[
https://issues.apache.org/jira/browse/MNG-6679?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16876119#comment-16876119
]
Jörg Hohwiller commented on MNG-6679:
-------------------------------------
For clarification about the checksum verification:
I did a mistake on my end:
{code:java}
<checksumPolicy>fail</checksumPolicy>{code}
Was put in the wrong place in my {{settings.xml}} so there have been some maven
warnings that I missed.
{code:java}
WARNING] Some problems were encountered while building the effective settings
[WARNING] Unrecognised tag: 'checksumPolicy' (position: START_TAG seen
...</url>\n <checksumPolicy>... @55:27) @
/projects/example/conf/.m2/settings.xml, line 55, column 27
{code}
After fixing this, the checksum verification fails:
{code:java}
Downloading from nexus:
https://company.com/nexus3/repository/main/com/example/bom/1.0.0/bom-1.0.0.pom
[WARNING] Checksum validation failed, expected <!DOCTYPE but is
b63af4f058f6bb46f7db0b9c5d265643c35563e3 from nexus for
https://company.com/nexus3/repository/main/com/example/bom/1.0.0/bom-1.0.0.pom
Downloading from central:
https://repo.maven.apache.org/maven2/com/example/bom/1.0.0/bom-1.0.0.pom
[ERROR] [ERROR] Some problems were encountered while processing the POMs:
[ERROR] Non-resolvable import POM: Could not transfer artifact
com.example:bom:pom:1.0.0 from/to nexus
(https://company.com/nexus3/repository/main/): Checksum validation failed,
expected <!DOCTYPE but is b63af4f058f6bb46f7db0b9c5d265643c35563e3 @ line 82,
column 19
@{code}
After this also the broken artifact is NOT written to the local repository
anymore. This is good news.
We have a solution if people configure their settings accordingly.
However, the in case the defaults apply the behaviour is still odd.
> HTML content in POM: Maven should validate content before storing in local
> repo
> -------------------------------------------------------------------------------
>
> Key: MNG-6679
> URL: https://issues.apache.org/jira/browse/MNG-6679
> Project: Maven
> Issue Type: Bug
> Affects Versions: 3.6.0
> Environment: both with maven 3.6.0 in CMD or in Eclipse 4.9.0
> Reporter: Jörg Hohwiller
> Assignee: Michael Osipov
> Priority: Major
> Fix For: waiting-for-feedback
>
>
> For some odd reasons somethimes errors just happen and a maven repo delivers
> an HTML error or login page for a request of a POM or JAR file. It seems as
> if the status code is valid then Maven (might be anything under the hood,
> maybe even ether?) is saving the result without any sanity check or
> validation.
> Therefore I frequently end up with "POM" or "JAR" files in my local repo that
> are no XML but HTML nonsens.
>
> Example:
> {code:java}
> <!--
> DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
>
> Copyright (c) 2007 Sun Microsystems Inc. All Rights Reserved
>
> The contents of this file are subject to the terms
> of the Common Development and Distribution License
> (the License). You may not use this file except in
> compliance with the License.
> You can obtain a copy of the License at
> https://opensso.dev.java.net/public/CDDLv1.0.html or
> opensso/legal/CDDLv1.0.txt
> See the License for the specific language governing
> permission and limitations under the License.
> When distributing Covered Code, include this CDDL
> Header Notice in each file and include the License file
> at opensso/legal/CDDLv1.0.txt.
> If applicable, add the following below the CDDL Header,
> with the fields enclosed by brackets [] replaced by
> your own identifying information:
> "Portions Copyrighted [year] [name of copyright owner]"
> $Id: index.html,v 1.2 2008/06/25 05:48:51 qcheng Exp $
> -->
> <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
> <html>
> <head>
> <title>Please Wait While Redirecting to Login page</title>
> <script language="JavaScript"> <!--
> function redirectToAuth() {
> var params = getQueryParameters();
> var url = 'UI/Login';
> if (params != '') {
> url += params;
> }
> top.location.replace(url);
> }
> function getQueryParameters() {
> var loc = '' + location;
> var idx = loc.indexOf('?');
> if (idx != -1) {
> return loc.substring(idx);
> } else {
> return '';
> }
> }
> //-->
> </script>
> </head>
> <body bgcolor="#FFFFFF" onLoad="redirectToAuth();">
> </body>
> </html>
> {code}
> I would expect maven to verify the content before officially placing it in
> the correct location inside the local maven repository on my disc.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
