How do I prevent verification warnings with custom repositories?
Warnings from custom repositories (usually located within the organization’s network, or even on the same workstation) are triggered when Maven tries to verify the integrity of the files in the repository. This verification is done via the SHA1 or MD5 sum of the file. If these sum files do not exist, then a warning appears. Support for downloading the security sum files is not yet included in the Maven2 distribution. There are free command-line utilities on the Internet that generate these sums. Below is an example of a bash script (use Cygwinif you are using a windows machine) that generates sha1sum for all jar, xml and pom files contained in the directory where it is executed: #!/usr/bin/bash gensum(){ shaname=$1.sha1 sum=`sha1sum $1 | cut -f1 -d” “` echo $sum > $shaname } processFile(){ while read oneline do gensum $oneline done < "$1" } tmpFile=$TMP/shagen.list echo "Generating sha1 sums for XML files" find . -name "*.
Warnings from custom repositories (usually located within the organization’s network, or even on the same workstation) are triggered when Maven tries to verify the integrity of the files in the repository. This verification is done via the SHA1 or MD5 sum of the file. If these sum files do not exist, then a warning appears. Support for downloading the security sum files is not yet included in the Maven2 distribution. There are free command-line utilities on the Internet that generate these sums.