0

Before we deploy unsigned jars and aars to the artifactory, Now I have just signed my artifacts before pushing to the same artifactory repo. I am using gradle MavenPublishing Plugin to publish the artifacts(jars and aars)

I am facing checksum conflict as the server generated checksum value is based on the unsigned version of the artifacts and the client checksum will be new as some more meta data added while signing. Checksum original and actual values differ.

Error Message: java.io.IOException: Failed to deploy file. Status code: 409 Response message: Artifactory returned the following errors: Checksum policy 'LocalRepoChecksumPolicy: CLIENT' rejected the artifact

I need to now push my new signed version of the jars and aars to my same JFrog artifactory repo. Any suggestions to solve this issue will be helpful.

Thanks in advance!

AnnapoorniS
  • 71
  • 1
  • 6

1 Answers1

0

You can configure Artifactory to trust the client checksum. This is done on the repository configuration page: WebUI--> Admin --> Local --> Repository configuration --> Checksum policy.

Please read the wiki page to see all of the relevant information before doing the change. https://www.jfrog.com/confluence/display/RTF/Local+Repositories#LocalRepositories-ChecksumPolicy

Ariel
  • 3,406
  • 14
  • 17
  • Thanks for the answer. But, I find the option here only to accept the server calculated checksum. Is there a way to save the client checksum value? And also it is mentioned as we need to compromise security in that case. – AnnapoorniS Aug 17 '17 at 07:08
  • Currently, Artifactroy rejects the artifact as your client is sending it with checksum 'A' while Artifactory is calculating checksum 'B'. Your first issue here is to deploy the artifacts to Artifactory and in order to do so, you will have to change the policy. Or am I missing something and this is not the main issue? – Ariel Aug 17 '17 at 10:43
  • Not able to push is my issue. And thanks for your response as it will for sure solve my problem, if I change the checksum policy. But, my team is not happy in changing this checksum policy as it violates security check. And so, I asked you is there any alternative way that I can deploy the same in a secure way? – AnnapoorniS Aug 20 '17 at 07:48
  • Not that I know of, but maybe someone else will have a workaround for you. good luck :) – Ariel Aug 20 '17 at 11:10