[ 
https://issues.apache.org/jira/browse/MRM-1926?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Maik F. updated MRM-1926:
-------------------------
    Description: 
When downloading files from a remote repository, in numerous cases Archiva 
stores invalid checksum files (sha1|md5) in its local repository. The 
respective files are usually identical copies of the artifact's POM file.

*Reproduction of error*
Prerequisites:
* Downloaded/unpacked/started packaged (zip) Archiva 2.2.1
* Configured archiva as local maven mirror

mvn compile
    .
    .
    .
    Downloading: 
http://localhost:8080/repository/internal/org/apache/maven/plugins/maven-plugins/28/maven-plugins-28.pom
    [WARNING] Checksum validation failed, expected <?xml but is 
ad21477ba223c7e4360600db11d6115344065d85 for 
http://localhost:8080/repository/internal/org/apache/maven/plugins/maven-plugins/28/maven-plugins-28.pom
    [WARNING] Could not validate integrity of download from 
http://localhost:8080/repository/internal/org/apache/maven/plugins/maven-plugins/28/maven-plugins-28.pom:
 Checksum validation failed, expected <?xml but is 
ad21477ba223c7e4360600db11d6115344065d85
    [WARNING] Checksum validation failed, expected <?xml but is 
ad21477ba223c7e4360600db11d6115344065d85 for 
http://localhost:8080/repository/internal/org/apache/maven/plugins/maven-plugins/28/maven-plugins-28.pom

When checking the filesystem of archiva local repository upon artifact 
download, it is immediately obvious that the *.[md5|sha1] files are invalid:

usr@pc:~/Downloads/apache-archiva-2.2.1/repositories/internal/org/apache/maven/plugins/maven-plugins/28$
 ll
    total 68
    drwxr-xr-x 2 maik maik  4096 Sep 21 15:48 ./
    drwxr-xr-x 5 maik maik  4096 Sep 21 15:48 ../
    -rw-r--r-- 1 maik maik 12031 Sep 21 15:48 maven-plugins-28.pom
    -rw-r--r-- 1 maik maik 12031 Sep 21 15:48 maven-plugins-28.pom.md5
    -rw-r--r-- 1 maik maik 12031 Sep 21 15:48 maven-plugins-28.pom.sha1
    
usr@pc:~/Downloads/apache-archiva-2.2.1/repositories/internal/org/apache/maven/plugins/maven-plugins/28$
 head -n 4 maven-plugins-28.pom.sha1
    <?xml version='1.0' encoding='UTF-8'?>
    <!--
    Licensed to the Apache Software Foundation (ASF) under one
    or more contributor license agreements.  See the NOTICE file

archiva.log shows no errors regarding the artifact in question.  Checking the 
source repository (maven central -> 
http://central.maven.org/maven2/org/apache/maven/plugins/maven-plugins/28/) 
shows that the original sha1/md5 files are ok.

This issue has been posted on StackOverflow (see external issue URL) using a 
more sophisticated configuration.

  was:
When downloading files from a remote repository, in numerous cases Archiva 
stores invalid checksum files (sha1|md5) in its local repository. The 
respective files are usually identical copies of the artifact's POM file.

Reproduction of error
Prerequisites:
* Downloaded/unpacked/started packaged (zip) Archiva 2.2.1
* Configured archiva as local maven mirror

mvn compile
    .
    .
    .
    Downloading: 
http://localhost:8080/repository/internal/org/apache/maven/plugins/maven-plugins/28/maven-plugins-28.pom
    [WARNING] Checksum validation failed, expected <?xml but is 
ad21477ba223c7e4360600db11d6115344065d85 for 
http://localhost:8080/repository/internal/org/apache/maven/plugins/maven-plugins/28/maven-plugins-28.pom
    [WARNING] Could not validate integrity of download from 
http://localhost:8080/repository/internal/org/apache/maven/plugins/maven-plugins/28/maven-plugins-28.pom:
 Checksum validation failed, expected <?xml but is 
ad21477ba223c7e4360600db11d6115344065d85
    [WARNING] Checksum validation failed, expected <?xml but is 
ad21477ba223c7e4360600db11d6115344065d85 for 
http://localhost:8080/repository/internal/org/apache/maven/plugins/maven-plugins/28/maven-plugins-28.pom

