Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

broken checksums in maven artefacts for rc4 #296

Closed
GoogleCodeExporter opened this issue Apr 7, 2015 · 6 comments
Closed

broken checksums in maven artefacts for rc4 #296

GoogleCodeExporter opened this issue Apr 7, 2015 · 6 comments
Labels
auto-migrated

Comments

@GoogleCodeExporter
Copy link 

apparently the checksums are broken:

$ curl 
http://repo2.maven.org/maven2/com/google/collections/google-collections/1.0-
rc4/google-collections-1.0-rc4.jar | sha1sum 
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  624k  100  624k    0     0  39923      0  0:00:16  0:00:16 --:--:-- 89659
e01e7343ab0592566ec76ad82f8546c48e28315c  -
$ curl 
http://repo2.maven.org/maven2/com/google/collections/google-collections/1.0-
rc4/google-collections-1.0-rc4.jar.sha1
c703ce8ae10cbb6256245c287dbb70920ad9f770

It wasn't deployed using maven 2.2 was it? 2.2 generates incorrect checksums…

Original issue reported on code.google.com by jed.wesl...@gmail.com on 13 Nov 2009 at 12:51
@GoogleCodeExporter
Copy link
Author 

Yes, it was generated using maven 2.2. I assumed it was safe to use the latest
version of Maven.

How serious is this? Should I build and deploy a new rc4 with a Maven 2.1? 
Should I
give it a different version, like 1.0-rc4b?

Original comment by jared.l....@gmail.com on 13 Nov 2009 at 1:41

  • Changed state: Accepted

@GoogleCodeExporter
Copy link
Author 

Hi Jared,

The problem is caused when deploying to a repository that requires http
authentication. A change was made in 2.2.x to switch from j.u.httpclient to
org.apache.httpclient (from memory) which doesnt' submit authentication 
information
unless it receives a 401. This causes the output stream to be transmitted twice,
which produces the wrong checksum on the checksumming wrapped of the output 
stream.

The most recent issue for this is http://jira.codehaus.org/browse/MNG-4301

You can safely fix the checksum in your repository. I've attached a script to 
fix the
checksums

Original comment by daveche...@gmail.com on 13 Nov 2009 at 2:25

Attachments:

@GoogleCodeExporter
Copy link
Author 

Hi Jared,

What is the resolution here, are you going to fix the checksums in your repo, 
or wait for rc-5 ?

Cheers

Dave

Original comment by daveche...@gmail.com on 18 Nov 2009 at 6:51

@GoogleCodeExporter
Copy link
Author 

Hi Jared,

Is there any update on a resolution ?

Cheers

Dave

Original comment by daveche...@gmail.com on 3 Dec 2009 at 6:07

@GoogleCodeExporter
Copy link
Author 

Jared, this makes the library unusable from maven as it flags the library as 
corrupted when it downloads it (as do 
various proxies). We can get around this internally as we can deploy the 
correct checksums, but we cannot use it 
as an external dependency as our users will all get failing builds.

We have rolled back rc4 support until this issue is fixed.

Original comment by jed.wesl...@gmail.com on 4 Dec 2009 at 12:45

@GoogleCodeExporter
Copy link
Author 

We just released rc5, with a Maven package generated by Maven 2.0.10.

There's no longer a reason to fix the rc4 checksum.

Original comment by jared.l....@gmail.com on 11 Dec 2009 at 9:13

  • Changed state: WontFix

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
auto-migrated
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@GoogleCodeExporter