[ https://issues.apache.org/jira/browse/MRESOLVER-123?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17148603#comment-17148603 ]
Michael Osipov commented on MRESOLVER-123: ------------------------------------------ At least for the storage attributes, there is not SHA-256 downloaded or generated in this file. Thanks for the logfile. I see: {noformat} [main] [DEBUG] http-outgoing-45 >> "GET /nexus/content/groups/releases/org/apache/apache/19/apache-19.pom.sha256 HTTP/1.1[\r][\n]" [main] [DEBUG] http-outgoing-45 >> "Cache-control: no-cache[\r][\n]" [main] [DEBUG] http-outgoing-45 >> "Cache-store: no-store[\r][\n]" [main] [DEBUG] http-outgoing-45 >> "Pragma: no-cache[\r][\n]" [main] [DEBUG] http-outgoing-45 >> "User-Agent: Apache-Maven/3.6.3 (Java 11.0.5; Linux 5.3.0-61-generic)[\r][\n]" [main] [DEBUG] http-outgoing-45 >> "Host: nexus-mirror.acme.com[\r][\n]" [main] [DEBUG] http-outgoing-45 >> "Connection: Keep-Alive[\r][\n]" [main] [DEBUG] http-outgoing-45 >> "Accept-Encoding: gzip,deflate[\r][\n]" [main] [DEBUG] http-outgoing-45 >> "[\r][\n]" [main] [DEBUG] http-outgoing-45 << "HTTP/1.1 200 OK[\r][\n]" [main] [DEBUG] http-outgoing-45 << "Server: nginx/1.16.1[\r][\n]" [main] [DEBUG] http-outgoing-45 << "Date: Tue, 30 Jun 2020 10:12:39 GMT[\r][\n]" [main] [DEBUG] http-outgoing-45 << "Content-Type: application/octet-stream[\r][\n]" [main] [DEBUG] http-outgoing-45 << "Content-Length: 64[\r][\n]" [main] [DEBUG] http-outgoing-45 << "Connection: close[\r][\n]" [main] [DEBUG] http-outgoing-45 << "X-Frame-Options: SAMEORIGIN[\r][\n]" [main] [DEBUG] http-outgoing-45 << "X-Content-Type-Options: nosniff[\r][\n]" [main] [DEBUG] http-outgoing-45 << "Accept-Ranges: bytes[\r][\n]" [main] [DEBUG] http-outgoing-45 << "ETag: "{SHA1{bf300ccb33a85ea7dafda571a48fd77d4efaac76}}"[\r][\n]" [main] [DEBUG] http-outgoing-45 << "Last-Modified: Tue, 30 Jun 2020 06:16:15 GMT[\r][\n]" [main] [DEBUG] http-outgoing-45 << "Strict-Transport-Security: max-age=63072000[\r][\n]" [main] [DEBUG] http-outgoing-45 << "X-Frame-Options: DENY[\r][\n]" [main] [DEBUG] http-outgoing-45 << "X-Content-Type-Options: nosniff[\r][\n]" [main] [DEBUG] http-outgoing-45 << "[\r][\n]" [main] [DEBUG] http-outgoing-45 << "cd622094264b0868aeb108cb3adec4201c6e9af8f50e29a28bb13a5e9d9279a8" [main] [DEBUG] http-outgoing-45 << HTTP/1.1 200 OK [main] [DEBUG] http-outgoing-45 << Server: nginx/1.16.1 [main] [DEBUG] http-outgoing-45 << Date: Tue, 30 Jun 2020 10:12:39 GMT [main] [DEBUG] http-outgoing-45 << Content-Type: application/octet-stream [main] [DEBUG] http-outgoing-45 << Content-Length: 64 [main] [DEBUG] http-outgoing-45 << Connection: close [main] [DEBUG] http-outgoing-45 << X-Frame-Options: SAMEORIGIN [main] [DEBUG] http-outgoing-45 << X-Content-Type-Options: nosniff [main] [DEBUG] http-outgoing-45 << Accept-Ranges: bytes [main] [DEBUG] http-outgoing-45 << ETag: "{SHA1{bf300ccb33a85ea7dafda571a48fd77d4efaac76}}" [main] [DEBUG] http-outgoing-45 << Last-Modified: Tue, 30 Jun 2020 06:16:15 GMT [main] [DEBUG] http-outgoing-45 << Strict-Transport-Security: max-age=63072000 [main] [DEBUG] http-outgoing-45 << X-Frame-Options: DENY [main] [DEBUG] http-outgoing-45 << X-Content-Type-Options: nosniff [main] [DEBUG] http-outgoing-45: Close connection [main] [DEBUG] Connection discarded [main] [DEBUG] Connection released: [id: 45][route: {s}->https://nexus-mirror.acme.com:443][total kept alive: 0; route allocated: 0 of 20; total allocated: 0 of 40] [main] [WARNING] Checksum validation failed, expected cd622094264b0868aeb108cb3adec4201c6e9af8f50e29a28bb13a5e9d9279a8 but is 91f7a33096ea69bac2cbaf6d01feb934cac002c48d8c8cfa9c240b40f1ec21df from central-cm-mirror for https://nexus-mirror.acme.com/nexus/content/groups/releases/org/apache/apache/19/apache-19.pom {noformat} but {noformat} $ curl -sq https://repo.maven.apache.org/maven2/org/apache/apache/19/apache-19.pom | sha256 91f7a33096ea69bac2cbaf6d01feb934cac002c48d8c8cfa9c240b40f1ec21df {noformat} So we have two problems here: 1. You have problem with your Nexus instance. It generates wrong checksums. You didn't see this before because SHA-2 family has been added recently. Talk to your admin to resolve this issue. Meanwhile do {{-Daether.checksums.algorithms=SHA-1}} and reupload the log with headers only. 2. Output {noformat} [main] [WARNING] Checksum validation failed, expected cd622094264b0868aeb108cb3adec4201c6e9af8f50e29a28bb13a5e9d9279a8 but is 91f7a33096ea69bac2cbaf6d01feb934cac002c48d8c8cfa9c240b40f1ec21df from central-cm-mirror for https://nexus-mirror.acme.com/nexus/content/groups/releases/org/apache/apache/19/apache-19.pom {noformat} seems to be wrong. It should read switched. We expected {{91f7a33096ea69bac2cbaf6d01feb934cac002c48d8c8cfa9c240b40f1ec21df}}, but Nexus delivered {{91f7a33096ea69bac2cbaf6d01feb934cac002c48d8c8cfa9c240b40f1ec21df}}. I will investigate this one. > Concurrency issues > ------------------ > > Key: MRESOLVER-123 > URL: https://issues.apache.org/jira/browse/MRESOLVER-123 > Project: Maven Resolver > Issue Type: Bug > Components: resolver > Affects Versions: 1.4.2 > Reporter: Michael Osipov > Priority: Critical > Attachments: checksum-error-debug.log > > > This is an umbrella ticket for a long standing issue with Maven Resolver: Our > concurrency support is mediocre in a way that if two or more threads try to > download the same file and fail to queue those write actions nicely. The > problem is that The {{SyncContext}} and the its factory provided by Maven > Resolver does not employ any locking at all. As layed out in detail in > MRESOLVER-114 we need striped read write locks on artifacts and its metadata. > This issue shall track progress on it. Even Takari Concurrent Repository > extension does not help because it is only intended to synchronize concurrent > access by multple JVMs and not threads. -- This message was sent by Atlassian Jira (v8.3.4#803005)