invalid sha digest on pom file in maven repo

[GoogleCodeExporter]

Hello.  When I tried to add guice 2.0 to an ivy-fied project, I get the
following (either from the maven main or google-maven repo)

[ivy:retrieve]  problem while downloading module descriptor:
http://google-maven-repository.googlecode.com/svn/repository/com/google/inject/g
uice/2.0/guice-2.0.pom:
invalid sha1: expected=6c5029102c03c627275fe183377c0586a3194425
computed=3bb8d0283ecfc05ba8dae825e46980d669265333 (550ms)

Downloading the pom with wget, I also get

$ sha1sum guice-2.0.pom 
3bb8d0283ecfc05ba8dae825e46980d669265333  guice-2.0.pom

Original issue reported on code.google.com by james.s....@gmail.com on 1 Sep 2009 at 11:42

[GoogleCodeExporter]

This seems to be an issue with all the guice artifacts in the maven 
repositories, not 
just the guice-2.0.pom.  The jars have wrong checksums (both sha1 and md5) for 
guice 
and all the extensions.  Google Collections 1.0-rc4 seems to suffer the same 
issue.

Original comment by rwallace...@gmail.com on 17 Dec 2009 at 11:43

[GoogleCodeExporter]

This issue is caused when using Maven 2.2 to deploy.  It doesn't occur with 
Maven 2.1.

Original comment by rwallace...@gmail.com on 17 Dec 2009 at 11:57

[GoogleCodeExporter]

Is there a known Ivy workaround with respect to this issue?

Original comment by bs1...@gmail.com on 18 Dec 2009 at 6:47

[GoogleCodeExporter]

Looking at my ivysettings file, I see that I added 

<property name="ivy.checksums" value=""/>

If I remember correctly, that caused ivy to skip the digest verification.  This 
is
acceptable for my purposes, but it probably won't be for a lot of enterprise 
folks.

Original comment by james.s....@gmail.com on 18 Dec 2009 at 7:00

[GoogleCodeExporter]

Thanks James, that did the trick.  Looks like the issue will be cleared up in 
January 
(http://code.google.com/p/protobuf/issues/detail?id=126).

Original comment by bs1...@gmail.com on 18 Dec 2009 at 7:08

[GoogleCodeExporter]

I have contacted the Maven guys and they have volunteered to fix them.  I will 
update 
this issue as soon as I hear that it has been fixed.

Original comment by gk5...@gmail.com on 6 Jan 2010 at 7:54

• Changed state: Accepted

[GoogleCodeExporter]

I have been told that the checksums have been regenerated.

Original comment by gk5...@gmail.com on 21 Jan 2010 at 10:52

• Changed state: Fixed

[GoogleCodeExporter]

Yay, thanks dude.

It's dumb that distribution via Maven requires manual work from a central 
repository. 

Original comment by limpbizkit on 22 Jan 2010 at 8:47

[GoogleCodeExporter]

I am hitting this issue on Feb 28, 2010 with Ivy 2.1.  Don't look fixed to me.

Original comment by blaine....@gmail.com on 1 Mar 2010 at 2:45

[GoogleCodeExporter]

it is very annoying to still get the same error, IT IS NOT FIXED.

[ivy:retrieve]  problem while downloading module descriptor:
http://repo1.maven.org/maven2/com/google/inject/guice/2.0/guice-2.0.pom: invalid
sha1: expected=6c5029102c03c627275fe183377c0586a3194425
computed=3bb8d0283ecfc05ba8dae825e46980d669265333 (1422ms)
[ivy:retrieve]      module not found: com.google.inject#guice;2.0

Original comment by bahri.ge...@gmail.com on 9 Mar 2010 at 7:54

[GoogleCodeExporter]

I also get this. I.e. it's not fixed. How do we get the state changed form 
"FIXED"?

Original comment by bjnort...@gmail.com on 16 Mar 2010 at 10:39