When checking the filesystem of archiva local repository upon artifact 
download, it is immediately obvious that the *.[md5|sha1] files are invalid:

usr@pc:~/Downloads/apache-archiva-2.2.1/repositories/internal/org/apache/maven/plugins/maven-plugins/28$
 ll
    total 68
    drwxr-xr-x 2 maik maik  4096 Sep 21 15:48 ./
    drwxr-xr-x 5 maik maik  4096 Sep 21 15:48 ../
    -rw-r--r-- 1 maik maik 12031 Sep 21 15:48 maven-plugins-28.pom
    -rw-r--r-- 1 maik maik 12031 Sep 21 15:48 maven-plugins-28.pom.md5
    -rw-r--r-- 1 maik maik 12031 Sep 21 15:48 maven-plugins-28.pom.sha1
    
usr@pc:~/Downloads/apache-archiva-2.2.1/repositories/internal/org/apache/maven/plugins/maven-plugins/28$
 head -n 4 maven-plugins-28.pom.sha1
    <?xml version='1.0' encoding='UTF-8'?>
    <!--
    Licensed to the Apache Software Foundation (ASF) under one
    or more contributor license agreements.  See the NOTICE file

archiva.log shows no errors regarding the artifact in question.  Checking the 
source repository (maven central -> 
http://central.maven.org/maven2/org/apache/maven/plugins/maven-plugins/28/) 
shows that the original sha1/md5 files are ok.

This issue has been posted on StackOverflow (see external issue URL) using a 
more sophisticated configuration.


> Invalid checksum files in Archiva repository after download from remote 
> repository
> ----------------------------------------------------------------------------------
>
>                 Key: MRM-1926
>                 URL: https://issues.apache.org/jira/browse/MRM-1926
>             Project: Archiva
>          Issue Type: Bug
>          Components: system
>    Affects Versions: 2.2.1
>         Environment: Ubuntu Linux 16.04 LTS x64; Ubuntu Linux 15.10 x64; 
> CentOS 7.2 x64; JDK 1.8
>            Reporter: Maik F.
>
> When downloading files from a remote repository, in numerous cases Archiva 
> stores invalid checksum files (sha1|md5) in its local repository. The 
> respective files are usually identical copies of the artifact's POM file.
> *Reproduction of error*
> Prerequisites:
> * Downloaded/unpacked/started packaged (zip) Archiva 2.2.1
> * Configured archiva as local maven mirror
> mvn compile
>     .
>     .
>     .
>     Downloading: 
> http://localhost:8080/repository/internal/org/apache/maven/plugins/maven-plugins/28/maven-plugins-28.pom
>     [WARNING] Checksum validation failed, expected <?xml but is 
> ad21477ba223c7e4360600db11d6115344065d85 for 
> http://localhost:8080/repository/internal/org/apache/maven/plugins/maven-plugins/28/maven-plugins-28.pom
>     [WARNING] Could not validate integrity of download from 
> http://localhost:8080/repository/internal/org/apache/maven/plugins/maven-plugins/28/maven-plugins-28.pom:
>  Checksum validation failed, expected <?xml but is 
> ad21477ba223c7e4360600db11d6115344065d85
>     [WARNING] Checksum validation failed, expected <?xml but is 
> ad21477ba223c7e4360600db11d6115344065d85 for 
> http://localhost:8080/repository/internal/org/apache/maven/plugins/maven-plugins/28/maven-plugins-28.pom
> When checking the filesystem of archiva local repository upon artifact 
> download, it is immediately obvious that the *.[md5|sha1] files are invalid:
> usr@pc:~/Downloads/apache-archiva-2.2.1/repositories/internal/org/apache/maven/plugins/maven-plugins/28$
>  ll
>     total 68
>     drwxr-xr-x 2 maik maik  4096 Sep 21 15:48 ./
>     drwxr-xr-x 5 maik maik  4096 Sep 21 15:48 ../
>     -rw-r--r-- 1 maik maik 12031 Sep 21 15:48 maven-plugins-28.pom
>     -rw-r--r-- 1 maik maik 12031 Sep 21 15:48 maven-plugins-28.pom.md5
>     -rw-r--r-- 1 maik maik 12031 Sep 21 15:48 maven-plugins-28.pom.sha1
>     
> usr@pc:~/Downloads/apache-archiva-2.2.1/repositories/internal/org/apache/maven/plugins/maven-plugins/28$
>  head -n 4 maven-plugins-28.pom.sha1
>     <?xml version='1.0' encoding='UTF-8'?>
>     <!--
>     Licensed to the Apache Software Foundation (ASF) under one
>     or more contributor license agreements.  See the NOTICE file
> archiva.log shows no errors regarding the artifact in question.  Checking the 
> source repository (maven central -> 
> http://central.maven.org/maven2/org/apache/maven/plugins/maven-plugins/28/) 
> shows that the original sha1/md5 files are ok.
> This issue has been posted on StackOverflow (see external issue URL) using a 
> more sophisticated configuration.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to