Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-25147

Rebuild metadata task leaves sha256 and sha512 files untouched for metadata files

    XMLWordPrintable

    Details

    • Notability:
      3

      Description

      Recent versions of Gradle deploy sha256 and sha512 checksum files by default into Maven layout repositories.  This is done for both artifacts and maven-metadata.xml files.  Note that you will need to set the repository layout to "permissive" in order to be able to deploy these files using Gradle, they will be blocked otherwise.

      If you run a "repair - rebuild maven metadata" task against a repository that contains these checksums the sha256 and sha512 files are left in place for maven-metadata.xml files, even though the file itself has changed. This will result in a checksum warning/error in a subsequent Gradle build.

      Also note that Maven is now capable of consuming these files:  

      https://issues.apache.org/jira/browse/MRESOLVER-56

      So this isn't just a Gradle problem.

      Expected:  We should rebuild these files when rebuilding metadata.  

        Attachments

          Issue Links

          relates

          Improvement - An improvement or enhancement to an existing feature or task. NEXUS-23603 Add support for sha256/sha512 checksums when rebuilding maven metadata

          • Major - Major loss of function.
          • Closed

            Activity

              People

              Assignee:
              mjohnson Matt Johnson
              Reporter:
              rseddon Rich Seddon
              Last Updated By:
              Joe Tom Joe Tom
              Team:
              NXRM - Gunter
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Date of First Response:

                  tigCommentSecurity.panel-title