update center incudes the sha1 of the file On 27 July 2012 11:41, Richard Lavoie <lavoie.rich...@gmail.com> wrote:
> This should be relatively easy with CRC or MD5 content check once > downloaded but I don't know if the plugin repository gives that information > to jenkins already. > > Richard > > > > On 2012-07-27, at 06:31, Sami Tikka <sjti...@gmail.com> wrote: > > > That's an excellent idea. I believe there already is some verification > in the plugin loading process but maybe it happens too late. > > > > jenkins-users list, however, is mostly visited by ... users of jenkins. > If you want someone to actually do something, you could find jenkins > developers on the jenkins-dev list. I think the first thing they will ask > you to do is open a bug or a feature request in the jenkins issue tracer. > > > > -- Sami > > > > Fredrik Orderud <forde...@gmail.com> kirjoitti 27.7.2012 kello 13.09: > > > >> In my corporate environment, we are working behind a firewall that > returns "nice" HTML webpages with detailed error instructions instead of a > plain "connection refused" error in situations of invalid PROXY settings. > >> > >> We have experienced several times that Jenkins servers with improper > PROXY settings will download jpi-files for plugin updates containing just > "error HTML webpage" content. Jenkins doesn't seem to detect this, and > instead tries to install the corrupted plugin. What then happens is that > the plugin upgrade fails, and the plugin gets _uninstalled_ altogether. Any > job-configuration related to the accidentally uninstalled plugin then also > seems to be removed, which is pretty serious. > >> > >> Would it be possible to add some sort of integrity-verification to > downloaded jpi-files prior to install them, so that we avoid accidentally > uninstalling plugins? > >> > >> > >> Thanks in advance, > >> Fredrik Orderud > > >
