archiva-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "EJ Ciramella" <>
Subject RE: How does archiva determine if a remote file exists
Date Mon, 08 Sep 2008 12:49:39 GMT
You are correct - some where along the line our content filters at work
intercepted the "mvn deploy" request, and either during the "go check
for updates" bit of a regular maven build or during the actual deploy
portion, our content filters said, "nope, can't go there" (they
shouldn't have and that's been fixed".

The content filters provided a html page and a 200 response code so
archiva happily put all those artifacts (that we would normally build
out of our SCM system) that it was trying to proxy into the repository
earmarked for external, third party artifacts.

Again (maybe more for my benefit) here are the steps:

1 - mvn deploy 
2 - Archiva goes to check to see if it has the latest and scans remote
3 - upon scanning people.apache.something, our filters cried foul and
displayed the html page (returning a valid response code)
4 - Archiva saw that and took the returning stream of bits (the web
page) and opted to install/proxy things into the repository we have set
up for external third party jars

This gave us a handful of jars and poms that were nothing more than the
html page.  So I don't think it was even looking at checksums for these
things and if it could, how would I turn this feature on?  Isn't it on
out of the box?

I'll ask our is/it department if they couldn't get the content filter
system to return some other code instead of an "all clear" code....

-----Original Message-----
From: Brett Porter [] 
Sent: Monday, September 08, 2008 7:17 AM
Subject: Re: How does archiva determine if a remote file exists

2008/9/8 EJ Ciramella <>

> So how/where do I turn on the checksum validation?

This is on the proxy connectors, which is where I assumed the problem to

> The "false 200" code we had was for a module we are building locally
> installing into an archiva managed repository.
> I understand your respose with regard to remote repositories (say repo
> but the pom and jar that was goofed was put into archiva via mvn
install not
> by an archiva proxy process.

This sounds unusual - so you're saying that the network infrastructure
intercepted your PUT request and modified the content? Sorry if i I

We don't currently have a checksum on deployment feature as the files
not placed in a single transaction.

- Brett

Brett Porter

View raw message