Then a simple sha1 validation once the file has been completely downloaded would solve the issue...
I'd look into it but I didn't receive my laptop yet from the repair center. Should be easy enough to add anyhow if any one want to contribute a patch for this improvment. Richard On 2012-07-27, at 06:45, Stephen Connolly <stephen.alan.conno...@gmail.com> wrote: > update center incudes the sha1 of the file > > On 27 July 2012 11:41, Richard Lavoie <lavoie.rich...@gmail.com> wrote: > This should be relatively easy with CRC or MD5 content check once downloaded > but I don't know if the plugin repository gives that information to jenkins > already. > > Richard > > > > On 2012-07-27, at 06:31, Sami Tikka <sjti...@gmail.com> wrote: > > > That's an excellent idea. I believe there already is some verification in > > the plugin loading process but maybe it happens too late. > > > > jenkins-users list, however, is mostly visited by ... users of jenkins. If > > you want someone to actually do something, you could find jenkins > > developers on the jenkins-dev list. I think the first thing they will ask > > you to do is open a bug or a feature request in the jenkins issue tracer. > > > > -- Sami > > > > Fredrik Orderud <forde...@gmail.com> kirjoitti 27.7.2012 kello 13.09: > > > >> In my corporate environment, we are working behind a firewall that returns > >> "nice" HTML webpages with detailed error instructions instead of a plain > >> "connection refused" error in situations of invalid PROXY settings. > >> > >> We have experienced several times that Jenkins servers with improper PROXY > >> settings will download jpi-files for plugin updates containing just "error > >> HTML webpage" content. Jenkins doesn't seem to detect this, and instead > >> tries to install the corrupted plugin. What then happens is that the > >> plugin upgrade fails, and the plugin gets _uninstalled_ altogether. Any > >> job-configuration related to the accidentally uninstalled plugin then also > >> seems to be removed, which is pretty serious. > >> > >> Would it be possible to add some sort of integrity-verification to > >> downloaded jpi-files prior to install them, so that we avoid accidentally > >> uninstalling plugins? > >> > >> > >> Thanks in advance, > >> Fredrik Orderud > > >
