[ https://issues.apache.org/jira/browse/MRM-1926?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Maik F. updated MRM-1926: ------------------------- Description: When downloading files from a remote repository, in numerous cases Archiva stores invalid checksum files (sha1|md5) in its local repository. The respective files are usually identical copies of the artifact's POM file. *Reproduction of error* Prerequisites: * Downloaded/unpacked/started packaged (zip) Archiva 2.2.1 * Configured archiva as local maven mirror {code} mvn compile . . . Downloading: http://localhost:8080/repository/internal/org/apache/maven/plugins/maven-plugins/28/maven-plugins-28.pom [WARNING] Checksum validation failed, expected <?xml but is ad21477ba223c7e4360600db11d6115344065d85 for http://localhost:8080/repository/internal/org/apache/maven/plugins/maven-plugins/28/maven-plugins-28.pom [WARNING] Could not validate integrity of download from http://localhost:8080/repository/internal/org/apache/maven/plugins/maven-plugins/28/maven-plugins-28.pom: Checksum validation failed, expected <?xml but is ad21477ba223c7e4360600db11d6115344065d85 [WARNING] Checksum validation failed, expected <?xml but is ad21477ba223c7e4360600db11d6115344065d85 for http://localhost:8080/repository/internal/org/apache/maven/plugins/maven-plugins/28/maven-plugins-28.pom {code} When checking the filesystem of archiva local repository upon artifact download, it is immediately obvious that the *.[md5|sha1] files are invalid: {code} maik@tpx1:~/Downloads/apache-archiva-2.2.1/repositories/internal/org/apache/maven/plugins/maven-plugins/28$ ll total 68 drwxr-xr-x 2 maik maik 4096 Sep 21 15:48 ./ drwxr-xr-x 5 maik maik 4096 Sep 21 15:48 ../ -rw-r--r-- 1 maik maik 12031 Sep 21 15:48 maven-plugins-28.pom -rw-r--r-- 1 maik maik 12031 Sep 21 15:48 maven-plugins-28.pom.md5 -rw-r--r-- 1 maik maik 12031 Sep 21 15:48 maven-plugins-28.pom.sha1 usr@pc:~/Downloads/apache-archiva-2.2.1/repositories/internal/org/apache/maven/plugins/maven-plugins/28$ head -n 4 maven-plugins-28.pom.sha1 <?xml version='1.0' encoding='UTF-8'?> <!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file {code} archiva.log shows no errors regarding the artifact in question. Checking the source repository (maven central -> http://central.maven.org/maven2/org/apache/maven/plugins/maven-plugins/28/) shows that the original sha1/md5 files are ok. This issue has been posted on StackOverflow (see external issue URL) using a more sophisticated configuration. was: When downloading files from a remote repository, in numerous cases Archiva stores invalid checksum files (sha1|md5) in its local repository. The respective files are usually identical copies of the artifact's POM file. *Reproduction of error* Prerequisites: * Downloaded/unpacked/started packaged (zip) Archiva 2.2.1 * Configured archiva as local maven mirror {code} mvn compile . . . Downloading: http://localhost:8080/repository/internal/org/apache/maven/plugins/maven-plugins/28/maven-plugins-28.pom [WARNING] Checksum validation failed, expected <?xml but is ad21477ba223c7e4360600db11d6115344065d85 for http://localhost:8080/repository/internal/org/apache/maven/plugins/maven-plugins/28/maven-plugins-28.pom [WARNING] Could not validate integrity of download from http://localhost:8080/repository/internal/org/apache/maven/plugins/maven-plugins/28/maven-plugins-28.pom: Checksum validation failed, expected <?xml but is ad21477ba223c7e4360600db11d6115344065d85 [WARNING] Checksum validation failed, expected <?xml but is ad21477ba223c7e4360600db11d6115344065d85 for http://localhost:8080/repository/internal/org/apache/maven/plugins/maven-plugins/28/maven-plugins-28.pom {code} When checking the filesystem of archiva local repository upon artifact download, it is immediately obvious that the *.