Fork me on GitHub
#leiningen
<
2024-01-02
>
Nim Sadeh02:01:55

I am trying to follow https://www.pgrs.net/2011/10/30/using-local-jars-with-leiningen/, but I am actually failing on checksum:

Could not transfer artifact dev.langchain4j:langchain4j-pinecone:jar:0.26.0 from/to local (file:/Users/nsadeh/Dropbox/modeldiplomat/pinecone-sync/maven_repository/): Checksum validation failed, no checksums available

Nim Sadeh02:01:06

Full error:

Retrieving dev/langchain4j/langchain4j-pinecone/0.26.0/langchain4j-pinecone-0.26.0.pom from local
Retrieving dev/langchain4j/langchain4j-pinecone/0.26.0/langchain4j-pinecone-0.26.0.jar from local
Could not find artifact dev.langchain4j:langchain4j-pinecone:jar:0.26.0 in central ()
Could not find artifact dev.langchain4j:langchain4j-pinecone:jar:0.26.0 in clojars ()
Could not transfer artifact dev.langchain4j:langchain4j-pinecone:jar:0.26.0 from/to local (file:/Users/nsadeh/Dropbox/modeldiplomat/pinecone-sync/maven_repository/): Checksum validation failed, no checksums available
Failed to read artifact descriptor for dev.langchain4j:langchain4j-pinecone:jar:0.26.0
This could be due to a typo in :dependencies, file system permissions, or network issues.
If you are behind a proxy, try setting the 'http_proxy' environment variable.

Nim Sadeh02:01:10

For lein deps

seancorfield03:01:35

That's a very old blog post and I expect leiningen had tightened up security regarding checksums since then. There may be an option you can add to project.clj to tell lein to not validate checksums (not recommended for general use but might since your specific problem).

Nim Sadeh03:01:06

What's considered the current way use a JAR file in a Lein build? I had to fork the Java repo to fix a bug

Nim Sadeh03:01:32

It's not the only thing that hasn't been working, the entire workflow has been difficult

seancorfield03:01:30

I switched from lein years ago so that's all I got. It's simple to use local JAR files with CLI / deps.edn 🤷:skin-tone-2:

seancorfield03:01:59

:checksum :ignore is the option I was thinking of... In the specific repository definition I think? You'd have to check the docs.

seancorfield03:01:37

Yeah, I used to use that occasionally back in the day. Forgot about that... Heh, 2015 was probably when I last used lein seriously.

Nim Sadeh03:01:24

So all I am actually trying to do is verify that my fix to langchain (https://github.com/langchain4j/langchain4j/pull/437) actually works. Maybe there's an easier way

seancorfield03:01:37

You didn't have to change or add any tests for that change to pass the tests?

hifumi12309:01:15

Is the JAR not signed at all? Security issues aside, you can set :checksum :ignore in your project.clj

hifumi12309:01:40

Although this should immediately fix your issue, I highly recommend against doing this. You shouldn’t deploy or rely on unsigned code IMO

seancorfield15:01:23

@U0479UCF48H I mentioned both of those points earlier in the thread...