A common misconception is the interpretation that an "(Uploaded: Identical)" label should result in consistent checksums between a currently deployed artifact and a previously deployed artifact.
However, it's important to note that the "(Uploaded: Identical)" label doesn't signify the similarity between the two artifacts. Instead, its purpose is to indicate that the original checksum of the artifact being deployed (provided by the client) matches the checksum calculated by Artifactory.
When using the JFrog platform UI, you will typically see the "(Uploaded: Identical)" label upon every upload, regardless of whether your artifact has changed or not. This is because Artifactory is both the client doing the uploading and the SHA/MD5 value calculation.
If no checksum is provided by the client, in the UI, you will see the “(Uploaded: None)” label. This indicates that the artifact’s original checksum wasn't provided by the client.
If you are using a different client, such as a curl command through the Deploy Artifacts REST API, you can pass the artifact’s checksum in the header as shown below:
curl -u admin:password -H "X-Checksum-Sha1:ac5c18360d01132ae4d6ff5ec31356530fe51f33" -X PUT http://<artifactory-url>/artifactory/my-repo-local/my-package.jar -T my-package.jar
Here, is an example where I deployed “txt.txt” using the UI:
And here is an example where I deployed “file.txt” using a curl command via the REST API and provided the SHA-1 value, but did not supply the MD5 or SHA-256 values:
For further understanding of checksums, please review our Knowledge Base article What are Client Checksum, Server Checksum, and Checksum Policy in local repositories