Thomas Hoffmann created MRM-2018:
------------------------------------
Summary: Support for sha256 and sha512 Signatures of Gradle 6
Key: MRM-2018
URL: https://issues.apache.org/jira/browse/MRM-2018
Project: Archiva
Issue Type: Bug
Affects Versions: 2.2.4
Environment: Windows Server 2016
Reporter: Thomas Hoffmann
Hello,
since Gradle 6.0.1, additionally to the md5 and sha1 signatures, also sha256
and sha512 signatures are created, see Release-Notes:
[https://docs.gradle.org/6.0.1/release-notes.html]
When Gradle 6 uploads the artifcats, there are two additional files:
* maven-metadata.xml.sha256
* maven-metadata.xml.sha512
Unfortunately, the website to view the artifacts can't be opened in archiva. An
error message "Could not retrieve metadata of the files" is shown.
The logfile additionally shows:
{{2020-08-14 14:26:14,886 [ajp-nio-127.0.0.1-8009-exec-41] WARN
org.apache.archiva.webdav.ArchivaDavResourceFactory [] - Artifact path
'com/xxx/1.2033-SNAPSHOT/maven-metadata.xml.sha256' is invalid.}}
{{2020-08-14 14:26:14,904 [ajp-nio-127.0.0.1-8009-exec-37] WARN
org.apache.archiva.webdav.ArchivaDavResourceFactory [] - Artifact path
'com/xxx/1.2033-SNAPSHOT/maven-metadata.xml.sha512' is invalid.}}
It would be great, if Archiva could implement the new sha2-signatures or at
least ignore them. In the current situation, gradle 6 and above is killing the
website viewing the artifacts.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
