+ try
+ {
+ md5 = new MD5Sum();
+ md5.setFile( getFile() );
+ md5.execute();
+
+ actualChecksum = fileRead( checksumFile );
+ actualChecksum = actualChecksum.substring( 0, actualChecksum.length() - 1 );
+ }
+ catch ( Exception e )
+ {
+ return;
+ }
+
+ System.out.println( "'" + actualChecksum + "'" );
+ System.out.println( "'" + md5.getChecksum() + "'" );
+
+ if ( actualChecksum.equals( md5.getChecksum() ) == false )
+ {
+ throw new ChecksumVerificationException(
+ MavenUtils.getMessage( "checksum.verification.error", getPath() ) );
+ }
+ }
+
+ /**
+ * Reads the contents of a file.
+ *
+ * @param file The name of the file to read.
+ * @return The file contents or null if read failed.
+ */
+ String fileRead( File file ) throws IOException
+ {
+ StringBuffer buf = new StringBuffer();
+
+ FileInputStream in = new FileInputStream( file );
+
+ int count;
+ byte[] b = new byte[512];
+ while ( ( count = in.read( b ) ) > 0 ) // blocking read
+ {
+ buf.append( new String( b, 0, count ) );
+ }
+
+ in.close();
+
+ return buf.toString();
}
}
1.16 +8 -1 jakarta-turbine-maven/src/java/org/apache/maven/repository/Artifact.java
Index: Artifact.java
===================================================================
RCS file: /home/cvs/jakarta-turbine-maven/src/java/org/apache/maven/repository/Artifact.java,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -r1.15 -r1.16
--- Artifact.java 31 Dec 2002 07:04:05 -0000 1.15
+++ Artifact.java 3 Jan 2003 02:37:04 -0000 1.16
@@ -57,6 +57,7 @@
*/
import org.apache.maven.project.Dependency;
+import org.apache.maven.verifier.ChecksumVerificationException;
import java.io.File;
@@ -148,4 +149,10 @@
* @return The location of the artifact in the local file system.
*/
File getFile();
+
+ /**
+ * Verify the artifact.
+ */
+ void verify()
+ throws ChecksumVerificationException;
}
1.18 +61 -0 jakarta-turbine-maven/src/java/org/apache/maven/util/HttpUtils.java
Index: HttpUtils.java
===================================================================
RCS file: /home/cvs/jakarta-turbine-maven/src/java/org/apache/maven/util/HttpUtils.java,v
retrieving revision 1.17
retrieving revision 1.18
diff -u -r1.17 -r1.18
--- HttpUtils.java 31 Dec 2002 07:04:45 -0000 1.17
+++ HttpUtils.java 3 Jan 2003 02:37:04 -0000 1.18
@@ -118,6 +118,67 @@
/**
* Retrieve a remote file. Returns true if the file was successfully
* retrieved or if it is up to date (when the useTimestamp flag is set).
+ *
+ * @param url the of the file to retrieve
+ * @param destinationFile where to store it
+ * @param file <strong>doesn't appear to be used</strong>
+ * @param ignoreErrors whether to ignore errors during I/O or throw an
+ * exception when they happen
+ * @param useTimestamp whether to check the modified timestamp on the
+ * <code>destinationFile</code> against the remote <code>source</code>
+ * @param proxyHost Proxy Host (if proxy is required), or null
+ * @param proxyPort Proxy Port (if proxy is required), or null
+ * @param proxyUserName Proxy Username (if authentification is required),
+ * or null.
+ * @param proxyPassword Proxy Password (if authentification is required),
+ * or null.
+ * @param useChecksum Flag to indicate the use of the checksum for the retrieved
+ * artifact if it is available.
+ */
+ public static void getFile( String url,
+ File destinationFile,
+ String file,
+ boolean ignoreErrors,
+ boolean useTimestamp,
+ String proxyHost,
+ String proxyPort,
+ String proxyUserName,
+ String proxyPassword,
+ boolean useChecksum )
+ {
+ // Get the requested file.
