Re: Dependency problem when running `lein ring server`

[James Reeves]

Maven is trying to download the following file:

http://repo1.maven.org/maven2/org/apache/commons/commons-parent/22/commons-parent-22.pom

And the SHA1 hash it's expecting the file to have differs from what it actually gets. You can test this result with curl:

bash$ curl -s http://repo1.maven.org/maven2/org/apache/commons/commons-parent/22/commons-parent-22.pom | shasum

0e895fa7ed472b3b2081ef77e2d5ece78c139d54  -

On my machine, the SHA1 hash matches up with what Maven expects.

As to what's causing this, I suggest you try looking at the pom file directly, and see if there's anything obviously wrong with it. For instance, perhaps you have some form of antivirus proxy that's changing it in some way.

- James

On 21 April 2013 13:24, ell <eugiel...@gmail.com> wrote:

Hi,

I'm diving into learning compojure to build a REST service. I followed  the Getting Started page of compojure but when I try to run `lein ring server`, I get the following error messages:

Could not transfer artifact org.apache.commons:commons-parent:pom:22 from/to central (http://repo1.maven.org/maven2/): Checksum validation failed, expected 0e895fa7ed472b3b2081ef77e2d5ece78c139d54 but is fc560e64cf55eeee2c612dd924714b1689c1199e

Could not transfer artifact org.apache.commons:commons-parent:pom:22 from/to central (http://repo1.maven.org/maven2/): Checksum validation failed, expected 0e895fa7ed472b3b2081ef77e2d5ece78c139d54 but is fc560e64cf55eeee2c612dd924714b1689c1199e

Could not transfer artifact org.apache.commons:commons-parent:pom:7 from/to central (http://repo1.maven.org/maven2/): Checksum validation failed, expected 95db361d9db1474346b2bde93e5402281909144c but is c736ca2b1e6d5323eb90283c1bd7f29bc67f0ce4

This could be due to a typo in :dependencies or network issues.

I've tried using `lein clean` but that didn't help (is it supposed to?). I have no experience with maven and leiningen, actually. Can someone help me with this? I've tried searching to no avail (or maybe my keywords are wrong).

Regards.

--
You received this message because you are subscribed to the Google Groups "Compojure" group.
To unsubscribe from this group and stop receiving emails from it, send an email to compojure+...@googlegroups.com.
To post to this group, send email to comp...@googlegroups.com.
Visit this group at http://groups.google.com/group/compojure?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

[Nelson Morris]

I'm unsure if bad checksums get cached, so you might `rm -r ~/.m2/repository/org/apache/commons/commons-parent/` and try again to make sure you are getting the latest from the server.

-

Nelson Morris

[James Reeves]

In this case the checksums look correct. The expected checksums match up to the version currently hosted on the website, and to the one in my local cache that was retrieved in February 2012.

I'd therefore recommend not touching the .m2 cache, on the off chance that this might be a genuine MITM attack (as unlikely as that is).

[ell]

So I tried doing what Nelson said and deleted the contents of ~/.m2/repository/org/apache/commons/commons-parent/ and ran `lein ring server` again and it worked this time. I think the problem was because I was using data connection when I tried to download the dependencies and my connection was not reliable. In this case, Leiningen was right: "This could be due to a typo in :dependencies or network issues."

Thanks for all the help guys.

[Nelson Morris]

I originally read the checksums backwards.  My guess would be that the jar ended up being corrupted.  Just removing the jar file would have been the safer option regarding a potential mitm.

--