[
https://issues.apache.org/jira/browse/MRM-1926?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Maik F. updated MRM-1926:
-------------------------
Description:
When downloading files from a remote repository, in numerous cases Archiva
stores invalid checksum files (sha1|md5) in its local repository. The
respective files are usually identical copies of the artifact's POM file.
*Reproduction of error*
Prerequisites:
* Downloaded/unpacked/started packaged (zip) Archiva 2.2.1
* Configured archiva as local maven mirror
{code}
mvn compile
.
.
.
Downloading:
http://localhost:8080/repository/internal/org/apache/maven/plugins/maven-plugins/28/maven-plugins-28.pom
[WARNING] Checksum validation failed, expected <?xml but is
ad21477ba223c7e4360600db11d6115344065d85 for
http://localhost:8080/repository/internal/org/apache/maven/plugins/maven-plugins/28/maven-plugins-28.pom
[WARNING] Could not validate integrity of download from
http://localhost:8080/repository/internal/org/apache/maven/plugins/maven-plugins/28/maven-plugins-28.pom:
Checksum validation failed, expected <?xml but is
ad21477ba223c7e4360600db11d6115344065d85
[WARNING] Checksum validation failed, expected <?xml but is
ad21477ba223c7e4360600db11d6115344065d85 for
http://localhost:8080/repository/internal/org/apache/maven/plugins/maven-plugins/28/maven-plugins-28.pom
{code}
When checking the filesystem of archiva local repository upon artifact
download, it is immediately obvious that the *.[md5|sha1] files are invalid:
{code}
maik@tpx1:~/Downloads/apache-archiva-2.2.1/repositories/internal/org/apache/maven/plugins/maven-plugins/28$
ll
total 68
drwxr-xr-x 2 maik maik 4096 Sep 21 15:48 ./
drwxr-xr-x 5 maik maik 4096 Sep 21 15:48 ../
-rw-r--r-- 1 maik maik 12031 Sep 21 15:48 maven-plugins-28.pom
-rw-r--r-- 1 maik maik 12031 Sep 21 15:48 maven-plugins-28.pom.md5
-rw-r--r-- 1 maik maik 12031 Sep 21 15:48 maven-plugins-28.pom.sha1
maik@tpx1:~/Downloads/apache-archiva-2.2.1/repositories/internal/org/apache/maven/plugins/maven-plugins/28$
head -n 4 maven-plugins-28.pom.sha1
<?xml version='1.0' encoding='UTF-8'?>
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
{code}
archiva.log shows no errors regarding the artifact in question. Checking the
source repository (maven central ->
http://central.maven.org/maven2/org/apache/maven/plugins/maven-plugins/28/)
shows that the original sha1/md5 files are ok.
This issue has been posted on StackOverflow (see external issue URL) using a
more sophisticated configuration.
was:
When downloading files from a remote repository, in numerous cases Archiva
stores invalid checksum files (sha1|md5) in its local repository. The
respective files are usually identical copies of the artifact's POM file.
*Reproduction of error*
Prerequisites:
* Downloaded/unpacked/started packaged (zip) Archiva 2.2.1
* Configured archiva as local maven mirror
{code}
mvn compile
.
.
.
Downloading:
http://localhost:8080/repository/internal/org/apache/maven/plugins/maven-plugins/28/maven-plugins-28.pom
[WARNING] Checksum validation failed, expected <?xml but is
ad21477ba223c7e4360600db11d6115344065d85 for
http://localhost:8080/repository/internal/org/apache/maven/plugins/maven-plugins/28/maven-plugins-28.pom
[WARNING] Could not validate integrity of download from
http://localhost:8080/repository/internal/org/apache/maven/plugins/maven-plugins/28/maven-plugins-28.pom:
Checksum validation failed, expected <?xml but is
ad21477ba223c7e4360600db11d6115344065d85
[WARNING] Checksum validation failed, expected <?xml but is
ad21477ba223c7e4360600db11d6115344065d85 for
http://localhost:8080/repository/internal/org/apache/maven/plugins/maven-plugins/28/maven-plugins-28.pom
{code}
When checking the filesystem of archiva local repository upon artifact
download, it is immediately obvious that the *.[md5|sha1] files are invalid:
{code}
maik@tpx1:~/Downloads/apache-archiva-2.2.1/repositories/internal/org/apache/maven/plugins/maven-plugins/28$
ll
total 68
drwxr-xr-x 2 maik maik 4096 Sep 21 15:48 ./
drwxr-xr-x 5 maik maik 4096 Sep 21 15:48 ../
-rw-r--r-- 1 maik maik 12031 Sep 21 15:48 maven-plugins-28.pom
-rw-r--r-- 1 maik maik 12031 Sep 21 15:48 maven-plugins-28.pom.md5
-rw-r--r-- 1 maik maik 12031 Sep 21 15:48 maven-plugins-28.pom.sha1
usr@pc:~/Downloads/apache-archiva-2.2.1/repositories/internal/org/apache/maven/plugins/maven-plugins/28$
head -n 4 maven-plugins-28.pom.sha1
<?xml version='1.0' encoding='UTF-8'?>
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
{code}
archiva.log shows no errors regarding the artifact in question. Checking the
source repository (maven central ->
http://central.maven.org/maven2/org/apache/maven/plugins/maven-plugins/28/)
shows that the original sha1/md5 files are ok.