+ getFile( url,
+ destinationFile,
+ file,
+ ignoreErrors,
+ useTimestamp,
+ proxyHost,
+ proxyPort,
+ proxyUserName,
+ proxyPassword );
+
+ // Get the checksum if requested.
+ if ( useChecksum )
+ {
+ File checksumFile = new File( destinationFile + ".md5" );
+
+ getFile( url + ".md5",
+ checksumFile,
+ file + ".md5",
+ ignoreErrors,
+ useTimestamp,
+ proxyHost,
+ proxyPort,
+ proxyUserName,
+ proxyPassword );
+ }
+ }
+
+
+ /**
+ * Retrieve a remote file. Returns true if the file was successfully
+ * retrieved or if it is up to date (when the useTimestamp flag is set).
+ *
* @param url the of the file to retrieve
* @param destinationFile where to store it
* @param file <strong>doesn't appear to be used</strong>
1.8 +2 -2 jakarta-turbine-maven/src/java/org/apache/maven/util/MD5Sum.java
Index: MD5Sum.java
===================================================================
RCS file: /home/cvs/jakarta-turbine-maven/src/java/org/apache/maven/util/MD5Sum.java,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- MD5Sum.java 31 Dec 2002 07:04:49 -0000 1.7
+++ MD5Sum.java 3 Jan 2003 02:37:04 -0000 1.8
@@ -184,7 +184,7 @@
public void execute()
throws Exception
{
- if ( !file.exists() )
+ if ( file.exists() == false )
{
System.err.println( "Specified file " + file + " doesn't exist." );
}
1.13 +61 -22 jakarta-turbine-maven/src/java/org/apache/maven/verifier/DependencyVerifier.java
Index: DependencyVerifier.java
===================================================================
RCS file: /home/cvs/jakarta-turbine-maven/src/java/org/apache/maven/verifier/DependencyVerifier.java,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -r1.12 -r1.13
--- DependencyVerifier.java 1 Jan 2003 02:58:55 -0000 1.12
+++ DependencyVerifier.java 3 Jan 2003 02:37:05 -0000 1.13
@@ -111,10 +111,14 @@
* @throws UnsatisfiedDependencyException If there are unsatisfied dependencies.
*/
public void verify()
- throws RepoConfigException, UnsatisfiedDependencyException
+ throws RepoConfigException,
+ UnsatisfiedDependencyException,
+ ChecksumVerificationException
+
{
localRepositoryVerifier.verifyLocalRepository();
- verifyDependencies();
+ satisfyDependencies();
+ //verifyDependencies();
}
/**
@@ -135,7 +139,7 @@
*
* @throws UnsatisfiedDependencyException If there are unsatisfied dependencies.
*/
- private void verifyDependencies()
+ private void satisfyDependencies()
throws UnsatisfiedDependencyException
{
// Is the remote repository enabled?
@@ -231,6 +235,14 @@
}
/**
+ * Rules for verifying the checksum.
+ *
+ * We attempt to download artifacts and their accompanying md5 checksum
+ * files.
+ */
+
+
+ /**
* Try and retrieve the dependencies from the remote repository in
* order to satisfy the dependencies of the project.
*/
@@ -252,7 +264,7 @@
System.out.println( getMessage( "download.message", artifact.getName() ) );
- if ( getRemoteFile( artifact.getUrlPath(), artifact.getFile() ) )
+ if ( getRemoteArtifact( artifact ) )
{
// The dependency has been successfully downloaded so lets remove
// it from the failed dependency list.
@@ -269,35 +281,62 @@
/**
* Retrieve a <code>remoteFile</code> from the maven remote repositories
* and store it at <code>localFile</code>
- * @param remoteFile the file name to retrieve from the repositories
- * @param localFile the file name to store the remote file locally
- * @return true if the retrieval succeeds, false otherwise
+ * @param artifact the artifact to retrieve from the repositories.
