[jira] Commented: (MNG-3510) download with http 403 status code assumed by maven to be OK, then checksum failed error

[Bruce Chapman (JIRA)]

    [ 
http://jira.codehaus.org/browse/MNG-3510?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=138483#action_138483
 ] 

Bruce Chapman commented on MNG-3510:
------------------------------------

Brett,

No, I am not getting a 403 from the repo, I am getting it from our local 
cache/firewall.

I only used wget to show what the firewall was returning in order to put some 
evidence in this report.

To reproduce set up a cache or web proxy server between your test and the 
actual maven repository. Have the cache/proxy return status 403 AND a document 
(such as the html supplied in this fault report) when asked for a particular 
jar file.

Attempt to load that jar via maven, maven will treat the returned html error 
page as if it were the jar file, and save it locally in the repository cache 
thingy (can't remember what maven calls it), maven will ignore the 403 status 
code, maven will then blow up later saying checksums fail.

To repeat the core problem from the initial fault description...

Maven should only go on and download the file and compare checksums if the http 
status is valid eg 200, in the case of a failing http status code, it would be 
much more useful if maven failed earlier with the status code and text as the 
error message.

... and I'll add...

without saving the "document from the failing http response" in the local maven 
cache/repository.

Bruce






> download with http 403 status code assumed by maven to be OK, then checksum 
> failed error
> ----------------------------------------------------------------------------------------
>
>                 Key: MNG-3510
>                 URL: http://jira.codehaus.org/browse/MNG-3510
>             Project: Maven 2
>          Issue Type: Bug
>    Affects Versions: 2.0.6
>         Environment: Win xp pro.,  JDK6, mvn 2.0.6,  netbeans 6, mevenide 
> plugin in netbeans.
>            Reporter: Bruce Chapman
>            Priority: Minor
>
> Our firewall/cache is blocking access to 
> http://repo1.maven.org/maven2/javax/mail/mail/1.4/mail-1.4.jar becuase it 
> thinks it has a virus (that's the not the problem)
> {{$ wget http://repo1.maven.org/maven2/javax/mail/mail
> --14:13:46--  http://repo1.maven.org/maven2/javax/mail/mail
>            => `mail'
> Resolving cache... done.
> Connecting to cache[172.30.41.11]:8080... connected.
> Proxy request sent, awaiting response... 403 Forbidden
> 14:13:47 ERROR 403: Forbidden.}}
> but the firewall also returns content for the browser
> {{
> <html><head><META HTTP-EQUIV="Expires" CONTENT="-1"><META HTTP-EQUIV="Pragma" 
> CONTENT="no-cache"><META HTTP-EQUIV="Cache-Control" CONTENT="no-cache"><meta 
> http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>SonicWALL 
> - Blocked by Application Firewall</title></head><body bgcolor=#011B4A 
> text=#FFFFFF><br><br><br><br><br><table align=center cellpadding=5 border=2 
> width=500 bgcolor=#9CBACE><tr><td align=center><table align=center 
> cellpadding=5 width=450><tr><td align=center><br><br><font face=arial 
> color=000000 size=4><b>This request is blocked by the SonicWALL Gateway 
> Anti-Virus Service.  Name: WMF.Gen-2 
> (Exploit)</b></font></td></tr></table></td></tr></table></body></html>
> }}
> The problem is that maven is ignoring the status code, goes ahead and 
> downloads the file then decides that the checksum for the content does not 
> match what is expected. This is misleading and makes it more difficult to 
> diagnose the cause of the failed download.
> Here is what maven does
> {{
> ----------------------------------------------------------------------------
> Building Hudson core
>    task-segment: [install]
> ----------------------------------------------------------------------------
> Maven Version: 2.0.6
> JDK Version: 1.6.0_05 normalized as: 1.6.0-5
> OS Info: Arch: x86 Family: windows Name: windows xp Version: 5.1
> Downloading: http://repo1.maven.org/maven2/javax/mail/mail/1.4/mail-1.4.pom
> 993/993b
> 993b downloaded
> Downloading: http://repo1.maven.org/maven2/javax/mail/mail/1.4/mail-1.4.jar
> 696/?
> [WARNING] *** CHECKSUM FAILED - Checksum failed on download: local = 
> 'e0bb0f663e436cde3a6e1e5b8e8e80be43bde8a3'; remote = 
> '1aa1579ae5ecd41920c4f355b0a9ef40b68315dd' - RETRYING
> Downloading: http://repo1.maven.org/maven2/javax/mail/mail/1.4/mail-1.4.jar
> 696/?
> }}
> Maven should only go on and download the file and compare checksums if the 
> http status is valid eg 200, in the case of a failing http status code, it 
> would be much more useful if maven failed earlier with the status code and 
> text as the error message.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: 
http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira