Menu
I am working on a project that uses Maven as the build tool. I am using version 2.2.1 of the tool. Recently a coworker mentioned that he couldn't build the project because of checksum errors. I wasn't getting these errors so I deleted my local repository. Sure enough, I also got the checksum errors on the next attempt to build. We are using Archiva as our central repository, so I uploaded the jars again hoping to resolve the issue. No luck. What could be causing these errors and how do I resolve them?
Downloading: http://artifactory/archiva/repository/maven-repo/org/springframework/ws/spring-
ws/1.5.8/spring-ws-1.5.8.pom
427b downloaded (spring-ws-1.5.8.pom)
[WARNING] *** CHECKSUM FAILED - Checksum failed on download: local = '14d6901e3f251f5d312b9be726c75a
68f78045ac'; remote = '659bbed2c2dae12e9dbb65f8cad8fce1a1ea0845' - RETRYING
Downloading: http://artifactory/archiva/repository/maven-repo/org/springframework/ws/spring-
ws/1.5.8/spring-ws-1.5.8.pom
427b downloaded (spring-ws-1.5.8.pom)
[WARNING] *** CHECKSUM FAILED - Checksum failed on download: local = '14d6901e3f251f5d312b9be726c75a
68f78045ac'; remote = '659bbed2c2dae12e9dbb65f8cad8fce1a1ea0845' - IGNORING
Downloading: http://artifactory/archiva/repository/maven-repo/com/xyz/abc/3.0.20090929_
attachment_fixes/abc-3.0.20090929_attachment_fixes.pom
435b downloaded (abc-3.0.20090929_attachment_fixes.pom)
817
Maven Resolver uses checksums to verify the integrity of downloaded artifacts and metadata. Checksums are usually laid out in repositories next to the file in question, with file extension telling the checksum algorithm that produced the given checksum file content.
The file at https://repo1.maven.org/maven2/com/octopus/randomquotes/maven-metadata.xml is created when a Maven artifact is published. It lists various details about the artifacts that have been published, like version number and the dates when the artifact was last updated.
The problem appears to be in how the maven client is deploying artifacts to your central repository (Archiva). It's using HTTP and in certain situations will corrupt the checksum signature of the file.
Try changing your local maven settings file to look something like this, which for me was located in ~/.m2/settings.xml
<settings>
<servers>
<server>
<id>my-server</id>
<configuration>
<httpConfiguration>
<put>
<params>
<param>
<name>http.authentication.preemptive</name>
<value>%b,true</value>
</param>
</params>
</put>
</httpConfiguration>
</configuration>
</server>
</servers>
</settings>
After you make that change, redeploy the artifacts to your central repo, then try to run mvn dependency:resolve in your local project to see if the checksum errors still happen.
Here's a thread about this problem: http://jira.codehaus.org/browse/MNG-4301
158
The artifact resolver is (still, even in 3.0.4 apparently) not thread safe:
http://jira.codehaus.org/browse/MNG-4742
try building with:
-Dmaven.artifact.threads=1
When I build with this option in 3.0.4 in a project that displays checksum errors (for log4j), all of the checksum errors disappear.
It should apply to 2.2.1 as well.
(edit: file this answer under 'hiding false negatives')
6
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
