Issue 296 in google-collections: broken checksums in maven artefacts for rc4

[codesite...@google.com]

Status: New
Owner: ----

New issue 296 by jed.wesleysmith: broken checksums in maven artefacts for
rc4
http://code.google.com/p/google-collections/issues/detail?id=296

apparently the checksums are broken:

$ curl
http://repo2.maven.org/maven2/com/google/collections/google-collections/1.0-
rc4/google-collections-1.0-rc4.jar | sha1sum
% Total % Received % Xferd Average Speed Time Time Time
Current
Dload Upload Total Spent Left
Speed
100 624k 100 624k 0 0 39923 0 0:00:16 0:00:16 --:--:--
89659
e01e7343ab0592566ec76ad82f8546c48e28315c -
$ curl
http://repo2.maven.org/maven2/com/google/collections/google-collections/1.0-
rc4/google-collections-1.0-rc4.jar.sha1
c703ce8ae10cbb6256245c287dbb70920ad9f770

It wasn't deployed using maven 2.2 was it? 2.2 generates incorrect
checksums…


--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings

[codesite...@google.com]

Updates:
Status: Accepted
Owner: jared.l.levy

Comment #1 on issue 296 by jared.l.levy: broken checksums in maven

artefacts for rc4
http://code.google.com/p/google-collections/issues/detail?id=296

Yes, it was generated using maven 2.2. I assumed it was safe to use the
latest
version of Maven.

How serious is this? Should I build and deploy a new rc4 with a Maven 2.1?
Should I
give it a different version, like 1.0-rc4b?

[codesite...@google.com]

Comment #2 on issue 296 by davecheney: broken checksums in maven artefacts
for rc4
http://code.google.com/p/google-collections/issues/detail?id=296

Hi Jared,

The problem is caused when deploying to a repository that requires http
authentication. A change was made in 2.2.x to switch from j.u.httpclient to
org.apache.httpclient (from memory) which doesnt' submit authentication
information
unless it receives a 401. This causes the output stream to be transmitted
twice,
which produces the wrong checksum on the checksumming wrapped of the output
stream.

The most recent issue for this is http://jira.codehaus.org/browse/MNG-4301

You can safely fix the checksum in your repository. I've attached a script
to fix the
checksums



Attachments:
update-maven-checksums.sh 189 bytes

[codesite...@google.com]

Comment #3 on issue 296 by davecheney: broken checksums in maven artefacts

for rc4
http://code.google.com/p/google-collections/issues/detail?id=296

Hi Jared,

What is the resolution here, are you going to fix the checksums in your
repo, or wait for rc-5 ?

Cheers

Dave

[codesite...@google.com]

Comment #4 on issue 296 by davecheney: broken checksums in maven artefacts

for rc4
http://code.google.com/p/google-collections/issues/detail?id=296

Hi Jared,

Is there any update on a resolution ?

[codesite...@google.com]

Comment #5 on issue 296 by jed.wesleysmith: broken checksums in maven

artefacts for rc4
http://code.google.com/p/google-collections/issues/detail?id=296

Jared, this makes the library unusable from maven as it flags the library
as corrupted when it downloads it (as do
various proxies). We can get around this internally as we can deploy the
correct checksums, but we cannot use it
as an external dependency as our users will all get failing builds.

We have rolled back rc4 support until this issue is fixed.

[codesite...@google.com]

Updates:
Status: WontFix

Comment #6 on issue 296 by jared.l.levy: broken checksums in maven

artefacts for rc4
http://code.google.com/p/google-collections/issues/detail?id=296

We just released rc5, with a Maven package generated by Maven 2.0.10.

There's no longer a reason to fix the rc4 checksum.