Configuring maven to check integrity checksums when downloading artifacts from repository and/or building a project?
Question
In some situations (like not having money on balance), my internet provider redirects any HTTP request to a simple html stub. Recently maven cache on my dev machive was flooded by jar files with content consisting of an html stub from my internet provider. These jar files were not noticed during the build and ended up being deployed to Tomcat as a part of my project artifacts. I noticed problem thanks to warnings about corrupted jar files at Tomcat log. Obviously, I want to avoid this situation in future.
I see that at a maven cache, there are *.sha1 files that are expected to contain integrity checksums for jar files. In my case, these *.sha1 had also wrong content (consisting of an html stub).
How can I configure maven to fail during artifact download or during build process if jar file content does not match the integrity checksum?
The Maven version I use is 3.3.9 .
1 answers
solution1
5 ACCPTED 2018-06-21 10:55:49
Pass the command-line option --strict-checksums .
https://books.sonatype.com/mvnref-book/reference/running-sect-options.html#running-sect-deps-option
-C, --strict-checksums
Fail the build if checksums don't match
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.