serving incorrect pom

Hello, I’ve not really used Gradle myself, but I use a tool (gtfsvtor) which uses Gradle, and its build has just stopped working. This seems to be due to this file being incorrect:

In particular, it should have the SHA256 d74619b062d06e01928e365291ec26d05455783796c1085f03cc7723340f5573 (this appears in our lock files, and matches the contents served by ); but it’s currently serving a file with the hash c4ec8228d74f9d9cefe11ebae9f69137479edef6277589453db374d08f1c5162

Diffing the two, it looks like the one served from is using Windows line-endings, and is missing this section:

      <name>Sonatype Nexus Snapshots</name>

Any idea why this might have changed? The CI job which spotted this was last run 4 days ago, and was successful (it runs without any caches, so definitely fetched the same URL)

Here’s the lock file which no longer matches (it’s actually the gradle2nix tool which fails to build; we use that to build gtfsvtor with Nix) gradle2nix/gradle-env.json at 3f9d3cb01ab32d0514844d2f3efc0cea85278cf4 · Zipabout/gradle2nix · GitHub

That file was last changed in December 2021 (not by us; we just keep a fork in case upstream disappears), and has been working until 4 days ago.

Try running with --refresh-dependencies. At least for me it gives the SHA256 you exepect.
Could maybe be related to the JCenter outage where Gradle temporarily switched to a JCenter mirror, maybe that delivered the file differently.

Hmm, it was still giving different results (confirmed with both wget and curl); but now seems to have sorted itself out, and every tool’s giving me the correct content again. Probably related to the JCenter outage as you say.