[ 
https://issues.apache.org/jira/browse/MRM-1926?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Maik F. updated MRM-1926:
-------------------------
    Description: 
When downloading files from a remote repository, in numerous cases Archiva 
stores invalid checksum files (sha1|md5) in its local repository. The 
respective files are usually identical copies of the artifact's POM file.

*Reproduction of error*
Prerequisites:
* Downloaded/unpacked/started packaged (zip) Archiva 2.2.1
* Configured archiva as local maven mirror

{code}
mvn compile
    .
    .
    .
Downloading: 
http://localhost:8080/repository/internal/org/apache/maven/plugins/maven-plugins/28/maven-plugins-28.pom
[WARNING] Checksum validation failed, expected <?xml but is 
ad21477ba223c7e4360600db11d6115344065d85 for 
http://localhost:8080/repository/internal/org/apache/maven/plugins/maven-plugins/28/maven-plugins-28.pom
[WARNING] Could not validate integrity of download from 
http://localhost:8080/repository/internal/org/apache/maven/plugins/maven-plugins/28/maven-plugins-28.pom:
 Checksum validation failed, expected <?xml but is 
ad21477ba223c7e4360600db11d6115344065d85
[WARNING] Checksum validation failed, expected <?xml but is 
ad21477ba223c7e4360600db11d6115344065d85 for 
http://localhost:8080/repository/internal/org/apache/maven/plugins/maven-plugins/28/maven-plugins-28.pom
{code}

When checking the filesystem of archiva local repository upon artifact 
download, it is immediately obvious that the *.[md5|sha1] files are invalid:

{code}
maik@tpx1:~/Downloads/apache-archiva-2.2.1/repositories/internal/org/apache/maven/plugins/maven-plugins/28$
 ll
total 68
drwxr-xr-x 2 maik maik  4096 Sep 21 15:48 ./
drwxr-xr-x 5 maik maik  4096 Sep 21 15:48 ../
-rw-r--r-- 1 maik maik 12031 Sep 21 15:48 maven-plugins-28.pom
-rw-r--r-- 1 maik maik 12031 Sep 21 15:48 maven-plugins-28.pom.md5
-rw-r--r-- 1 maik maik 12031 Sep 21 15:48 maven-plugins-28.pom.sha1
maik@tpx1:~/Downloads/apache-archiva-2.2.1/repositories/internal/org/apache/maven/plugins/maven-plugins/28$
 head -n 4 maven-plugins-28.pom.sha1
<?xml version='1.0' encoding='UTF-8'?>
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements.  See the NOTICE file
{code}

archiva.log shows no errors regarding the artifact in question.  Checking the 
source repository (maven central -> 
http://central.maven.org/maven2/org/apache/maven/plugins/maven-plugins/28/) 
shows that the original sha1/md5 files are ok.

This issue has been posted on StackOverflow (see external issue URL) using a 
more sophisticated configuration.

  was:
When downloading files from a remote repository, in numerous cases Archiva 
stores invalid checksum files (sha1|md5) in its local repository. The 
respective files are usually identical copies of the artifact's POM file.

*Reproduction of error*
Prerequisites:
* Downloaded/unpacked/started packaged (zip) Archiva 2.2.1
* Configured archiva as local maven mirror

{code}
mvn compile
    .
    .
    .
Downloading: 
http://localhost:8080/repository/internal/org/apache/maven/plugins/maven-plugins/28/maven-plugins-28.pom
[WARNING] Checksum validation failed, expected <?xml but is 
ad21477ba223c7e4360600db11d6115344065d85 for 
http://localhost:8080/repository/internal/org/apache/maven/plugins/maven-plugins/28/maven-plugins-28.pom
[WARNING] Could not validate integrity of download from 
http://localhost:8080/repository/internal/org/apache/maven/plugins/maven-plugins/28/maven-plugins-28.pom:
 Checksum validation failed, expected <?xml but is 
ad21477ba223c7e4360600db11d6115344065d85
[WARNING] Checksum validation failed, expected <?xml but is 
ad21477ba223c7e4360600db11d6115344065d85 for 
http://localhost:8080/repository/internal/org/apache/maven/plugins/maven-plugins/28/maven-plugins-28.pom
{code}

When checking the filesystem of archiva local repository upon artifact 
download, it is immediately obvious that the *.[md5|sha1] files are invalid:

