[MNG-5728] Switch the default checksum policy from "warn" to "fail"
Signed-off-by: rfscholte <rfscholte@apache.org>
Signed-off-by: Michael Osipov <michaelo@apache.org>
diff --git a/maven-artifact/src/main/java/org/apache/maven/artifact/repository/ArtifactRepositoryPolicy.java b/maven-artifact/src/main/java/org/apache/maven/artifact/repository/ArtifactRepositoryPolicy.java
index 5ce317f..6ad2a26 100644
--- a/maven-artifact/src/main/java/org/apache/maven/artifact/repository/ArtifactRepositoryPolicy.java
+++ b/maven-artifact/src/main/java/org/apache/maven/artifact/repository/ArtifactRepositoryPolicy.java
@@ -43,6 +43,8 @@
public static final String CHECKSUM_POLICY_IGNORE = "ignore";
+ public static final String DEFAULT_CHECKSUM_POLICY = CHECKSUM_POLICY_FAIL;
+
private boolean enabled;
private String updatePolicy;
@@ -71,7 +73,7 @@
if ( checksumPolicy == null )
{
- checksumPolicy = CHECKSUM_POLICY_WARN;
+ checksumPolicy = DEFAULT_CHECKSUM_POLICY;
}
this.checksumPolicy = checksumPolicy;
}
diff --git a/maven-compat/src/test/java/org/apache/maven/artifact/AbstractArtifactComponentTestCase.java b/maven-compat/src/test/java/org/apache/maven/artifact/AbstractArtifactComponentTestCase.java
index dbd6e8f..ab59ae6 100644
--- a/maven-compat/src/test/java/org/apache/maven/artifact/AbstractArtifactComponentTestCase.java
+++ b/maven-compat/src/test/java/org/apache/maven/artifact/AbstractArtifactComponentTestCase.java
@@ -60,6 +60,7 @@
import java.io.OutputStreamWriter;
import java.io.Writer;
import java.nio.charset.StandardCharsets;
+import java.security.MessageDigest;
import java.util.ArrayList;
import java.util.List;
@@ -298,6 +299,17 @@
{
writer.write( artifact.getId() );
}
+
+ MessageDigest md = MessageDigest.getInstance( "MD5" );
+ md.update( artifact.getId().getBytes() );
+ byte[] digest = md.digest();
+
+ String md5path = repository.pathOf( artifact ) + ".md5";
+ File md5artifactFile = new File( repository.getBasedir(), md5path );
+ try ( Writer writer = new OutputStreamWriter( new FileOutputStream( md5artifactFile ), StandardCharsets.ISO_8859_1) )
+ {
+ writer.append( printHexBinary( digest ) );
+ }
}
protected Artifact createArtifact( String artifactId, String version )
@@ -371,4 +383,17 @@
return session;
}
+ private static final char[] hexCode = "0123456789ABCDEF".toCharArray();
+
+ private static final String printHexBinary( byte[] data )
+ {
+ StringBuilder r = new StringBuilder( data.length * 2 );
+ for ( byte b : data )
+ {
+ r.append( hexCode[( b >> 4 ) & 0xF] );
+ r.append( hexCode[( b & 0xF )] );
+ }
+ return r.toString();
+ }
+
}
diff --git a/maven-compat/src/test/java/org/apache/maven/repository/legacy/DefaultWagonManagerTest.java b/maven-compat/src/test/java/org/apache/maven/repository/legacy/DefaultWagonManagerTest.java
index 1b3cb79..3424ac1 100644
--- a/maven-compat/src/test/java/org/apache/maven/repository/legacy/DefaultWagonManagerTest.java
+++ b/maven-compat/src/test/java/org/apache/maven/repository/legacy/DefaultWagonManagerTest.java
@@ -101,7 +101,10 @@
StringWagon wagon = (StringWagon) wagonManager.getWagon( "string" );
wagon.addExpectedContent( repos.get( 0 ).getLayout().pathOf( artifact ), "expected" );
+ wagon.addExpectedContent( repos.get( 0 ).getLayout().pathOf( artifact ) + ".md5", "cd26d9e10ce691cc69aa2b90dcebbdac" );
wagon.addExpectedContent( repos.get( 1 ).getLayout().pathOf( artifact ), "expected" );
+ wagon.addExpectedContent( repos.get( 1 ).getLayout().pathOf( artifact ) + ".md5", "cd26d9e10ce691cc69aa2b90dcebbdac" );
+
class TransferListener
extends AbstractTransferListener
@@ -170,6 +173,7 @@
StringWagon wagon = (StringWagon) wagonManager.getWagon( "string" );
wagon.addExpectedContent( repo.getLayout().pathOf( artifact ), "expected" );
+ wagon.addExpectedContent( repo.getLayout().pathOf( artifact ) + ".md5", "cd26d9e10ce691cc69aa2b90dcebbdac" );
wagonManager.getArtifact( artifact, repo, null, false );
@@ -271,6 +275,7 @@
ArtifactRepository repo = createStringRepo();
StringWagon wagon = (StringWagon) wagonManager.getWagon( "string" );
wagon.addExpectedContent( repo.getLayout().pathOf( artifact ), "expected" );
+ wagon.addExpectedContent( repo.getLayout().pathOf( artifact ) + ".md5", "cd26d9e10ce691cc69aa2b90dcebbdac" );
/* getArtifact */
assertFalse( "Transfer listener is registered before test",
diff --git a/maven-core/src/main/java/org/apache/maven/bridge/MavenRepositorySystem.java b/maven-core/src/main/java/org/apache/maven/bridge/MavenRepositorySystem.java
