Open scottkurz opened 8 months ago
Hi, the warning message on download is irrelevant to feature signature verification. The checksum of the artifact is validated when resolving (downloading) the feature using the Maven api. Then the tool downloads the Liberty public key and starts verifying the feature signature.
I couldn't find the good reason why this checksum validation failed, but in this post they were able to resolve the issue by upgrading the maven version like you already mentioned.
Thanks for the update. It sounds like the only thing left is to decide if we formally raise the minimum supported Maven version. (Not sure what version this would be exactly. ) It doesn't seem worth it to me since this is just a warning message anyway, and things basically work.
I agree, when I tried the warning messages went away with Maven v3.9.0.
Issue for starter to update Maven version: https://github.com/OpenLiberty/start.openliberty.io/issues/241
Using:
I get the first time (the feature is downloaded) following running dev mode
As far as I can tell, everything works fine, however.
If I run dev mode a 2nd time with the same features, things proceed smoothly, without error messages.
If I upgrade Maven to v3.9.5 (a version I just happened to try), the message disappears, even for a newly-downloaded feature.
QUESTIONS
The behavior I saw aligns with more how I'd expect warn to work, however.