Skip to content

Get the best checksum URL possible #120

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
rotated8 wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Get the best checksum URL possible #120

rotated8 wants to merge 2 commits into from

Conversation

@rotated8
Copy link

@rotated8 rotated8 commented Sep 6, 2018

Use one explicitly set by the user, fall back to the checksum on the mirror the user configured, or use archive.apache.org.

@rotated8
Copy link
Author

rotated8 commented Sep 6, 2018

@jcoyne I've shamelessly stolen the PR you made, and added on to it.

@rotated8
Copy link
Author

rotated8 commented Sep 6, 2018

Related to #118

cbeer
cbeer requested changes Sep 6, 2018
View reviewed changes
lib/solr_wrapper/checksum_validator.rb Outdated
"#{config.default_download_url}.#{suffix}"
if remote_checksum?(suffix)
config.checksum
elsif config.mirror_url != config.archive_download_url
Copy link
Owner

@cbeer cbeer Sep 6, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think we ever want to trust the checksum from a mirror if the goal is to make sure the mirror hasn't maliciously tampered with the files.

Copy link
Author

@rotated8 rotated8 Sep 6, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok. My use case was "apache.org is down, so switch to a mirror", which without that would require me to additionally set an explicit checksum URL, or ignore_checksum.

@rotated8
Copy link
Author

rotated8 commented Sep 6, 2018

@cbeer Updated.

@rotated8
Copy link
Author

rotated8 commented Sep 6, 2018

Travis failure is unrelated, and happens when I run rspec on master.

@eddierubeiz eddierubeiz mentioned this pull request Oct 22, 2018
Open
jcoyne and others added 2 commits January 14, 2020 16:47
@jcoyne @rotated8
Get the checksum file from archive.apache.org
a73afcd 
Previously, when a mirror was set it was trying to get the checksum from
www.us.apache.org which only had the checksums for the three supported
versions.
@rotated8
Allow checksum URLs from the checksum option
c80a277 
If the checksum option is a URL, use it to get the checksum, rather than the archive.apache.org URL.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cbeer cbeer cbeer requested changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@rotated8 @cbeer @jcoyne