{code}
maik@tpx1:~/Downloads/apache-archiva-2.2.1/repositories/internal/org/apache/maven/plugins/maven-plugins/28$
 ll
total 68
drwxr-xr-x 2 maik maik  4096 Sep 21 15:48 ./
drwxr-xr-x 5 maik maik  4096 Sep 21 15:48 ../
-rw-r--r-- 1 maik maik 12031 Sep 21 15:48 maven-plugins-28.pom
-rw-r--r-- 1 maik maik 12031 Sep 21 15:48 maven-plugins-28.pom.md5
-rw-r--r-- 1 maik maik 12031 Sep 21 15:48 maven-plugins-28.pom.sha1
usr@pc:~/Downloads/apache-archiva-2.2.1/repositories/internal/org/apache/maven/plugins/maven-plugins/28$
 head -n 4 maven-plugins-28.pom.sha1
<?xml version='1.0' encoding='UTF-8'?>
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements.  See the NOTICE file
{code}

archiva.log shows no errors regarding the artifact in question.  Checking the 
source repository (maven central -> 
http://central.maven.org/maven2/org/apache/maven/plugins/maven-plugins/28/) 
shows that the original sha1/md5 files are ok.

This issue has been posted on StackOverflow (see external issue URL) using a 
more sophisticated configuration.


> Invalid checksum files in Archiva repository after download from remote 
> repository
> ----------------------------------------------------------------------------------
>
>                 Key: MRM-1926
>                 URL: https://issues.apache.org/jira/browse/MRM-1926
>             Project: Archiva
>          Issue Type: Bug
>          Components: system
>    Affects Versions: 2.2.1
>         Environment: Ubuntu Linux 16.04 LTS x64; Ubuntu Linux 15.10 x64; 
> CentOS 7.2 x64; JDK 1.8
>            Reporter: Maik F.
>
> When downloading files from a remote repository, in numerous cases Archiva 
> stores invalid checksum files (sha1|md5) in its local repository. The 
> respective files are usually identical copies of the artifact's POM file.
> *Reproduction of error*
> Prerequisites:
> * Downloaded/unpacked/started packaged (zip) Archiva 2.2.1
> * Configured archiva as local maven mirror
> {code}
> mvn compile
>     .
>     .
>     .
> Downloading: 
> http://localhost:8080/repository/internal/org/apache/maven/plugins/maven-plugins/28/maven-plugins-28.pom
> [WARNING] Checksum validation failed, expected <?xml but is 
> ad21477ba223c7e4360600db11d6115344065d85 for 
> http://localhost:8080/repository/internal/org/apache/maven/plugins/maven-plugins/28/maven-plugins-28.pom
> [WARNING] Could not validate integrity of download from 
> http://localhost:8080/repository/internal/org/apache/maven/plugins/maven-plugins/28/maven-plugins-28.pom:
>  Checksum validation failed, expected <?xml but is 
> ad21477ba223c7e4360600db11d6115344065d85
> [WARNING] Checksum validation failed, expected <?xml but is 
> ad21477ba223c7e4360600db11d6115344065d85 for 
> http://localhost:8080/repository/internal/org/apache/maven/plugins/maven-plugins/28/maven-plugins-28.pom
> {code}
> When checking the filesystem of archiva local repository upon artifact 
> download, it is immediately obvious that the *.[md5|sha1] files are invalid:
> {code}
> maik@tpx1:~/Downloads/apache-archiva-2.2.1/repositories/internal/org/apache/maven/plugins/maven-plugins/28$
>  ll
> total 68
> drwxr-xr-x 2 maik maik  4096 Sep 21 15:48 ./
> drwxr-xr-x 5 maik maik  4096 Sep 21 15:48 ../
> -rw-r--r-- 1 maik maik 12031 Sep 21 15:48 maven-plugins-28.pom
> -rw-r--r-- 1 maik maik 12031 Sep 21 15:48 maven-plugins-28.pom.md5
> -rw-r--r-- 1 maik maik 12031 Sep 21 15:48 maven-plugins-28.pom.sha1
> maik@tpx1:~/Downloads/apache-archiva-2.2.1/repositories/internal/org/apache/maven/plugins/maven-plugins/28$
>  head -n 4 maven-plugins-28.pom.sha1
> <?xml version='1.0' encoding='UTF-8'?>
> <!--
> Licensed to the Apache Software Foundation (ASF) under one
> or more contributor license agreements.  See the NOTICE file
> {code}
> archiva.log shows no errors regarding the artifact in question.  Checking the 
> source repository (maven central -> 
> http://central.maven.org/maven2/org/apache/maven/plugins/maven-plugins/28/) 
> shows that the original sha1/md5 files are ok.
> This issue has been posted on StackOverflow (see external issue URL) using a 
> more sophisticated configuration.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to