Hi, I am a bit confused which Maven Plugin/Module is supposed to calculate checksums.
With https://issues.apache.org/jira/browse/MINSTALL-143 and https://issues.apache.org/jira/browse/MDEPLOY-231 the checksum calculation is now being performed in maven-artifact-transfer (https://github.com/apache/maven-artifact-transfer/blob/d4df3387215336eb52358f054e742ad44ad9e88f/src/main/java/org/apache/maven/shared/transfer/project/deploy/internal/DefaultProjectDeployer.java#L130) but only for MD5 and SHA1. Currently there is no way to disable that generation. That leads to the fact that although SHA512/256 support has been added to Nexus in https://issues.sonatype.org/browse/NEXUS-21802 recently one cannot correctly create/deploy those checksums with Maven standard plugins due to https://issues.apache.org/jira/browse/MSHARED-704 and https://issues.apache.org/jira/browse/MDEPLOY-271. Which Maven part should be responsible for creating those checksums in the future? Is it a) maven-artifact-transfer or rather b) maven-resolver (https://github.com/apache/maven-resolver/blob/master/maven-resolver-impl/src/main/java/org/eclipse/aether/internal/impl/DefaultDeployer.java#L80) or is it a c) completely separate plugin? Currently none of those options are viable though as a) does not support generating SHA256/512 yes (https://issues.apache.org/jira/browse/MSHARED-704), nor does maven-resolver support creating those checksum (couldn't find an issue for that though). c) cannot be used because one cannot currently prevent SHA1/MD5 from being generated even for attached checksum artifacts in (https://issues.apache.org/jira/browse/MDEPLOY-271), so you always end up with default SHA1/MD5 even for SHA512/256. As Gradle 5 already supports generating SHA512/256 checksum for artifacts uploaded to Maven repo, I think native Maven plugins should support that soon as well. Or maybe I just missed how to do it properly? Any pointer are highly appreciated --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