index 752e659..f723cde 100644
--- a/maven-core/src/main/java/org/apache/maven/bridge/MavenRepositorySystem.java
+++ b/maven-core/src/main/java/org/apache/maven/bridge/MavenRepositorySystem.java
@@ -419,8 +419,8 @@
}
return new ArtifactRepositoryPolicy( enabled, updatePolicy, checksumPolicy );
- }
-
+ }
+
public ArtifactRepository createArtifactRepository( String id, String url, String layoutId,
ArtifactRepositoryPolicy snapshots,
ArtifactRepositoryPolicy releases )
@@ -442,7 +442,7 @@
repositoryId ) );
}
}
-
+
public static ArtifactRepository createArtifactRepository( String id, String url,
ArtifactRepositoryLayout repositoryLayout,
ArtifactRepositoryPolicy snapshots,
@@ -568,20 +568,20 @@
return new DefaultArtifact( groupId, artifactId, versionRange, desiredScope, type, classifier, handler,
optional );
}
-
+
//
// Code taken from LegacyRepositorySystem
//
-
+
public ArtifactRepository createDefaultRemoteRepository( MavenExecutionRequest request )
throws Exception
{
return createRepository( RepositorySystem.DEFAULT_REMOTE_REPO_URL, RepositorySystem.DEFAULT_REMOTE_REPO_ID,
true, ArtifactRepositoryPolicy.UPDATE_POLICY_DAILY, false,
ArtifactRepositoryPolicy.UPDATE_POLICY_DAILY,
- ArtifactRepositoryPolicy.CHECKSUM_POLICY_WARN );
+ ArtifactRepositoryPolicy.DEFAULT_CHECKSUM_POLICY );
}
-
+
public ArtifactRepository createRepository( String url, String repositoryId, boolean releases,
String releaseUpdates, boolean snapshots, String snapshotUpdates,
String checksumPolicy ) throws Exception
@@ -594,7 +594,7 @@
return createArtifactRepository( repositoryId, url, "default", snapshotsPolicy, releasesPolicy );
}
-
+
public Set<String> getRepoIds( List<ArtifactRepository> repositories )
{
Set<String> repoIds = new HashSet<>();
@@ -707,8 +707,8 @@
ArtifactRepositoryPolicy.UPDATE_POLICY_ALWAYS, true,
ArtifactRepositoryPolicy.UPDATE_POLICY_ALWAYS,
ArtifactRepositoryPolicy.CHECKSUM_POLICY_IGNORE );
- }
-
+ }
+
private static final String WILDCARD = "*";
private static final String EXTERNAL_WILDCARD = "external:*";
@@ -873,5 +873,5 @@
}
return result;
- }
+ }
}
diff --git a/maven-model/src/main/mdo/maven.mdo b/maven-model/src/main/mdo/maven.mdo
index 61d9ceb..c0d253b 100644
--- a/maven-model/src/main/mdo/maven.mdo
+++ b/maven-model/src/main/mdo/maven.mdo
@@ -1995,12 +1995,11 @@
<description>
<![CDATA[
What to do when verification of an artifact checksum fails. Valid values are
- <code>ignore</code>
- ,
+ <code>ignore</code>,
<code>fail</code>
- or
+ (default for Maven 4 and above) or
<code>warn</code>
- (the default).
+ (default for Maven 2 and 3)
]]>
</description>
<type>String</type>
diff --git a/maven-resolver-provider/src/main/java/org/apache/maven/repository/internal/ArtifactDescriptorUtils.java b/maven-resolver-provider/src/main/java/org/apache/maven/repository/internal/ArtifactDescriptorUtils.java
index 7d4ede8..17fbb10 100644
--- a/maven-resolver-provider/src/main/java/org/apache/maven/repository/internal/ArtifactDescriptorUtils.java
+++ b/maven-resolver-provider/src/main/java/org/apache/maven/repository/internal/ArtifactDescriptorUtils.java
@@ -19,6 +19,7 @@
* under the License.
*/
+import org.apache.maven.artifact.repository.ArtifactRepositoryPolicy;
import org.apache.maven.model.Repository;
import org.eclipse.aether.artifact.Artifact;
import org.eclipse.aether.artifact.DefaultArtifact;
@@ -59,7 +60,7 @@
public static RepositoryPolicy toRepositoryPolicy( org.apache.maven.model.RepositoryPolicy policy )
{
boolean enabled = true;
- String checksums = RepositoryPolicy.CHECKSUM_POLICY_WARN;
+ String checksums = toRepositoryChecksumPolicy( ArtifactRepositoryPolicy.DEFAULT_CHECKSUM_POLICY );
String updates = RepositoryPolicy.UPDATE_POLICY_DAILY;
if ( policy != null )
@@ -78,4 +79,19 @@
return new RepositoryPolicy( enabled, updates, checksums );
}
+ public static String toRepositoryChecksumPolicy( final String artifactRepositoryPolicy )
+ {
+ switch ( artifactRepositoryPolicy )
+ {
+ case ArtifactRepositoryPolicy.CHECKSUM_POLICY_FAIL:
+ return RepositoryPolicy.CHECKSUM_POLICY_FAIL;
+ case ArtifactRepositoryPolicy.CHECKSUM_POLICY_IGNORE:
+ return RepositoryPolicy.CHECKSUM_POLICY_IGNORE;
+ case ArtifactRepositoryPolicy.CHECKSUM_POLICY_WARN:
+ return RepositoryPolicy.CHECKSUM_POLICY_WARN;
+ default:
+ throw new IllegalArgumentException( "unknown repository checksum policy: " + artifactRepositoryPolicy );
+ }
+ }
+
}