+ * @return true if the retrieval succeeds, false otherwise.
*/
- private boolean getRemoteFile( String remoteFile, File localFile )
+ private boolean getRemoteArtifact( Artifact artifact )
{
for ( Iterator i = getProject().getContext().getMavenRepoRemote().iterator(); i.hasNext(); )
{
String remoteRepo = (String) i.next();
+
// The username and password parameters are not being
// used here. Those are the "" parameters you see below.
- String url = remoteRepo + "/" + remoteFile;
+ String url = remoteRepo + "/" + artifact.getUrlPath();
url = StringUtils.replace( url, "//", "/" );
url = StringUtils.replace( url, "http:/", "http://" );
- boolean gotFile = HttpUtils.getFile( url,
- localFile,
- url,
- ignoreErrors,
- useTimestamp,
- getProject().getContext().getProxyHost(),
- getProject().getContext().getProxyPort(),
- getProject().getContext().getProxyUserName(),
- getProject().getContext().getProxyPassword() );
- if ( gotFile )
+
+ // Attempt to retrieve the artifact and set the checksum if retrieval
+ // of the checksum file was successful.
+ try
{
- return true;
+ HttpUtils.getFile( url,
+ artifact.getFile(),
+ url,
+ ignoreErrors,
+ useTimestamp,
+ getProject().getContext().getProxyHost(),
+ getProject().getContext().getProxyPort(),
+ getProject().getContext().getProxyUserName(),
+ getProject().getContext().getProxyPassword(),
+ true );
+ }
+ catch ( Exception e )
+ {
+ return false;
}
}
- return false;
+ return true;
+ }
+
+ // ----------------------------------------------------------------------
+ // V E R I F I C A T I O N
+ // ----------------------------------------------------------------------
+
+ /**
+ * Verify each of the artifacts if an md5 checksum is available.
+ *
+ * @throws ChecksumVerificationException If we encounter an artifact that
+ * is corrupted.
+ */
+ private void verifyDependencies()
+ throws ChecksumVerificationException
+ {
+ for ( Iterator i = getProject().getArtifacts().iterator(); i.hasNext(); )
+ {
+ Artifact artifact = (Artifact) i.next();
+ artifact.verify();
+ }
}
}
1.1 jakarta-turbine-maven/src/java/org/apache/maven/verifier/ChecksumVerificationException.java
Index: ChecksumVerificationException.java
===================================================================
package org.apache.maven.verifier;
/* ====================================================================
* The Apache Software License, Version 1.1
*
* Copyright (c) 2001 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The end-user documentation included with the redistribution,
* if any, must include the following acknowledgment:
* "This product includes software developed by the
* Apache Software Foundation (http://www.apache.org/)."
* Alternately, this acknowledgment may appear in the software itself,
* if and wherever such third-party acknowledgments normally appear.
*
* 4. The names "Apache" and "Apache Software Foundation" and
* "Apache MavenSession" must not be used to endorse or promote products
* derived from this software without prior written permission. For
* written permission, please contact apache@apache.org.
*
* 5. Products derived from this software may not be called "Apache",
* "Apache MavenSession", nor may "Apache" appear in their name, without
* prior written permission of the Apache Software Foundation.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*
* ====================================================================
*/
import org.apache.maven.MavenException;
/**
* Specialized artifact corruption exception.
*
* @author <a href="jason@zenplex.com">Jason van Zyl</a>
*
* @version $Id: ChecksumVerificationException.java,v 1.1 2003/01/03 02:37:05 jvanzyl Exp $
*/
public class ChecksumVerificationException
extends MavenException
{
/**
* Constructs an ChecksumVerificationException with the specified detail message.
* @param message Detailed message.
*/
public ChecksumVerificationException( String message )
{
super( message );
}
}