[maven] 01/01: [MNG-5728] Switch the default checksum policy from "warn" to "fail"

Mon, 30 Nov 2020 12:12:47 -0800 

This is an automated email from the ASF dual-hosted git repository.

michaelo pushed a commit to branch MNG-5728
in repository https://gitbox.apache.org/repos/asf/maven.git

commit d8ad76b9cb3c9cce082528c72880dbded2c22774
Author: Nicolas Juneau <nicolas.jun...@savoirfairelinux.com>
AuthorDate: Fri Nov 27 16:03:11 2020 +0100

    [MNG-5728] Switch the default checksum policy from "warn" to "fail"
    
    Signed-off-by: rfscholte <rfscho...@apache.org>
    Signed-off-by: Michael Osipov <micha...@apache.org>
---
 .../repository/ArtifactRepositoryPolicy.java       |  4 +++-
 .../AbstractArtifactComponentTestCase.java         | 28 ++++++++++++++++++++++
 .../repository/legacy/DefaultWagonManagerTest.java |  5 ++++
 .../apache/maven/bridge/MavenRepositorySystem.java | 22 ++++++++---------
 maven-model/src/main/mdo/maven.mdo                 |  7 +++---
 .../internal/ArtifactDescriptorUtils.java          | 18 +++++++++++++-
 6 files changed, 67 insertions(+), 17 deletions(-)

diff --git 
a/maven-artifact/src/main/java/org/apache/maven/artifact/repository/ArtifactRepositoryPolicy.java
 
b/maven-artifact/src/main/java/org/apache/maven/artifact/repository/ArtifactRepositoryPolicy.java
index 5ce317f..6ad2a26 100644
--- 
a/maven-artifact/src/main/java/org/apache/maven/artifact/repository/ArtifactRepositoryPolicy.java
+++ 
b/maven-artifact/src/main/java/org/apache/maven/artifact/repository/ArtifactRepositoryPolicy.java
@@ -43,6 +43,8 @@ public class ArtifactRepositoryPolicy
 
     public static final String CHECKSUM_POLICY_IGNORE = "ignore";
 
+    public static final String DEFAULT_CHECKSUM_POLICY = CHECKSUM_POLICY_FAIL;
+
     private boolean enabled;
 
     private String updatePolicy;
@@ -71,7 +73,7 @@ public class ArtifactRepositoryPolicy
 
         if ( checksumPolicy == null )
         {
-            checksumPolicy = CHECKSUM_POLICY_WARN;
+            checksumPolicy = DEFAULT_CHECKSUM_POLICY;
         }
         this.checksumPolicy = checksumPolicy;
     }
diff --git 
a/maven-compat/src/test/java/org/apache/maven/artifact/AbstractArtifactComponentTestCase.java
 
b/maven-compat/src/test/java/org/apache/maven/artifact/AbstractArtifactComponentTestCase.java
index dbd6e8f..20054b5 100644
--- 
a/maven-compat/src/test/java/org/apache/maven/artifact/AbstractArtifactComponentTestCase.java
+++ 
b/maven-compat/src/test/java/org/apache/maven/artifact/AbstractArtifactComponentTestCase.java
@@ -39,6 +39,7 @@ import org.eclipse.aether.collection.DependencySelector;
 import org.eclipse.aether.collection.DependencyTraverser;
 import org.eclipse.aether.internal.impl.SimpleLocalRepositoryManagerFactory;
 import org.eclipse.aether.repository.LocalRepository;
+import org.eclipse.aether.spi.connector.layout.RepositoryLayout;
 import org.eclipse.aether.util.graph.manager.ClassicDependencyManager;
 import org.eclipse.aether.util.graph.selector.AndDependencySelector;
 import org.eclipse.aether.util.graph.selector.ExclusionDependencySelector;
@@ -60,9 +61,12 @@ import java.io.IOException;
 import java.io.OutputStreamWriter;
 import java.io.Writer;
 import java.nio.charset.StandardCharsets;
+import java.security.MessageDigest;
 import java.util.ArrayList;
 import java.util.List;
 
+import javax.xml.bind.DatatypeConverter;
+
 /**
  * @author <a href="mailto:ja...@maven.org";>Jason van Zyl </a>
  */
@@ -298,6 +302,17 @@ public abstract class AbstractArtifactComponentTestCase
         {
             writer.write( artifact.getId() );
         }
+
+        MessageDigest md = MessageDigest.getInstance( "MD5" );
+        md.update( artifact.getId().getBytes() );
+        byte[] digest = md.digest();
+
+        String md5path = repository.pathOf( artifact ) + ".md5";
+        File md5artifactFile = new File( repository.getBasedir(), md5path );
+        try ( Writer writer = new OutputStreamWriter( new FileOutputStream( 
md5artifactFile ), StandardCharsets.ISO_8859_1) )
+        {
+            writer.append( printHexBinary( digest ) );
+        }
     }
 
     protected Artifact createArtifact( String artifactId, String version )
@@ -371,4 +386,17 @@ public abstract class AbstractArtifactComponentTestCase
         return session;
     }
 
