(I'm guessing the resolver version - maven version is 3.8.4).
We accidently made one of our repositories <checksumPolicy>fail</checksumPolicy> some time ago and over the weekend an plugin we run started failing.
After some digging I discovered that the problem was when the code was programmatically trying to resolve a jar.asc file. Eventually the code ended up in
This means that when the resolution hit the correct repository it (silently) failed the checksum check and moved on to the next one, eventually falling off the end of the list and failing to resolve.
Our work around is to set the <checksumPolicy> to warn (which is what it used to be).
'It would be nice if'
- The failure was slightly less quiet
- If it was possible - programmatically or by configuration - to resolve signatures from checksuming repositories.
I have not dived very deeply into the code - just enough to diagnose why our CI was exploding so spectacularly so I may have missed some trick in which case I apologise for asking for existing function