Uploaded image for project: 'Infrastructure'
  1. Infrastructure
  2. INFRA-2594

Support SHA256/SHA512 for maven metadata

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      Plugins published with gradle (and the gradle-jpi-plugin) attempt to upload two files per module with SHA256 and SHA512 checksums:

      • maven-metadata.xml.sha256
      • maven-metadata.xml.sha512

      This currently fails with a 403.

      The error message is:

      Cannot upload checksum for module-maven-metadata.xml. Remote repository doesn't support sha-256. Error: Could not PUT 'https://repo.jenkins-ci.org/releases/org/jenkins-ci/plugins/templating-engine/maven-metadata.xml.sha256'. Received status code 403 from server: Forbidden
      Cannot upload checksum for module-maven-metadata.xml. Remote repository doesn't support sha-512. Error: Could not PUT 'https://repo.jenkins-ci.org/releases/org/jenkins-ci/plugins/templating-engine/maven-metadata.xml.sha512'. Received status code 403 from server: Forbidden
      

      This issue was requested from gradle-jpi-plugin #158

        Attachments

          Issue Links

            Activity

            Hide
            danielbeck Daniel Beck added a comment -

            Proposed fix is merged, could you try 1+ hrs from now?

            Show
            danielbeck Daniel Beck added a comment - Proposed fix is merged, could you try 1+ hrs from now?
            Hide
            danielbeck Daniel Beck added a comment -

            Believed fixed.

            Show
            danielbeck Daniel Beck added a comment - Believed fixed.
            Hide
            sghill Steve Hill added a comment -

            Hi Daniel Beck, everything looks good for the sha256, but 512 is giving this error on a publish today:

            Cannot upload checksum for module-maven-metadata.xml. Remote repository doesn't support sha-512. Error: Could not PUT 'https://repo.jenkins-ci.org/releases/org/jenkins-ci/tools/gradle-jpi-plugin/maven-metadata.xml.sha512'. Received status code 403 from server: Forbidden
            Show
            sghill Steve Hill added a comment - Hi Daniel Beck , everything looks good for the sha256, but 512 is giving this error on a publish today: Cannot upload checksum for module-maven-metadata.xml. Remote repository doesn't support sha-512. Error: Could not PUT 'https://repo.jenkins-ci.org/releases/org/jenkins-ci/tools/gradle-jpi-plugin/maven-metadata.xml.sha512'. Received status code 403 from server: Forbidden
            Hide
            danielbeck Daniel Beck added a comment -

            https://repo.jenkins-ci.org/releases/org/jenkins-ci/tools/gradle-jpi-plugin/maven-metadata.xml.sha512

            You are allowed to write to org/jenkins-ci/tools/gradle-jpi-plugin/maven-metadata.xml.* so this is weird.

            Are you able to deploy snapshots to the /snapshots repo?

            Show
            danielbeck Daniel Beck added a comment - https://repo.jenkins-ci.org/releases/org/jenkins-ci/tools/gradle-jpi-plugin/maven-metadata.xml.sha512 You are allowed to write to org/jenkins-ci/tools/gradle-jpi-plugin/maven-metadata.xml.* so this is weird. Are you able to deploy snapshots to the /snapshots repo?
            Hide
            danielbeck Daniel Beck added a comment -

            Unfortunately we keep logs only for a few minutes, and the error from your failed upload is long gone. Maybe we can schedule your next release attempt, so I can watch the log, to find out why Artifactory objects?

            Show
            danielbeck Daniel Beck added a comment - Unfortunately we keep logs only for a few minutes, and the error from your failed upload is long gone. Maybe we can schedule your next release attempt, so I can watch the log, to find out why Artifactory objects?
            Hide
            sghill Steve Hill added a comment -

            It seems like I may have permissions to overwrite maven-metadata.xml, but not maven-metadata.xml.sha512?

            Are you able to deploy snapshots to the /snapshots repo?