+    private static final char[] hexCode = "0123456789ABCDEF".toCharArray();
+
+    private static final String printHexBinary( byte[] data )
+    {
+        StringBuilder r = new StringBuilder( data.length * 2 );
+        for ( byte b : data )
+        {
+            r.append( hexCode[( b >> 4 ) & 0xF] );
+            r.append( hexCode[( b & 0xF )] );
+        }
+        return r.toString();
+    }
+
 }
diff --git 
a/maven-compat/src/test/java/org/apache/maven/repository/legacy/DefaultWagonManagerTest.java
 
b/maven-compat/src/test/java/org/apache/maven/repository/legacy/DefaultWagonManagerTest.java
index 1b3cb79..3424ac1 100644
--- 
a/maven-compat/src/test/java/org/apache/maven/repository/legacy/DefaultWagonManagerTest.java
+++ 
b/maven-compat/src/test/java/org/apache/maven/repository/legacy/DefaultWagonManagerTest.java
@@ -101,7 +101,10 @@ public class DefaultWagonManagerTest
 
         StringWagon wagon = (StringWagon) wagonManager.getWagon( "string" );
         wagon.addExpectedContent( repos.get( 0 ).getLayout().pathOf( artifact 
), "expected" );
+        wagon.addExpectedContent( repos.get( 0 ).getLayout().pathOf( artifact 
) + ".md5", "cd26d9e10ce691cc69aa2b90dcebbdac" );
         wagon.addExpectedContent( repos.get( 1 ).getLayout().pathOf( artifact 
), "expected" );
+        wagon.addExpectedContent( repos.get( 1 ).getLayout().pathOf( artifact 
) + ".md5", "cd26d9e10ce691cc69aa2b90dcebbdac" );
+
 
         class TransferListener
             extends AbstractTransferListener
@@ -170,6 +173,7 @@ public class DefaultWagonManagerTest
 
         StringWagon wagon = (StringWagon) wagonManager.getWagon( "string" );
         wagon.addExpectedContent( repo.getLayout().pathOf( artifact ), 
"expected" );
+        wagon.addExpectedContent( repo.getLayout().pathOf( artifact ) + 
".md5", "cd26d9e10ce691cc69aa2b90dcebbdac" );
 
         wagonManager.getArtifact( artifact, repo, null, false );
 
@@ -271,6 +275,7 @@ public class DefaultWagonManagerTest
         ArtifactRepository repo = createStringRepo();
         StringWagon wagon = (StringWagon) wagonManager.getWagon( "string" );
         wagon.addExpectedContent( repo.getLayout().pathOf( artifact ), 
"expected" );
+        wagon.addExpectedContent( repo.getLayout().pathOf( artifact ) + 
".md5", "cd26d9e10ce691cc69aa2b90dcebbdac" );
 
         /* getArtifact */
         assertFalse( "Transfer listener is registered before test",
diff --git 
a/maven-core/src/main/java/org/apache/maven/bridge/MavenRepositorySystem.java 
b/maven-core/src/main/java/org/apache/maven/bridge/MavenRepositorySystem.java
index 752e659..f723cde 100644
--- 
a/maven-core/src/main/java/org/apache/maven/bridge/MavenRepositorySystem.java
+++ 
b/maven-core/src/main/java/org/apache/maven/bridge/MavenRepositorySystem.java
@@ -419,8 +419,8 @@ public class MavenRepositorySystem
         }
 
         return new ArtifactRepositoryPolicy( enabled, updatePolicy, 
checksumPolicy );
-    }    
-    
+    }
+
     public ArtifactRepository createArtifactRepository( String id, String url, 
String layoutId,
                                                         
ArtifactRepositoryPolicy snapshots,
                                                         
ArtifactRepositoryPolicy releases )
@@ -442,7 +442,7 @@ public class MavenRepositorySystem
                                                 repositoryId ) );
         }
     }
-    
+
     public static ArtifactRepository createArtifactRepository( String id, 
String url,
                                                         
