Closed GoogleCodeExporter closed 9 years ago
Look like I can only create defects.... =/
Original comment by velo...@gmail.com
on 11 Feb 2010 at 11:07
Original comment by savage7....@gmail.com
on 13 Feb 2010 at 12:33
Velo,
I looked at the sonatype rest API, and when trying to access the query that
would
search for artifacts by checksum, it would prompt me for credentials. So, I'm
not sure
ths is an open API, it may require user credentials to access.
Original comment by savage7....@gmail.com
on 13 Feb 2010 at 12:35
Hrmmm.... it should be public, since anyone can access their site and send
requests for chelsums....
Original comment by velo...@gmail.com
on 13 Feb 2010 at 2:33
Ok, so I have been able to get a few SHA1 requests working without
authentication.
Have not been successful with MD5 yet, no auth prompts, but no success response
return either.
http://repository.sonatype.org/service/local/identify/sha1/46fc7b53d0fd5b4a13455
0417d
aa76696d68e4d0
http://repository.sonatype.org/service/local/identify/sona:md5/b6b0928bbf9b3a9a4
25f7b
2687aa37bd
Original comment by savage7....@gmail.com
on 13 Feb 2010 at 8:08
I think the search is sha1 only, at least I never tried it as md5
Original comment by velo...@gmail.com
on 13 Feb 2010 at 10:38
Velo,
I started working on this logic and I have run into a question. I have
calculated
the SHA1 checksum and I am getting the REST XML results returned from Sonatype.
Under what conditions do you think the build should fail?
Obviously if no artifacts are returned in the resulting XML, then it is OK to
continue and not fail the build. If 1 or more artifacts are returned in the
XML
results what should I do? Should I iterate over the returned artifacts list
and look
for artifacts listed under the same group ID and artifact ID and fail if that
is
found? Or should I fail the build if any artifacts are returned in the REST
query?
Is it possible that another project could end up with the same checksum?
Thank You,
Robert
Original comment by savage7....@gmail.com
on 26 Mar 2010 at 1:13
I agree with you, if no artifacts are available just let it be.
If anything is found (most likely only one result will be found), I see 2 work
flow:
a) if the GAV match, so let it be
b) if the GAV are different, print the list of artifacts you found and fail the
build
due the fact this artifact is getting duplicated
> Is it possible that another project could end up with the same checksum?
Almost impossible, it is a fingerprint technic, should be unique for each file.
Original comment by velo...@gmail.com
on 26 Mar 2010 at 1:22
implemented in version 0.2-SNAPSHOT
example of invalid artifact is included in the test project's POM file, but it
is
commented out.
Original comment by savage7....@gmail.com
on 26 Mar 2010 at 6:48
From what I learned with Flexmojos I would:
a) not make possible to skip checksum verification, or
b) make it only skippable using an arg on command line (
-Dexternal.dependency.unsafely.install.artifacts)
Why is that, people tend to screw their build and to ignore warning on output.
On
example that happen with me was that Flexmojos printed a warning and break the
build
when people build a project using Flex 4 compiler and Flex 3 libraries. This
will
obviously go wrong, but people just the skipCompilerVerification to true and
then
complain flexmojos doesn't work....
Anyway, just a suggestion
Original comment by velo...@gmail.com
on 26 Mar 2010 at 11:34
Original issue reported on code.google.com by
velo...@gmail.com
on 11 Feb 2010 at 11:05