We are currently using Nexus Repository Manager OSS 3.22.1-02.
We have several maven2-repositories to which we uploading files using the Nexus-web-frontend and maven.
When i deploy a file using maven (mvn deploy:deploy-file …), there is only a MD5 and SHA1 checksum available, but not a SHA256 (which is needed for our further processing).
When i upload the file using the Nexus-web-frontend, the SHA256 is created properly.
Is there a way to generate the SHA256 using maven deploy?
Looks like this will be functionality that will be included in Apache Maven Artifact Resolver 1.6.1 via MRESOLVER-56. All isssues that are scheduled for this release of Resolver are complete, so let’s hope that it will make it into the upcoming Maven 3.7.0 release (and from there into Maven Deploy Plugin).
Reviving old thread, because I cannot find answer in docs…
I see that Nexus now calculates md5, sha1, sha256 & sha512, but only creates md5 & sha1 files for components. Is that configurable? My use case is downloading xyz.jar & xyz.jar.sha1 via api and verifying the jar using sha1sum - but I would prefer to use sha256 / sha256sum.
Nexus only creates checksum files for metadata that the server builds, otherwise for maven it is the responsibility of the client to upload the checksums. Likely this indicates the version of maven you’re using does not create the other checksum files.
Thank you @mpiggott - Yes, I have been flip-flopping back and forth as to whether maven creates & uploads these files to Nexus OR Nexus creates them when components are uploaded, it’s a mystery, as I can’t seem to find documentation on either possibility. I see no indication of md5 or sha1 files uploading in my build logs when pom, jar, war, etc are built/uploaded, using maven-3.9.
It’s okay though, because I can use the nexus-api to grab the SHA-256 quite easily.