This issue has been posted on StackOverflow (see external issue URL) using a
more sophisticated configuration.
> Invalid checksum files in Archiva repository after download from remote
> repository
> ----------------------------------------------------------------------------------
>
> Key: MRM-1926
> URL: https://issues.apache.org/jira/browse/MRM-1926
> Project: Archiva
> Issue Type: Bug
> Components: system
> Affects Versions: 2.2.1
> Environment: Ubuntu Linux 16.04 LTS x64; Ubuntu Linux 15.10 x64;
> CentOS 7.2 x64; JDK 1.8
> Reporter: Maik F.
>
> When downloading files from a remote repository, in numerous cases Archiva
> stores invalid checksum files (sha1|md5) in its local repository. The
> respective files are usually identical copies of the artifact's POM file.
> *Reproduction of error*
> Prerequisites:
> * Downloaded/unpacked/started packaged (zip) Archiva 2.2.1
> * Configured archiva as local maven mirror
> {code}
> mvn compile
> .
> .
> .
> Downloading:
> http://localhost:8080/repository/internal/org/apache/maven/plugins/maven-plugins/28/maven-plugins-28.pom
> [WARNING] Checksum validation failed, expected <?xml but is
> ad21477ba223c7e4360600db11d6115344065d85 for
> http://localhost:8080/repository/internal/org/apache/maven/plugins/maven-plugins/28/maven-plugins-28.pom
> [WARNING] Could not validate integrity of download from
> http://localhost:8080/repository/internal/org/apache/maven/plugins/maven-plugins/28/maven-plugins-28.pom:
> Checksum validation failed, expected <?xml but is
> ad21477ba223c7e4360600db11d6115344065d85
> [WARNING] Checksum validation failed, expected <?xml but is
> ad21477ba223c7e4360600db11d6115344065d85 for
> http://localhost:8080/repository/internal/org/apache/maven/plugins/maven-plugins/28/maven-plugins-28.pom
> {code}
> When checking the filesystem of archiva local repository upon artifact
> download, it is immediately obvious that the *.[md5|sha1] files are invalid:
> {code}
> maik@tpx1:~/Downloads/apache-archiva-2.2.1/repositories/internal/org/apache/maven/plugins/maven-plugins/28$
> ll
> total 68
> drwxr-xr-x 2 maik maik 4096 Sep 21 15:48 ./
> drwxr-xr-x 5 maik maik 4096 Sep 21 15:48 ../
> -rw-r--r-- 1 maik maik 12031 Sep 21 15:48 maven-plugins-28.pom
> -rw-r--r-- 1 maik maik 12031 Sep 21 15:48 maven-plugins-28.pom.md5
> -rw-r--r-- 1 maik maik 12031 Sep 21 15:48 maven-plugins-28.pom.sha1
> maik@tpx1:~/Downloads/apache-archiva-2.2.1/repositories/internal/org/apache/maven/plugins/maven-plugins/28$
> head -n 4 maven-plugins-28.pom.sha1
> <?xml version='1.0' encoding='UTF-8'?>
> <!--
> Licensed to the Apache Software Foundation (ASF) under one
> or more contributor license agreements. See the NOTICE file
> {code}
> archiva.log shows no errors regarding the artifact in question. Checking the
> source repository (maven central ->
> http://central.maven.org/maven2/org/apache/maven/plugins/maven-plugins/28/)
> shows that the original sha1/md5 files are ok.
> This issue has been posted on StackOverflow (see external issue URL) using a
> more sophisticated configuration.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
