-
Type:
Bug
-
Status: Closed
-
Resolution: Done
-
Affects Version/s: None
-
Fix Version/s: 7.11.1
-
Component/s: Artifactory
-
Labels:
-
Environment:
- debian 10 (buster)
- nginx 1.14.2
- artifactory-pro 7.15.4 / 7.15.3
-
Severity:Low
When using 'bundle install' and setting our local Artifactory as source, we do see the following behaviour:
1) using the url provided by the 'Set Me Up' Wizzard:
variables:
GEM_SOURCE: 'https://$rtf-instance/artifactory/api/gems/gems-remote/'
result:
HTTP 404 Not Found https://$rtf-instance/artifactory/api/gems/gems-remote/versions Bundler::Fetcher::FallbackError: Net::HTTPNotFound: https://$rtf-instance/artifactory/api/gems/gems-remote/versions
2) using a slightly other URL:
variables:
GEM_SOURCE: 'https://$rtfinstance/artifactory/gems-remote/'
result:
HTTP GET https://$rtfinstance/artifactory/gems-remote/versions HTTP 200 OK https://$rtfinstance/artifactory/gems-remote/versions The checksum of /versions does not match the checksum provided by the server! Something is wrong (local checksum is "\"fe8e164718711153c510241d0dc6313f\"", was expecting "df3e0864c55e7e07a01e12660b08326c7ad22bd6").
bundle install fails to verify the integrity of the file.
bundle install expects a MD5 checksum in the 'etag' Header field - Artifactory provides the SHA-1 checksum in the 'etag' field.
since the integrity check is failing, bundle install then builds its own index, checking more than 4000 files for its versions. This takes up a huge amount of time.
Since we are using Artifactory as a Remote Repository Cache in conjuction with ephemeral Gitlab Runners, this occurs quite often and is an impediment to our workflow.
Currently there doesn't seem to be a way to tell Artifactory how to provide the correct checksum to bundle install.
Artifactory should provide a correct checksum, so that the functionality of the bundle install versions file gets restored.
