Benjamin Marwell created MDEPLOY-290: ----------------------------------------
Summary: m-deploy-p will create hashes for hashes Key: MDEPLOY-290 URL: https://issues.apache.org/jira/browse/MDEPLOY-290 Project: Maven Deploy Plugin Issue Type: Bug Components: deploy:deploy Affects Versions: 3.0.0-M2, 2.8.2 Reporter: Benjamin Marwell Hi everyone, recent ASF parent pom will create hashes for source-release-zip files using the checksum-maven-plugin. However, the SHIRO project decided to hash ALL artifacts: {code:xml} <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-gpg-plugin</artifactId> <configuration> <excludes> <!-- default config --> <exclude>**/*.md5</exclude> <exclude>**/*.sha1</exclude> <exclude>**/*.sha256</exclude> <exclude>**/*.sha512</exclude> <exclude> **/*.asc</exclude> <!-- additional hashes --> <exclude>**/*.sha3512</exclude> </excludes> </configuration> </plugin> <plugin> <groupId>net.nicoulaj.maven.plugins</groupId> <artifactId>checksum-maven-plugin</artifactId> <version>1.11</version> <executions> <execution> <id>source-release-checksum</id> <phase>none</phase> </execution> <execution> <id>main-artifact-checksum</id> <phase>verify</phase> <goals> <goal>artifacts</goal> </goals> </execution> </executions> <configuration> <algorithms> <algorithm>SHA-256</algorithm> <algorithm>SHA-512</algorithm> <algorithm>SHA3-512</algorithm> </algorithms> <csvSummary>false</csvSummary> <!-- attach checksums as well to upload to Maven Staging Repo, as this eases uploading from stage to dist and doesn't do harm in Maven Central --> <attachChecksums>true</attachChecksums> </configuration> </plugin> {code} Now as you can see, gpg plugin had to be extended, but we also create *.sha3512 files. Those and all other hashes are being hashed by the deploy plugin, though: {code} $ ls -1F ./org/apache/shiro/shiro-lang/1.9.0-SNAPSHOT/*sources* ./org/apache/shiro/shiro-lang/1.9.0-SNAPSHOT/shiro-lang-1.9.0-20220303.204242-1-sources.jar ./org/apache/shiro/shiro-lang/1.9.0-SNAPSHOT/shiro-lang-1.9.0-20220303.204242-1-sources.jar.asc ./org/apache/shiro/shiro-lang/1.9.0-SNAPSHOT/shiro-lang-1.9.0-20220303.204242-1-sources.jar.md5 ./org/apache/shiro/shiro-lang/1.9.0-SNAPSHOT/shiro-lang-1.9.0-20220303.204242-1-sources.jar.sha1 ./org/apache/shiro/shiro-lang/1.9.0-SNAPSHOT/shiro-lang-1.9.0-20220303.204242-1-sources.jar.sha256 ./org/apache/shiro/shiro-lang/1.9.0-SNAPSHOT/shiro-lang-1.9.0-20220303.204242-1-sources.jar.sha256.md5 ./org/apache/shiro/shiro-lang/1.9.0-SNAPSHOT/shiro-lang-1.9.0-20220303.204242-1-sources.jar.sha256.sha1 ./org/apache/shiro/shiro-lang/1.9.0-SNAPSHOT/shiro-lang-1.9.0-20220303.204242-1-sources.jar.sha3512 ./org/apache/shiro/shiro-lang/1.9.0-SNAPSHOT/shiro-lang-1.9.0-20220303.204242-1-sources.jar.sha3512.md5 ./org/apache/shiro/shiro-lang/1.9.0-SNAPSHOT/shiro-lang-1.9.0-20220303.204242-1-sources.jar.sha3512.sha1 ./org/apache/shiro/shiro-lang/1.9.0-SNAPSHOT/shiro-lang-1.9.0-20220303.204242-1-sources.jar.sha512 ./org/apache/shiro/shiro-lang/1.9.0-SNAPSHOT/shiro-lang-1.9.0-20220303.204242-1-sources.jar.sha512.md5 ./org/apache/shiro/shiro-lang/1.9.0-SNAPSHOT/shiro-lang-1.9.0-20220303.204242-1-sources.jar.sha512.sha1 {code} Notice the *.sha512.md1 and *.sha512.sha1 files. Currently there is no exclusion possible. Therefore: * Let's add an exclusion parameter for hashing, similar to gpg's one. * set a sane default (to be discussed). -- This message was sent by Atlassian Jira (v8.20.1#820001)