[
https://issues.apache.org/jira/browse/MRESOLVER-265?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Tamás Cservenák updated MRESOLVER-265:
--------------------------------------
Description:
In short: repository layout has members:
*
{{org.eclipse.aether.internal.impl.Maven2RepositoryLayoutFactory.Maven2RepositoryLayout#checksumAlgorithms}}
*
{{org.eclipse.aether.internal.impl.Maven2RepositoryLayoutFactory.Maven2RepositoryLayout#extensionsWithoutChecksums}}
First one is checksums (as configured by user of default) that will be consumed
(on fetch) or produced (publish), while second marks artifact extensions that
need no checksums (on fetch -- fetched, or publish -- generated).
Now, if we consider "default" configured resolver (checksumAlrgorithms=SHA1,
MD5; extensionsWithoutChecksums=.asc) there is a discrepancy IF ANY OTHER
supported but not configured checksum comes in play:
If a Mojo attaches an artifact having extension ".zip.sha512", resolver will
checksum it (w/ {{checksumAlgorithms}} checksums) DESPITE it should know this
is a checksum, and "checksum of a checksum" is a nonsense, just makes noise.
Reason: method
{{org.eclipse.aether.internal.impl.Maven2RepositoryLayoutFactory.Maven2RepositoryLayout#isChecksum}}
works with preconfigured checksums only (in our example SHA1 and MS5) and will
respond "no" for SHA512.
Proposal to fix:
The method check should NOT be based on {{checksumAlgorithms}} but on "all
checksums supported by Resolver".
was:
In short: repository layout has members:
*
{{org.eclipse.aether.internal.impl.Maven2RepositoryLayoutFactory.Maven2RepositoryLayout#checksumAlgorithms}}
*
{{org.eclipse.aether.internal.impl.Maven2RepositoryLayoutFactory.Maven2RepositoryLayout#extensionsWithoutChecksums}}
First one is checksums (as configured by user of default) that will be consumed
(on fetch) or produced (publish), while second marks artifact extensions that
need no checksums (on fetch -- fetched, or publish -- generated).
Now, if we consider "default" configured resolver (checksumAlrgorithms=SHA1,
MD5; extensionsWithoutChecksums=.asc) there is a discrepancy IF ANY OTHER
supported but not configured checksum comes in play:
If a Mojo attaches an artifact having extension ".zip.sha512", resolver will
checksum it (w/ {{checksumAlgorithms}} checksums) DESPITE it should know this
is a checksum, and "checksum of a checksum" is a nonsense, just makes no sense.
Reason: method
{{org.eclipse.aether.internal.impl.Maven2RepositoryLayoutFactory.Maven2RepositoryLayout#isChecksum}}
works with preconfigured checksums only (in our example SHA1 and MS5) and will
respond "no" for SHA512.
Proposal to fix:
The method check should NOT be based on {{checksumAlgorithms}} but on "all
checksums supported by Resolver".
> Discrepancy between produced and recognized checksums
> -----------------------------------------------------
>
> Key: MRESOLVER-265
> URL: https://issues.apache.org/jira/browse/MRESOLVER-265
> Project: Maven Resolver
> Issue Type: Dependency upgrade
> Affects Versions: 1.8.0
> Reporter: Tamás Cservenák
> Priority: Major
>
> In short: repository layout has members:
> *
> {{org.eclipse.aether.internal.impl.Maven2RepositoryLayoutFactory.Maven2RepositoryLayout#checksumAlgorithms}}
> *
> {{org.eclipse.aether.internal.impl.Maven2RepositoryLayoutFactory.Maven2RepositoryLayout#extensionsWithoutChecksums}}
> First one is checksums (as configured by user of default) that will be
> consumed (on fetch) or produced (publish), while second marks artifact
> extensions that need no checksums (on fetch -- fetched, or publish --
> generated).
> Now, if we consider "default" configured resolver (checksumAlrgorithms=SHA1,
> MD5; extensionsWithoutChecksums=.asc) there is a discrepancy IF ANY OTHER
> supported but not configured checksum comes in play:
> If a Mojo attaches an artifact having extension ".zip.sha512", resolver will
> checksum it (w/ {{checksumAlgorithms}} checksums) DESPITE it should know this
> is a checksum, and "checksum of a checksum" is a nonsense, just makes noise.
> Reason: method
> {{org.eclipse.aether.internal.impl.Maven2RepositoryLayoutFactory.Maven2RepositoryLayout#isChecksum}}
> works with preconfigured checksums only (in our example SHA1 and MS5) and
> will respond "no" for SHA512.
> Proposal to fix:
> The method check should NOT be based on {{checksumAlgorithms}} but on "all
> checksums supported by Resolver".
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
