[ https://issues.apache.org/jira/browse/MRM-1926?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Martin Stockhammer reassigned MRM-1926: --------------------------------------- Assignee: Martin Stockhammer > Invalid checksum files in Archiva repository after download from remote > repository > ---------------------------------------------------------------------------------- > > Key: MRM-1926 > URL: https://issues.apache.org/jira/browse/MRM-1926 > Project: Archiva > Issue Type: Bug > Components: system > Affects Versions: 2.2.1 > Environment: Ubuntu Linux 16.04 LTS x64; Ubuntu Linux 15.10 x64; > CentOS 7.2 x64; JDK 1.8 > Reporter: Maik F. > Assignee: Martin Stockhammer > Fix For: 2.2.2 > > > When downloading files from a remote repository, in numerous cases Archiva > stores invalid checksum files (sha1|md5) in its local repository. Upon > checking the remote repository, the checksum files are found to be valid. If > that is the case, the invalid checksum files are usually identical copies of > the artifact's POM file and thus can't be used for checksum validation. > The issue can be reproduced using the minimal pre-configured Archiva package > (apache-archiva-2.2.1-bin.zip). > *Reproduction of the error* > Prerequisites: > * Downloaded/unpacked/started packaged (zip) Archiva 2.2.1 > * Configured archiva as local maven mirror > {code} > mvn compile > . > . > . > Downloading: > http://localhost:8080/repository/internal/org/apache/maven/plugins/maven-plugins/28/maven-plugins-28.pom > [WARNING] Checksum validation failed, expected <?xml but is > ad21477ba223c7e4360600db11d6115344065d85 for > http://localhost:8080/repository/internal/org/apache/maven/plugins/maven-plugins/28/maven-plugins-28.pom > [WARNING] Could not validate integrity of download from > http://localhost:8080/repository/internal/org/apache/maven/plugins/maven-plugins/28/maven-plugins-28.pom: > Checksum validation failed, expected <?xml but is > ad21477ba223c7e4360600db11d6115344065d85 > [WARNING] Checksum validation failed, expected <?xml but is > ad21477ba223c7e4360600db11d6115344065d85 for > http://localhost:8080/repository/internal/org/apache/maven/plugins/maven-plugins/28/maven-plugins-28.pom > {code} > When checking the filesystem of archiva local repository upon artifact > download, it is immediately obvious that the *.[md5|sha1] files are invalid: > {code} > maik@tpx1:~/Downloads/apache-archiva-2.2.1/repositories/internal/org/apache/maven/plugins/maven-plugins/28$ > ll > total 68 > drwxr-xr-x 2 maik maik 4096 Sep 21 15:48 ./ > drwxr-xr-x 5 maik maik 4096 Sep 21 15:48 ../ > -rw-r--r-- 1 maik maik 12031 Sep 21 15:48 maven-plugins-28.pom > -rw-r--r-- 1 maik maik 12031 Sep 21 15:48 maven-plugins-28.pom.md5 > -rw-r--r-- 1 maik maik 12031 Sep 21 15:48 maven-plugins-28.pom.sha1 > maik@tpx1:~/Downloads/apache-archiva-2.2.1/repositories/internal/org/apache/maven/plugins/maven-plugins/28$ > head -n 4 maven-plugins-28.pom.sha1 > <?xml version='1.0' encoding='UTF-8'?> > <!-- > Licensed to the Apache Software Foundation (ASF) under one > or more contributor license agreements. See the NOTICE file > {code} > archiva.log shows no errors regarding the artifact in question. Checking the > source repository (maven central -> > http://central.maven.org/maven2/org/apache/maven/plugins/maven-plugins/28/) > shows that the original sha1/md5 files are ok. This seems to happen > unpredictably for arbitrary artifacts. > This issue has been posted on StackOverflow (see external issue URL) using a > more sophisticated configuration. -- This message was sent by Atlassian JIRA (v6.3.4#6332)