[
https://issues.apache.org/jira/browse/MRM-1926?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Martin Stockhammer reassigned MRM-1926:
---------------------------------------
Assignee: Martin Stockhammer
> Invalid checksum files in Archiva repository after download from remote
> repository
> ----------------------------------------------------------------------------------
>
> Key: MRM-1926
> URL: https://issues.apache.org/jira/browse/MRM-1926
> Project: Archiva
> Issue Type: Bug
> Components: system
> Affects Versions: 2.2.1
> Environment: Ubuntu Linux 16.04 LTS x64; Ubuntu Linux 15.10 x64;
> CentOS 7.2 x64; JDK 1.8
> Reporter: Maik F.
> Assignee: Martin Stockhammer
> Fix For: 2.2.2
>
>
> When downloading files from a remote repository, in numerous cases Archiva
> stores invalid checksum files (sha1|md5) in its local repository. Upon
> checking the remote repository, the checksum files are found to be valid. If
> that is the case, the invalid checksum files are usually identical copies of
> the artifact's POM file and thus can't be used for checksum validation.
> The issue can be reproduced using the minimal pre-configured Archiva package
> (apache-archiva-2.2.1-bin.zip).
> *Reproduction of the error*
> Prerequisites:
> * Downloaded/unpacked/started packaged (zip) Archiva 2.2.1
> * Configured archiva as local maven mirror
> {code}
> mvn compile
> .
> .
> .
> Downloading:
> http://localhost:8080/repository/internal/org/apache/maven/plugins/maven-plugins/28/maven-plugins-28.pom
> [WARNING] Checksum validation failed, expected <?xml but is
> ad21477ba223c7e4360600db11d6115344065d85 for
> http://localhost:8080/repository/internal/org/apache/maven/plugins/maven-plugins/28/maven-plugins-28.pom
> [WARNING] Could not validate integrity of download from
> http://localhost:8080/repository/internal/org/apache/maven/plugins/maven-plugins/28/maven-plugins-28.pom:
> Checksum validation failed, expected <?xml but is
> ad21477ba223c7e4360600db11d6115344065d85
> [WARNING] Checksum validation failed, expected <?xml but is
> ad21477ba223c7e4360600db11d6115344065d85 for
> http://localhost:8080/repository/internal/org/apache/maven/plugins/maven-plugins/28/maven-plugins-28.pom
> {code}
> When checking the filesystem of archiva local repository upon artifact
> download, it is immediately obvious that the *.[md5|sha1] files are invalid:
> {code}
> maik@tpx1:~/Downloads/apache-archiva-2.2.1/repositories/internal/org/apache/maven/plugins/maven-plugins/28$
> ll
> total 68
> drwxr-xr-x 2 maik maik 4096 Sep 21 15:48 ./
> drwxr-xr-x 5 maik maik 4096 Sep 21 15:48 ../
> -rw-r--r-- 1 maik maik 12031 Sep 21 15:48 maven-plugins-28.pom
> -rw-r--r-- 1 maik maik 12031 Sep 21 15:48 maven-plugins-28.pom.md5
> -rw-r--r-- 1 maik maik 12031 Sep 21 15:48 maven-plugins-28.pom.sha1
> maik@tpx1:~/Downloads/apache-archiva-2.2.1/repositories/internal/org/apache/maven/plugins/maven-plugins/28$
> head -n 4 maven-plugins-28.pom.sha1
> <?xml version='1.0' encoding='UTF-8'?>
> <!--
> Licensed to the Apache Software Foundation (ASF) under one
> or more contributor license agreements. See the NOTICE file
> {code}
> archiva.log shows no errors regarding the artifact in question. Checking the
> source repository (maven central ->
> http://central.maven.org/maven2/org/apache/maven/plugins/maven-plugins/28/)
> shows that the original sha1/md5 files are ok. This seems to happen
> unpredictably for arbitrary artifacts.
> This issue has been posted on StackOverflow (see external issue URL) using a
> more sophisticated configuration.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
