I've now registered: https://issues.jenkins-ci.org/browse/JENKINS-14616
kl. 12:54:02 UTC+2 fredag 27. juli 2012 skrev DarkRift følgende: > > Then a simple sha1 validation once the file has been completely downloaded > would solve the issue... > > I'd look into it but I didn't receive my laptop yet from the repair center. > > Should be easy enough to add anyhow if any one want to contribute a patch > for this improvment. > > Richard > > On 2012-07-27, at 06:45, Stephen Connolly <stephen.alan.conno...@gmail.com> > wrote: > > update center incudes the sha1 of the file > > On 27 July 2012 11:41, Richard Lavoie <lavoie.rich...@gmail.com> wrote: > >> This should be relatively easy with CRC or MD5 content check once >> downloaded but I don't know if the plugin repository gives that information >> to jenkins already. >> >> Richard >> >> >> >> On 2012-07-27, at 06:31, Sami Tikka <sjti...@gmail.com> wrote: >> >> > That's an excellent idea. I believe there already is some verification >> in the plugin loading process but maybe it happens too late. >> > >> > jenkins-users list, however, is mostly visited by ... users of jenkins. >> If you want someone to actually do something, you could find jenkins >> developers on the jenkins-dev list. I think the first thing they will ask >> you to do is open a bug or a feature request in the jenkins issue tracer. >> > >> > -- Sami >> > >> > Fredrik Orderud <forde...@gmail.com> kirjoitti 27.7.2012 kello 13.09: >> > >> >> In my corporate environment, we are working behind a firewall that >> returns "nice" HTML webpages with detailed error instructions instead of a >> plain "connection refused" error in situations of invalid PROXY settings. >> >> >> >> We have experienced several times that Jenkins servers with improper >> PROXY settings will download jpi-files for plugin updates containing just >> "error HTML webpage" content. Jenkins doesn't seem to detect this, and >> instead tries to install the corrupted plugin. What then happens is that >> the plugin upgrade fails, and the plugin gets _uninstalled_ altogether. Any >> job-configuration related to the accidentally uninstalled plugin then also >> seems to be removed, which is pretty serious. >> >> >> >> Would it be possible to add some sort of integrity-verification to >> downloaded jpi-files prior to install them, so that we avoid accidentally >> uninstalling plugins? >> >> >> >> >> >> Thanks in advance, >> >> Fredrik Orderud >> > >> > >
