Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-21802

Maven metadata sha256/sha512 checksum considerations in staging

    XMLWordPrintable

    Details

    • Notability:
      4

      Description

      Currently if gradle deploys sha256/sha512 checksum files into a staging repository, upon release of that repository, the files are moved to the target repository, which is causing an error as the target repository is configured as write-once, and these files already exist. Typically when releasing staging repositories maven metadata is ignored, as it is expected to be rebuilt in the target repository after release of the staging repository. See https://github.com/sonatype/nexus2-internal/blob/08bd242de9467553b635e3b9cb1f528dfbbbc0f7/private/plugins/clm/nexus-staging-plugin/src/main/java/com/sonatype/nexus/staging/internal/StagingUtils.java#L26

      Which brings us to issue number 2, we don't ever create sha256/512 checksums when rebuilding maven metadata, so we would effectively just be throwing these files away. Rather we should update the maven metadata builder to also generate the sha256/sha512 checksums, see https://github.com/sonatype/nexus2-internal/blob/40ab58f48165a09c9b4c0b7e01fd390d4b0b256e/components/nexus-core/src/main/java/org/sonatype/nexus/proxy/maven/metadata/DefaultMetadataHelper.java#L97

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              ataylor Andrew Taylor
              Reporter:
              dbradicich Damian Bradicich
              Last Updated By:
              Ophelia Hernandez
              Team:
              NXRM - Neo
              Votes:
              22 Vote for this issue
              Watchers:
              42 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Date of First Response:

                  tigCommentSecurity.panel-title