Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
1.2.1
-
None
-
None
Description
If you upload a jar through the web interface, Archiva correctly generates md5 and sha1 checksums for the jar and pom.
If you re-upload the same artifact, (perhaps you accidentally uploaded the wrong jar, or need to fix something in the pom,) Archiva does not generate new checksums.
This causes multiple downloads and warning during Maven builds.
To reproduce, upload any jar as com.example:example:1.0 and verify the checksums:
$ md5sum -c example-1.0.jar.md5
example-1.0.jar: OK
$ sha1sum -c example-1.0.jar.sha1
example-1.0.jar: OK
Then upload a different jar with the same parameters. Verify the checksums, and you'll see:
$ md5sum -c example-1.0.jar.md5
example-1.0.jar: FAILED
md5sum: WARNING: 1 of 1 computed checksum did NOT match
$ sha1sum -c example-1.0.jar.sha1
example-1.0.jar: FAILED
sha1sum: WARNING: 1 of 1 computed checksum did NOT match
This also happens if you upload a new pom.
A workaround is to delete the artifact before uploading the replacement. Then Archiva will generate the checksums correctly.
Attachments
Issue Links
- is related to
-
-
- Closed
-