So how/where do I turn on the checksum validation? The "false 200" code we had was for a module we are building locally and installing into an archiva managed repository.
I understand your respose with regard to remote repositories (say repo 1) but the pom and jar that was goofed was put into archiva via mvn install not by an archiva proxy process. -----Original Message----- From: Brett Porter [mailto:[EMAIL PROTECTED] Sent: Sat 9/6/2008 10:58 PM To: [email protected] Subject: Re: How does archiva determine if a remote file exists 2008/9/6 EJ Ciramella <[EMAIL PROTECTED]> > That's a pretty big assumption on the part of archiva, no? That 200 means OK? I don't think it's such a leap :) > > > Most corporate env's will be blocking various sites, potentially some > sub directories of some well known opensource sf. > > It's a shame there isn't some kina validation (is this a valid xml file > or is this a valid pom or zip/jar/war/etc). That's what the checksums are there for if enabled - and far more reliable than guessing a mime-type from the extension. Cheers, Brett > > > > > -----Original Message----- > From: Brett Porter [mailto:[EMAIL PROTECTED] > Sent: Friday, September 05, 2008 9:17 PM > To: [email protected] > Subject: Re: How does archiva determin if a remote file exists > > That's correct, Archiva will assume if it gets HTTP 200 trying to proxy > a > file that it was valid. > If you change the proxy connector to fail if checksums don't match, this > problem won't occur. I'd highly recommend this setting in an environment > such as yours (or ensure the filter blocks with a more appropriate code > like > 403). > > Cheers, > Brett > > 2008/9/6 Michael Delaney <[EMAIL PROTECTED]> > > > All, > > > > > > > > How does Archiva determine if a remote file (say something housed on > > repo1.maven.org/maven2, for example) is valid? Does it determine this > by > > the HTTP return code (404 versus 200)? > > > > > > > > The reason I ask is that I have seen a very odd behavior. We have a > > goal that attempts to download an artifact from our Archiva server. > This > > artifact doesn't exist, it's an optional dependency, but during one of > > our maven goals, it appears our network filter went a-wall and blocked > > people.apache.org (which is set up on our Archiva server as a remote > > repository). So instead of getting a 404 error code when trying to > > access a file off of people.apache.org, it received a web page (from > our > > filter) stating the site was blocked. This web page appears to have > been > > downloaded as a pom.xml file and the artifact in question. > > > > > > > > Mike Delaney. > > > > > > > -- > Brett Porter > Blog: http://blogs.exist.com/bporter/ > -- Brett Porter Blog: http://blogs.exist.com/bporter/
