Reputation: 2996
How does the maven repository checksum work?
How does the checksum generation work when publishing artifacts to maven repository (using mvn deploy plugin or gradle maven-publish plugin)? Is it the plugin or the remote repository host that generates the checksum?
If the remote repository generates the checksum, how to verify that the artifact was uploaded "safely" to the remote repository?
Upvotes: 4
Views: 2060
Answers (1)
Reputation: 97348
I can't tell you something about how Gradle Plugin works but I can tell you how it works for Maven.
maven-deploy-plugin/maven-install-plugin version 2.X
- The install plugin generates the artifact checksums (SHA1, MD5)
- The deploy plugin only deploys (transfers not 100% accurate not relevant here) to the remote repository.
maven-deploy-plugin/maven-install-plugin version 3.X
- The deploy plugin generates the artifact checksums (SHA1, MD5) afterwards those artifacts are transfered (see above) to the remote repository.
This means the checksums are generated during the build process (on the local machine whoever this is) and not on the server machine (remote repository host).
The verification should be turned on via settings.xml (checksumPolicy)
Upvotes: 1
Related Questions
- Configuring maven to check integrity checksums when downloading artifacts from repository and/or building a project?
- Why does Maven report "Checksum validation failed, no checksums available from the repository"?
- Does Gradle have a way to check the checksum of jar after it has been downloaded from the Maven repo?
- Create a checksum for all maven artifacts
- Checksum for Github Repository
- Maven - add checksum accessible inside Java
- using github as maven repository Checksum validation failed
- How do I fix incorrect checksums in my Nexus repository?
- Why does Maven create artifact checksums?
- Maven checksum pom setting?