Task Description

We should improve our support for checksums for maven-metadata.xml files. This seems to be a problem for Gradle artifacts and there is now support for sha256 and sha512 in Gradle. Maven Central (running on Nexus 2.x) now supports this.

• Add sha-256 and sha-512 checksums when publishing gradle/gradle#11053 : Add sha-256 and sha-512 checksums when publishing
• maven-metadata.xml SHA256 and SHA512 checksums prevent publishing to Nexus gradle/gradle#11308 : maven-metadata.xml SHA256 and SHA512 checksums prevent publishing to Nexus
• https://issues.sonatype.org/browse/MVNCENTRAL-5276 : Validation should support SHA256 and SHA512 checksums

Tasks

The following tasks will need to be carried out:

• It should be possible to configure what checksums are enabled for a Maven repository.
• It should be possible to configure what checksums are enabled for all Maven repositories.
• It should be possible to configure the checksum options via the UI.
• Review what changes will be required to AbstractLayoutProvider.getDigestAlgorithmSet() or the Maven2LayoutProvider and apply the necessary fixes.
• Re-work the org.carlspring.strongbox.services.impl.ArtifactMetadataServiceImpl and org.carlspring.strongbox.cron.jobs.RebuildMavenMetadataCronJob.
• Add UI for these settings.

Task Relationships

This task:

• Relates to: Implement strict checksum validation for proxy repositories resolving from remotes #1398 , Implement strict checksum validation option for Repository #1512

Help

• Our chat
• Points of contact:
  • @carlspring
  • @sbespalov
  • @steve-todorov