Tamas Cservenak opened MRESOLVER-265 and commented
In short: repository layout has member:
org.eclipse.aether.internal.impl.Maven2RepositoryLayoutFactory.Maven2RepositoryLayout#checksumAlgorithms
That is checksums (as configured by user of default) that will be consumed (on fetch) or produced (publish).
Now, if we consider "default" configured resolver (checksumAlrgorithms=SHA1, MD5) there is a discrepancy IF ANY OTHER supported but not configured checksum comes in play:
If a Mojo attaches an artifact having extension ".zip.sha512", resolver will checksum it (w/ checksumAlgorithms checksums) DESPITE it should know this is a checksum, and "checksum of a checksum" is a nonsense, just makes noise.
Reason: method org.eclipse.aether.internal.impl.Maven2RepositoryLayoutFactory.Maven2RepositoryLayout#isChecksum works with preconfigured checksums only (in our example SHA1 and MD5) and will respond "not a checksum" for SHA512.
Proposal to fix:
The method check should NOT be based on checksumAlgorithms but on "all checksums supported by Resolver".
Affects: 1.8.0
Issue Links:
- MRESOLVER-246 m-deploy-p will create hashes for hashes
("is depended upon by")
Remote Links:
Tamas Cservenak opened MRESOLVER-265 and commented
In short: repository layout has member:
org.eclipse.aether.internal.impl.Maven2RepositoryLayoutFactory.Maven2RepositoryLayout#checksumAlgorithmsThat is checksums (as configured by user of default) that will be consumed (on fetch) or produced (publish).
Now, if we consider "default" configured resolver (checksumAlrgorithms=SHA1, MD5) there is a discrepancy IF ANY OTHER supported but not configured checksum comes in play:
If a Mojo attaches an artifact having extension ".zip.sha512", resolver will checksum it (w/
checksumAlgorithmschecksums) DESPITE it should know this is a checksum, and "checksum of a checksum" is a nonsense, just makes noise.Reason: method
org.eclipse.aether.internal.impl.Maven2RepositoryLayoutFactory.Maven2RepositoryLayout#isChecksumworks with preconfigured checksums only (in our example SHA1 and MD5) and will respond "not a checksum" for SHA512.Proposal to fix:
The method check should NOT be based on
checksumAlgorithmsbut on "all checksums supported by Resolver".Affects: 1.8.0
Issue Links:
("is depended upon by")
Remote Links: