Maven downloads corrupted jar

Question

I have a project that depend on the following artifact:

  <dependency>
        <groupId>com.jaspersoft.jasperserver</groupId>
        <artifactId>jasperserver-common-ws</artifactId>
        <version>5.0.1</version>
    </dependency>
    <dependency>
        <groupId>com.jaspersoft.jaspersoft.api.metadata</groupId>
        <artifactId>jasperserver-api-metadata</artifactId>
        <version>5.0.1</version>
    </dependency>
    <dependency>
        <groupId>com.jaspersoft.jasperserver</groupId>
        <artifactId>jasperserver-ireport-plugin</artifactId>
        <version>3.7.0</version>
    </dependency>
    <dependency>
        <groupId>net.sf.jasperreports</groupId>
        <artifactId>jasperreports</artifactId>
        <version>5.0.1</version>
    </dependency>

    <dependency>
    <groupId>jasperreports</groupId>
    <artifactId>jasperreports</artifactId>
    <version>5.0.1</version>
</dependency>

When I run

maven install eclipse

outputs a warning specifying that check-sum validation failed. When I try to open the installed jar using winrar , win-rar indicate that they are corrupted. I have tried to turn off antivirus yet the artifact are still fail to download properly.

Same issue here and costed me a lot of time. While trying to setup SrpingBootTest patterns to run JPA integration tests, many hirbater libraries and sping-jdbc jars were coming down corrupted. Eclipse and the maven plugin would not complain about the issue. You would spot there was an issue when you tried to get auto complete to work and the auto complete mechanism starrts raming into exceptions. Or when you try to drill into some class you get an eclipse editor error. You would go to your maven folder and see the file is totally corrupted. I would expect maven to delete the JAR & ReportError — 99Sono, Nov 27 '16 at 15:31
If your checksum validation already warned that there is an issue you should check from where this jar is coming and in doubt simple delete it and redownload it...Are you downloading with https ? Using a repository manager ? Having checked that if checksums are being checked? I recommend to fail the build if checksums are wrong! — khmarbaise, Oct 13 '18 at 14:40

score 4 · Answer 1 · answered Apr 08 '14 at 14:51

4

I had the same problem and it turned turned out to be because one of the repositories was returning HTML instead of a jar file. This became apparent when I viewed the corrupt jar in Notepad++. In my case removing the following repo from the pom fixed the problem:

     <repository>
        <id>sibboleth</id>
        <name>Sibboleth</name>
        <url>http://shibboleth.internet2.edu/downloads/maven2/</url>
        <layout>default</layout>
    </repository>

answered Apr 08 '14 at 14:51

Brendan Poole

41
2

yes, i was facing the same problem. but how i can determine which repo i have to remove, and if i need dependency from that repo what do i have to do??? – bob-cac Apr 08 '14 at 15:56

score 1 · Answer 2 · answered Dec 14 '13 at 11:50

1

It is a network problem, or (with a low chance) the original jar file is damaged.

Try to download the original jar, with a different http client, as the maven has (it is not the best). It shows the downloading urls of the actual jars.

If it works, then a simple workaround were is you simply download this jar with a working http client and put this to its place in your repository.

As a longterm solution, I suggest some test on your network environment, and maybe a full regeneration of your maven repository.

answered Dec 14 '13 at 11:50

peterh

11,875
18
85
108

it is just failing to download those jars no more, so i don't think the problem is in the network environment, what do u mean by different http client i am using m2e not a browser. how to solve if the original jar file is damaged. can i change the repository , could any one try to download these dependency to test them. – bob-cac Dec 14 '13 at 12:05
I would suggest to build on plain command line first and before remove the failed jar from your cache.. – khmarbaise Oct 13 '18 at 14:41

score 0 · Answer 3 · answered Oct 11 '18 at 08:34

Deploying Maven project throws java.util.zip.ZipException: invalid LOC header (bad signature)

Here is an small detector written in Java , just copy and run :)

import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.util.ArrayList;
import java.util.List;
import java.util.jar.JarFile;
import java.util.stream.Collectors;

public class JarValidator {

    public static void main(String[] args) throws IOException {
        Path repositoryPath = Paths.get("C:\\Users\\goxr3plus\\.m2");

        // Check if the main Repository Exists
        if (Files.exists(repositoryPath)) {

            // Create a class instance
            JarValidator jv = new JarValidator();

            List<String> jarReport = new ArrayList<>();
            jarReport.add("Repository to process: " + repositoryPath.toString());

            // Get all the directory files
            List<Path> jarFiles = jv.getFiles(repositoryPath, ".jar");
            jarReport.add("Number of jars to process: " + jarFiles.size());
            jarReport.addAll(jv.openJars(jarFiles, true));

            // Print the report
            jarReport.stream().forEach(System.out::println);

        } else {
            System.out.println("Repository path " + repositoryPath + " does not exist.");
        }
    }

    /**
     * Get all the files from the given directory matching the specified extension
     * 
     * @param filePath      Absolute File Path
     * @param fileExtension File extension
     * @return A list of all the files contained in the directory
     * @throws IOException
     */
    private List<Path> getFiles(Path filePath, String fileExtension) throws IOException {
        return Files.walk(filePath).filter(p -> p.toString().endsWith(fileExtension)).collect(Collectors.toList());
    }

    /**
     * Try to open all the jar files
     * 
     * @param jarFiles
     * @return A List of Messages for Corrupted Jars
     */
    private List<String> openJars(List<Path> jarFiles, boolean showOkayJars) {
        int[] badJars = { 0 };
        List<String> messages = new ArrayList<>();

        // For Each Jar
        jarFiles.forEach(path -> {

            try (JarFile file = new JarFile(path.toFile())) {
                if (showOkayJars)
                    messages.add("OK : " + path.toString());
            } catch (IOException ex) {
                messages.add(path.toAbsolutePath() + " threw exception: " + ex.toString());
                badJars[0]++;
            }
        });

        messages.add("Total bad jars = " + badJars[0]);
        return messages;
    }

}

Output

Repository to process: C:\Users\goxr3plus\.m2
Number of jars to process: 4920
C:\Users\goxr3plus\.m2\repository\bouncycastle\isoparser-1.1.18.jar threw exception: java.util.zip.ZipException: zip END header not found
Total bad jars = 1
BUILD SUCCESSFUL (total time: 2 seconds)

Simplest and cleanest solution. First clean your whole local cache and configure checksums in your settings.xml and afterwards rebuild. https://blog.soebes.de/blog/2018/10/13/maven-artifact-checksums-what/ — khmarbaise, Oct 14 '18 at 20:46
@khmarbaise That's a great article :) company for has 60 repostiores with nested modules. ... so about 100 pom.xml . They are also unwilling to do it because ... well that's their mind . But for my own projects i will try it `THANK YOU` :) — GOXR3PLUS, Oct 15 '18 at 07:04
The article URL is now https://dev.to/khmarbaise/maven-artifact-checksums---what-396j — Guillaume, Aug 31 '22 at 15:01

score 0 · Answer 4 · answered Jan 11 '19 at 07:39

Sporadicly, Maven downloads broken files. In this case, you can only locate the file, delete it and have Maven download it again.

This is just the workaround. The solution is to add fail to the repository config in your maven settings file:

<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
      xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0
                          https://maven.apache.org/xsd/settings-1.0.0.xsd">
    <!--...-->
    <profiles>
        <profile>
            <!--...-->
            <repositories>
                <repository>
                    <id>codehausSnapshots</id>
                    <name>Codehaus Snapshots</name>
                    <releases>
                        <enabled>false</enabled>
                        <updatePolicy>always</updatePolicy>
                        <checksumPolicy>fail</checksumPolicy>
                    </releases>
                    <snapshots>
                        <enabled>true</enabled>
                        <updatePolicy>never</updatePolicy>
                        <checksumPolicy>fail</checksumPolicy>
                    </snapshots>
                    <url>
                        <!--...-->
                    </url>
                </repository>
            </repositories>
            <pluginRepositories>
                <!--...-->
            </pluginRepositories>
            <!--...-->
        </profile>
    </profiles>
    <!--...-->
</settings>

Maven downloads corrupted jar

4 Answers4