Discussion:
How to deal with checksum errors on public artifacts?
KARR, DAVID
2013-10-31 15:44:55 UTC
Permalink
I was building a "toy" application that we're using to start work on a prototype for something, and a build failed with an error like the following:

Could not transfer artifact org.ops4j.pax.runner:pax-runner-no-jcl:pom:1.4.0 from/to central (http://repo1.maven.org/maven2/): Checksum validation failed, expected e52cedb3dba50c26877a6b3d88a08f98703d82a4 but is 2406c868ae24a7f15c78aa362346afd6ba44ec22 -> [Help 1]

This seems like it's saying that the artifact on Maven Central is corrupted. I tried manually downloading this artifact from Maven Central, but the md5 sum (I don't know if the algorithm used above is md5 or something else) comes out to neither of those values.

I could use some more background on this, including what I should do to fix this (if I can do anything).
Anders Hammar
2013-10-31 16:03:37 UTC
Permalink
It's the sha1 checksum. The file pax-runner-no-jcl-1.4.0.pom.sha1 says the
checksum is e52cedb3dba50c26877a6b3d88a08f98703d82a4. This could be wrong.
There are several newer versions, try one of them and see if they have
correct metadata.

You could also configure Maven to ignore checksum errors. That is the
default, so I assume you have reconfigured that?

/Anders
Post by KARR, DAVID
I was building a "toy" application that we're using to start work on a
prototype for something, and a build failed with an error like the
Could not transfer artifact
org.ops4j.pax.runner:pax-runner-no-jcl:pom:1.4.0 from/to central (
http://repo1.maven.org/maven2/): Checksum validation failed, expected
e52cedb3dba50c26877a6b3d88a08f98703d82a4 but is
2406c868ae24a7f15c78aa362346afd6ba44ec22 -> [Help 1]
This seems like it's saying that the artifact on Maven Central is
corrupted. I tried manually downloading this artifact from Maven Central,
but the md5 sum (I don't know if the algorithm used above is md5 or
something else) comes out to neither of those values.
I could use some more background on this, including what I should do to
fix this (if I can do anything).
---------------------------------------------------------------------
KARR, DAVID
2013-10-31 16:27:32 UTC
Permalink
-----Original Message-----
Of Anders Hammar
Sent: Thursday, October 31, 2013 9:04 AM
To: Maven Users List
Subject: Re: How to deal with checksum errors on public artifacts?
It's the sha1 checksum. The file pax-runner-no-jcl-1.4.0.pom.sha1 says the
checksum is e52cedb3dba50c26877a6b3d88a08f98703d82a4. This could be wrong.
There are several newer versions, try one of them and see if they have
correct metadata.
Ah, the pom. I was checking the jar.

How do I tell what checksum is expected? Can I see that on MavenCentral (http://search.maven.org)?
You could also configure Maven to ignore checksum errors. That is the
default, so I assume you have reconfigured that?
You're suggesting I turn off checksum validation for artifacts downloaded from the public internet? :)

Yes, we have checksum validation on.
Post by KARR, DAVID
I was building a "toy" application that we're using to start work on a
prototype for something, and a build failed with an error like the
Could not transfer artifact
org.ops4j.pax.runner:pax-runner-no-jcl:pom:1.4.0 from/to central (
http://repo1.maven.org/maven2/): Checksum validation failed, expected
e52cedb3dba50c26877a6b3d88a08f98703d82a4 but is
2406c868ae24a7f15c78aa362346afd6ba44ec22 -> [Help 1]
This seems like it's saying that the artifact on Maven Central is
corrupted. I tried manually downloading this artifact from Maven Central,
but the md5 sum (I don't know if the algorithm used above is md5 or
something else) comes out to neither of those values.
I could use some more background on this, including what I should do to
fix this (if I can do anything).
---------------------------------------------------------------------
Mirko Friedenhagen
2013-10-31 18:44:46 UTC
Permalink
David,

you should open a bug for this on issues.sonatype.org. They will fix the
checksums.

Regards Mirko
--
Sent from my mobile
-----Original Message-----
Behalf
Of Anders Hammar
Sent: Thursday, October 31, 2013 9:04 AM
To: Maven Users List
Subject: Re: How to deal with checksum errors on public artifacts?
It's the sha1 checksum. The file pax-runner-no-jcl-1.4.0.pom.sha1 says
the
checksum is e52cedb3dba50c26877a6b3d88a08f98703d82a4. This could be
wrong.
There are several newer versions, try one of them and see if they have
correct metadata.
Ah, the pom. I was checking the jar.
How do I tell what checksum is expected? Can I see that on MavenCentral (
http://search.maven.org)?
You could also configure Maven to ignore checksum errors. That is the
default, so I assume you have reconfigured that?
You're suggesting I turn off checksum validation for artifacts downloaded
from the public internet? :)
Yes, we have checksum validation on.
Post by KARR, DAVID
I was building a "toy" application that we're using to start work on a
prototype for something, and a build failed with an error like the
Could not transfer artifact
org.ops4j.pax.runner:pax-runner-no-jcl:pom:1.4.0 from/to central (
http://repo1.maven.org/maven2/): Checksum validation failed, expected
e52cedb3dba50c26877a6b3d88a08f98703d82a4 but is
2406c868ae24a7f15c78aa362346afd6ba44ec22 -> [Help 1]
This seems like it's saying that the artifact on Maven Central is
corrupted. I tried manually downloading this artifact from Maven
Central,
Post by KARR, DAVID
but the md5 sum (I don't know if the algorithm used above is md5 or
something else) comes out to neither of those values.
I could use some more background on this, including what I should do to
fix this (if I can do anything).
---------------------------------------------------------------------
---------------------------------------------------------------------
Loading...