ArtifactRepositoryLayout repositoryLayout,
                                                         
ArtifactRepositoryPolicy snapshots,
@@ -568,20 +568,20 @@ public class MavenRepositorySystem
         return new DefaultArtifact( groupId, artifactId, versionRange, 
desiredScope, type, classifier, handler,
                                     optional );
     }
-    
+
     //
     // Code taken from LegacyRepositorySystem
     //
-        
+
     public ArtifactRepository createDefaultRemoteRepository( 
MavenExecutionRequest request )
         throws Exception
     {
         return createRepository( RepositorySystem.DEFAULT_REMOTE_REPO_URL, 
RepositorySystem.DEFAULT_REMOTE_REPO_ID,
                                  true, 
ArtifactRepositoryPolicy.UPDATE_POLICY_DAILY, false,
                                  ArtifactRepositoryPolicy.UPDATE_POLICY_DAILY,
-                                 ArtifactRepositoryPolicy.CHECKSUM_POLICY_WARN 
);
+                                 
ArtifactRepositoryPolicy.DEFAULT_CHECKSUM_POLICY );
     }
-    
+
     public ArtifactRepository createRepository( String url, String 
repositoryId, boolean releases,
                                                  String releaseUpdates, 
boolean snapshots, String snapshotUpdates,
                                                  String checksumPolicy ) 
throws Exception
@@ -594,7 +594,7 @@ public class MavenRepositorySystem
 
         return createArtifactRepository( repositoryId, url, "default", 
snapshotsPolicy, releasesPolicy );
     }
-        
+
     public Set<String> getRepoIds( List<ArtifactRepository> repositories )
     {
         Set<String> repoIds = new HashSet<>();
@@ -707,8 +707,8 @@ public class MavenRepositorySystem
                                  
ArtifactRepositoryPolicy.UPDATE_POLICY_ALWAYS, true,
                                  ArtifactRepositoryPolicy.UPDATE_POLICY_ALWAYS,
                                  
ArtifactRepositoryPolicy.CHECKSUM_POLICY_IGNORE );
-    }    
-    
+    }
+
     private static final String WILDCARD = "*";
 
     private static final String EXTERNAL_WILDCARD = "external:*";
@@ -873,5 +873,5 @@ public class MavenRepositorySystem
         }
 
         return result;
-    }    
+    }
 }
diff --git a/maven-model/src/main/mdo/maven.mdo 
b/maven-model/src/main/mdo/maven.mdo
index 61d9ceb..c0d253b 100644
--- a/maven-model/src/main/mdo/maven.mdo
+++ b/maven-model/src/main/mdo/maven.mdo
@@ -1995,12 +1995,11 @@
           <description>
             <![CDATA[
             What to do when verification of an artifact checksum fails. Valid 
values are
-            <code>ignore</code>
-            ,
+            <code>ignore</code>,
             <code>fail</code>
-            or
+            (default for Maven 4 and above) or
             <code>warn</code>
-            (the default).
+            (default for Maven 2 and 3)
             ]]>
           </description>
           <type>String</type>
diff --git 
a/maven-resolver-provider/src/main/java/org/apache/maven/repository/internal/ArtifactDescriptorUtils.java
 
b/maven-resolver-provider/src/main/java/org/apache/maven/repository/internal/ArtifactDescriptorUtils.java
index 7d4ede8..17fbb10 100644
--- 
a/maven-resolver-provider/src/main/java/org/apache/maven/repository/internal/ArtifactDescriptorUtils.java
+++ 
b/maven-resolver-provider/src/main/java/org/apache/maven/repository/internal/ArtifactDescriptorUtils.java
@@ -19,6 +19,7 @@ package org.apache.maven.repository.internal;
  * under the License.
  */
 
+import org.apache.maven.artifact.repository.ArtifactRepositoryPolicy;
 import org.apache.maven.model.Repository;
 import org.eclipse.aether.artifact.Artifact;
 import org.eclipse.aether.artifact.DefaultArtifact;
@@ -59,7 +60,7 @@ public class ArtifactDescriptorUtils
     public static RepositoryPolicy toRepositoryPolicy( 
org.apache.maven.model.RepositoryPolicy policy )
     {
         boolean enabled = true;
-        String checksums = RepositoryPolicy.CHECKSUM_POLICY_WARN;
+        String checksums = toRepositoryChecksumPolicy( 
ArtifactRepositoryPolicy.DEFAULT_CHECKSUM_POLICY );
         String updates = RepositoryPolicy.UPDATE_POLICY_DAILY;
 
         if ( policy != null )
@@ -78,4 +79,19 @@ public class ArtifactDescriptorUtils
         return new RepositoryPolicy( enabled, updates, checksums );
     }
 
+    public static String toRepositoryChecksumPolicy( final String 
artifactRepositoryPolicy )
+    {
+        switch ( artifactRepositoryPolicy )
+        {
+            case ArtifactRepositoryPolicy.CHECKSUM_POLICY_FAIL:
+                return RepositoryPolicy.CHECKSUM_POLICY_FAIL;
+            case ArtifactRepositoryPolicy.CHECKSUM_POLICY_IGNORE:
+                return RepositoryPolicy.CHECKSUM_POLICY_IGNORE;
+            case ArtifactRepositoryPolicy.CHECKSUM_POLICY_WARN:
+                return RepositoryPolicy.CHECKSUM_POLICY_WARN;
+            default:
+                throw new IllegalArgumentException( "unknown repository 
checksum policy: " + artifactRepositoryPolicy );
+        }
+    }
+
 }

Reply via email to