            It works the first time, but fails on subsequent uploads. Here is a snapshot I just uploaded and here is the directory with maven-metadata.xml.sha512.

            When I upload a snapshot again, I get:

            Cannot upload checksum for snapshot-maven-metadata.xml. Remote repository doesn't support sha-512. Error: Could not PUT 'https://repo.jenkins-ci.org/snapshots/org/jenkins-ci/tools/gradle-jpi-plugin/0.40.0-SNAPSHOT/maven-metadata.xml.sha512'. Received status code 403 from server: Forbidden
            Cannot upload checksum for module-maven-metadata.xml. Remote repository doesn't support sha-512. Error: Could not PUT 'https://repo.jenkins-ci.org/snapshots/org/jenkins-ci/tools/gradle-jpi-plugin/maven-metadata.xml.sha512'. Received status code 403 from server: Forbidden

            Maybe we can schedule your next release attempt, so I can watch the log, to find out why Artifactory objects?

            Sounds good. Does 10 am pacific time on Monday December 14 work for you?

            Show
            sghill Steve Hill added a comment - It seems like I may have permissions to overwrite maven-metadata.xml , but not maven-metadata.xml.sha512 ? Are you able to deploy snapshots to the /snapshots repo? It works the first time, but fails on subsequent uploads. Here is a snapshot I just uploaded and here is the directory with maven-metadata.xml.sha512 . When I upload a snapshot again, I get: Cannot upload checksum for snapshot-maven-metadata.xml. Remote repository doesn't support sha-512. Error: Could not PUT 'https://repo.jenkins-ci.org/snapshots/org/jenkins-ci/tools/gradle-jpi-plugin/0.40.0-SNAPSHOT/maven-metadata.xml.sha512'. Received status code 403 from server: Forbidden Cannot upload checksum for module-maven-metadata.xml. Remote repository doesn't support sha-512. Error: Could not PUT 'https://repo.jenkins-ci.org/snapshots/org/jenkins-ci/tools/gradle-jpi-plugin/maven-metadata.xml.sha512'. Received status code 403 from server: Forbidden Maybe we can schedule your next release attempt, so I can watch the log, to find out why Artifactory objects? Sounds good. Does 10 am pacific time on Monday December 14 work for you?
            Hide
            danielbeck Daniel Beck added a comment - - edited

            I think I know what the problem is:

            Combined, Artifactory correctly rejects re-uploads of the same file it doesn't understand is just a checksum.

            https://www.jfrog.com/jira/browse/RTFACT-21426 is the upstream issue. As this is a hosted Artifactory, we cannot apply the proposed workaround in the newest comment.

            Show
            danielbeck Daniel Beck added a comment - - edited I think I know what the problem is: Artifactory does not "understand" sha512 metadata files. In directory listings likeĀ  http://repo.jenkins-ci.org/releases/org/jenkins-ci/main/jenkins-war/2.245/ you don't see .md5, .sha1 and .sha256 files, even though they sort of exist: http://repo.jenkins-ci.org/releases/org/jenkins-ci/main/jenkins-war/2.245/jenkins-war-2.245.war.sha256 . It "understands" them. .sha512 are just normal files to Artifactory. We do not allow replacing existing files to prevent re-uploads of the same releases. Combined, Artifactory correctly rejects re-uploads of the same file it doesn't understand is just a checksum. https://www.jfrog.com/jira/browse/RTFACT-21426 is the upstream issue. As this is a hosted Artifactory, we cannot apply the proposed workaround in the newest comment.
            Hide
            sghill Steve Hill added a comment -

            Thanks Daniel Beck. I voted on that issue and added a comment with some context.

            Show
            sghill Steve Hill added a comment - Thanks Daniel Beck . I voted on that issue and added a comment with some context.

              People

              Assignee:
              danielbeck Daniel Beck
              Reporter:
              sghill Steve Hill
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: