This should be relatively easy with CRC or MD5 content check once downloaded but I don't know if the plugin repository gives that information to jenkins already.
Richard On 2012-07-27, at 06:31, Sami Tikka <sjti...@gmail.com> wrote: > That's an excellent idea. I believe there already is some verification in the > plugin loading process but maybe it happens too late. > > jenkins-users list, however, is mostly visited by ... users of jenkins. If > you want someone to actually do something, you could find jenkins developers > on the jenkins-dev list. I think the first thing they will ask you to do is > open a bug or a feature request in the jenkins issue tracer. > > -- Sami > > Fredrik Orderud <forde...@gmail.com> kirjoitti 27.7.2012 kello 13.09: > >> In my corporate environment, we are working behind a firewall that returns >> "nice" HTML webpages with detailed error instructions instead of a plain >> "connection refused" error in situations of invalid PROXY settings. >> >> We have experienced several times that Jenkins servers with improper PROXY >> settings will download jpi-files for plugin updates containing just "error >> HTML webpage" content. Jenkins doesn't seem to detect this, and instead >> tries to install the corrupted plugin. What then happens is that the plugin >> upgrade fails, and the plugin gets _uninstalled_ altogether. Any >> job-configuration related to the accidentally uninstalled plugin then also >> seems to be removed, which is pretty serious. >> >> Would it be possible to add some sort of integrity-verification to >> downloaded jpi-files prior to install them, so that we avoid accidentally >> uninstalling plugins? >> >> >> Thanks in advance, >> Fredrik Orderud >
