Cannot deploy file '.md5'. Target file to set checksum on doesn't exist artifactory - JFrog

StackOverflow https://stackoverflow.com/questions/23478236

Question

I am trying to deploy a md5 file to JFrog artifactory for one of our jars. The file has the extension md5. The filename has the name of the jar so if the jar was to be called file1.jar than its md5 would be file1.md5. Artifactory we have is of version 3.0. We are aware that Artifactory has its md5 checksum which is created when the jar is handed over to artifactory. This md5 that we are providing is created at the time that jar is created so we think is valuable.

However, when we try either with Artifactory Gradle Plugin from Bamboo or directly uploading the file manually to Artifactory we get the error:

Cannot deploy file 'filename.md5'. Target file to set checksum on doesn't exist artifactory

So it sounds as if a target file (the file for which md5 is the checksum) needs to be set for the md5 that we are trying to deploy but I don't see such a property anywhere in the upload interface.

Is it possible to do this in Artifactory at all and how if so?

Was it helpful?

Solution 3

While is it true that Artifactory does not allow you to upload .md5 and .sha1sum files you can get around this limitation quite easily because these files are generated by Artifactory anyway.

Be sure you do sort the list of files to upload in order to be sure that your signature files are after the files themselves Use this Artifactory bash upload with checksums example in order to upload the files.

You will see that the limitation is not present anymore because Artifactory will generate the checksums and the upload script will verify if the checksums do match before doing an upload.

Another benefit of this is that this approach of uploading is much faster because as it will not upload the same file twice to the server, also allowing you to run it several times without having problems.

OTHER TIPS

You can configure the checksum policy of the repository to be:

  1. Verify against client checksums (default) - If a client has not sent a valid checksum for a deployed artifact then Artifactory will return a 404 (not found) error to a client trying to access that checksum. If the client has sent a checksum, but it conflicts with the one calculated on the server then Artifactory will return a 409 (conflict) error until a valid checksum is deployed.
  2. Trust server generated checksums - Artifactory will not verify checksums sent by clients and will trust the server's locally calculated checksums. An uploaded artifact is immediately available for use, but integrity might be compromised.

If the deployed .jar file name is file1.jar than Artifactory expects the .md5 file name to be file1.jar.md5. If you deploy an .md5 file named file1.md5, Artifactory will expect to find a file named file1 in the same path, which it will not find in your case and hence the error.

As you mentioned, Artifactory knows the checksums of all the artifacts (they aren't stored in files, but always accessible by adding .md5 or .sha1 to any filename). You can't store another correct checksum, since there is only one correct checksum (already known to Artifactory by the fact it stores the file).

So, there is no reason (and no way) to deploy md5 and sha1 files to Artifactory.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top