[md5|sha1] files are invalid: usr@pc:~/Downloads/apache-archiva-2.2.1/repositories/internal/org/apache/maven/plugins/maven-plugins/28$ ll total 68 drwxr-xr-x 2 maik maik 4096 Sep 21 15:48 ./ drwxr-xr-x 5 maik maik 4096 Sep 21 15:48 ../ -rw-r--r-- 1 maik maik 12031 Sep 21 15:48 maven-plugins-28.pom -rw-r--r-- 1 maik maik 12031 Sep 21 15:48 maven-plugins-28.pom.md5 -rw-r--r-- 1 maik maik 12031 Sep 21 15:48 maven-plugins-28.pom.sha1 usr@pc:~/Downloads/apache-archiva-2.2.1/repositories/internal/org/apache/maven/plugins/maven-plugins/28$ head -n 4 maven-plugins-28.pom.sha1 <?xml version='1.0' encoding='UTF-8'?> <!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file archiva.log shows no errors regarding the artifact in question. Checking the source repository (maven central -> http://central.maven.org/maven2/org/apache/maven/plugins/maven-plugins/28/) shows that the original sha1/md5 files are ok. This issue has been posted on StackOverflow (see external issue URL) using a more sophisticated configuration. > Invalid checksum files in Archiva repository after download from remote > repository > ---------------------------------------------------------------------------------- > > Key: MRM-1926 > URL: https://issues.apache.org/jira/browse/MRM-1926 > Project: Archiva > Issue Type: Bug > Components: system > Affects Versions: 2.2.1 > Environment: Ubuntu Linux 16.04 LTS x64; Ubuntu Linux 15.10 x64; > CentOS 7.2 x64; JDK 1.8 > Reporter: Maik F. > > When downloading files from a remote repository, in numerous cases Archiva > stores invalid checksum files (sha1|md5) in its local repository. The > respective files are usually identical copies of the artifact's POM file. > *Reproduction of error* > Prerequisites: > * Downloaded/unpacked/started packaged (zip) Archiva 2.2.1 > * Configured archiva as local maven mirror > {code} > mvn compile > . > . > . > Downloading: > http://localhost:8080/repository/internal/org/apache/maven/plugins/maven-plugins/28/maven-plugins-28.pom > [WARNING] Checksum validation failed, expected <?xml but is > ad21477ba223c7e4360600db11d6115344065d85 for > http://localhost:8080/repository/internal/org/apache/maven/plugins/maven-plugins/28/maven-plugins-28.pom > [WARNING] Could not validate integrity of download from > http://localhost:8080/repository/internal/org/apache/maven/plugins/maven-plugins/28/maven-plugins-28.pom: > Checksum validation failed, expected <?xml but is > ad21477ba223c7e4360600db11d6115344065d85 > [WARNING] Checksum validation failed, expected <?xml but is > ad21477ba223c7e4360600db11d6115344065d85 for > http://localhost:8080/repository/internal/org/apache/maven/plugins/maven-plugins/28/maven-plugins-28.pom > {code} > When checking the filesystem of archiva local repository upon artifact > download, it is immediately obvious that the *.[md5|sha1] files are invalid: > {code} > maik@tpx1:~/Downloads/apache-archiva-2.2.1/repositories/internal/org/apache/maven/plugins/maven-plugins/28$ > ll > total 68 > drwxr-xr-x 2 maik maik 4096 Sep 21 15:48 ./ > drwxr-xr-x 5 maik maik 4096 Sep 21 15:48 ../ > -rw-r--r-- 1 maik maik 12031 Sep 21 15:48 maven-plugins-28.pom > -rw-r--r-- 1 maik maik 12031 Sep 21 15:48 maven-plugins-28.pom.md5 > -rw-r--r-- 1 maik maik 12031 Sep 21 15:48 maven-plugins-28.pom.sha1 > usr@pc:~/Downloads/apache-archiva-2.2.1/repositories/internal/org/apache/maven/plugins/maven-plugins/28$ > head -n 4 maven-plugins-28.pom.sha1 > <?xml version='1.0' encoding='UTF-8'?> > <!-- > Licensed to the Apache Software Foundation (ASF) under one > or more contributor license agreements. See the NOTICE file > {code} > archiva.log shows no errors regarding the artifact in question. Checking the > source repository (maven central -> > http://central.maven.org/maven2/org/apache/maven/plugins/maven-plugins/28/) > shows that the original sha1/md5 files are ok. > This issue has been posted on StackOverflow (see external issue URL) using a > more sophisticated configuration. -- This message was sent by Atlassian JIRA (v6.3.4#6332)