Uploaded image for project: 'Artifactory Binary Repository'
  1. Artifactory Binary Repository
  2. RTFACT-9560

Artifactory should deny downloading artifacts having bad or no client checksum

    Details

      Description

      Artifactory should deny downlaod of artifacts having bad or no client checksums when policy is set to "Verify against client checksums" (for example when using maven repo layout).

      The problem we see is the fact that deploying with bad checksum indeed throws a 409 to the deploying client as expected, but the artifact can still be downloaded despite its (partially) bad checksum or completely missing checksum.

      Our expectations would be that artifacts can only be downloaded if server checksum and client checksum really match when using policy "Verify against client checksums", thus not allowing any downloads when the desired checksums are missing or (partially) wrong.

      We have for example artifacts with bad sha1 checksum but a good/correct md5 checksum in one of our repositories.
      Another artifact having no sha1 checksum did also have no md5 checksum.

      As said, both could be downloaded without any problems when we were expecting both to be blocked from any downloads.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              tcb_xy Tim-Christian Bloss
            • Votes:
              2 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: