fix: Validate maven artifacts #774
Conversation
|
|
||
| func containsMvnCentral(repositories []maven.Repository) bool { | ||
| for _, r := range repositories { | ||
| if r.ID == "central" { |
There was a problem hiding this comment.
wondering if we should check by ip ? as the id can be set by the user, then it can setanother non maven central repo as central
There was a problem hiding this comment.
Yeah I did ponder whether to make the check more complicated. Trouble is, there's a bunch of different host name combinations that you could potentially use for central, so checking against them isn't very reliable. Even trying to compare IPs is maybe not 100% reliable either because of load balancers.
So I figured if someone explicitly configures central as the repo ID, then assume it's the defacto config for Maven central.
|
Thinking a little bit more about this, I think we should move the default maven set-up in the platform controller as Not sure how simple it is so I will merge this one but would be nice if we could log an additional issue and think a little bit about it. @jamesnetherton, would you lake to take it ? |
|
Yes, no problem. I'm happy to take a look at any follow up issues 👍 |
fixes #742
@lburgazzoli we talked a little about this. I made the Maven repository
checksumPolicyconfigurable when doingkamel install. By default thechecksumPolicyis 'fail'.E.g:
I also tweaked things slightly so that there is always repository config set up for Maven central in order to enforce the
checksumPolicyfor it. Users can override this if they want to.