Comment 1 Pascal Rapicault 2012-04-28 14:09:10 EDT

As tycho gain more and more adoption, it will be good to reconsider the priority of this bug since without this type of support people will download bad artifacts, fail at runtime and it will be painful for everybody to figure out.

Comment 2 Tobias Oberlies 2012-05-11 10:16:22 EDT

You are probably right. This used to be hard to implement (because it broke the signing use case), but with bug 377359, this now is no longer the case.

Comment 3 Tobias Oberlies 2012-06-08 07:36:51 EDT

Implementation note: Since the p2 repository aggregation is a raw mirror operation (on purpose - so that packed artifacts can be included), the MD5 sums are needed in the source of that operation, e.g. the local Maven repository. When implementing this, make sure we don't run into bug 380904 again.

Comment 4 Jan Sievers 2013-03-19 11:49:05 EDT

*** Bug 403797 has been marked as a duplicate of this bug. ***

Comment 5 Helmut J. Haigermoser 2014-04-16 07:29:35 EDT

Tobias, Jan,
I just ran into this problem when a customer reported issues with half-downloaded artifacts.

What's the plan for addressing this issue, it was reported in 2011 so I would like to ask for giving this priority in 2014 if possible.

Please let me know if there was anything I could do to help speed up the fix process!
Helmut

Comment 6 Igor Fedorenko 2014-04-16 07:43:11 EDT

Wiki [1] may prove useful ;-)

[1] http://wiki.eclipse.org/Tycho/Contributor_Guide

Comment 7 Jan Sievers 2015-11-04 11:00:30 EST

I just talked with Mykola Nikishov about this on ECE 2015 (this is related to bug 423715).
just noting down some thoughts, this may be wrong... :

- it seems unfortunate that we removed md5 for everybody while there was only a bug for people who post-process the jar which changes the checksum (signing, packing) and there is a workaround in this case (re-publish after packing/signing)
- in p2, the md5 is generated during p2 metadata generation of each module. With the static maven lifecycle phases, it's hard/impossible to tell when publishing metadata whether this is the last step or there will be other steps which would change the checksum
- another option would be to add checksums only when aggregating to a repository (i.e. in eclipse-repository) because then you are sure that checksums will no longer change
- we are only mirroring existing metadata when aggregating, so if there is no md5 in the target/p2artifacts.xml metadata of the bundle, there will be also be no md5 in the mirrored repo
- I could imagine using p2's RecreateRepositoryApplication [1] which re-creates checksums just after mirroring in [2]. sounds brute force but worth a try I guess

[1] https://github.com/eclipse/rt.equinox.p2/blob/e3e578c98878b6e5bc8b9140389ffe36c5651b56/bundles/org.eclipse.equinox.p2.repository.tools/src/org/eclipse/equinox/p2/internal/repository/tools/RecreateRepositoryApplication.java
[2] https://github.com/eclipse/tycho/blob/d256f83e72a67c4d11e466a8980b24877476a30d/tycho-p2/tycho-p2-repository-plugin/src/main/java/org/eclipse/tycho/plugins/p2/repository/AssembleRepositoryMojo.java#L127

Comment 8 Eclipse Genie 2015-11-04 11:31:49 EST

New Gerrit change created: https://git.eclipse.org/r/59676

Comment 9 Jan Sievers 2016-10-14 12:00:35 EDT

will use p2's RecreateRepositoryApplication to add checksums to artifact metadata when aggregating the repository in packaging type eclipse-repository

this way we make sure to calculate the checksums *after* all possibly checksum-changing operations on individual artifacts like signing or pack200 have been done

Put the other way around: if you change artifacts after they were assembled into a repo and don't re-calculate checksums, you will get checksum errors

Comment 10 Eclipse Genie 2016-10-14 17:29:36 EDT

Gerrit change https://git.eclipse.org/r/59676 was merged to [master].
Commit: http://git.eclipse.org/c/tycho/org.eclipse.tycho.git/commit/?id=57403968c53d70cfb1381babdb51d13a4018ab4d

Comment 11 Jan Sievers 2016-10-14 17:31:24 EDT

.