I'm using the code below to upload a file through Artifactory's REST API. My problem is that when I view the file through the GUI I get this message:
Client did not publish a checksum value. If you trust the uploaded artifact you can accept the actual checksum by clicking the 'Fix Checksum' button.
How do I fix the upload so that this message disappears?
If I upload the file through the GUI I'm not supplying checksum values so why do I have to do it when I use the API? Is there an extra function I can call when using the API to fix the checksums?
I also saw this setting: https://www.jfrog.com/confluence/display/RTF20/Handling+Checksums Could this have anything to do with my problem?
string inFilePath = @"C:\temp\file.ext";
string inUrl = @"domain.com/repoKey/";
string username = "username";
string apiKey = "apikey";
using (HttpClient client = new HttpClient())
{
client.DefaultRequestHeaders.Authorization =
new AuthenticationHeaderValue("Basic", Convert.ToBase64String(Encoding.ASCII.GetBytes(username+":"+apiKey)));
using (var stream = File.OpenRead(inFilePath))
{
var response = client.PutAsync(inUrl + stream.Name, new StreamContent(stream));
using (HttpContent content = response.Result.Content)
{
string data = content.ReadAsStringAsync().Result;
}
}
}
Updates
There are three types of checksums and two sets of checksum groups.
"checksums" : {
"sha1" : "94332c090bdcdd87bd86426c224bcc7dc1c5f784",
"md5" : "dcada413214a5bd7164c6961863f5111",
"sha256" : "049c671f48e94c1ad25500f64e4879312cae70f489edc21313334b3f77b631e6"
},
"originalChecksums" : {
"sha1" : "94332c090bdcdd87bd86426c224bcc7dc1c5f784",
"md5" : "dcada413214a5bd7164c6961863f5111"
}
checksums
- are calculated by ArtifactoryoriginalChecksums
- are the ones supplied by the uploader
When I use the API the originalChecksums
group is empty which I think renders the message above.
The checksum is a digital signature that authenticates the sender of the message. This prevents others from sending payment requests in your name and prevents request tampering. It also assures you that any response or postback you receive actually originated from ICEPAY.
By default, Artifactory limits UI-generated file deployments to 100MB. You are free to adjust this limit at Administration > Artifactory > General (in version 7. x); at Admin > General (in version 6.
Fast and robust search: With a checksum-based storage, all repository information and artifact metadata are stored in optimized database-indexes. This means the data is always up-to-date, and searching through it is extremely fast.
@Arnaud Jeansen's answer is good and true. I thought I would share my bash/curl script for deploying with checksums to provide additional details.
This is current as of Artifactory 6.2, and the date of this writing.
# assume test2.zip is the file to upload in current directory
# calculate checksums
sha256=$(openssl dgst -sha256 test2.zip|sed 's/^SHA256.*= //')
sha1=$(openssl dgst -sha1 test2.zip|sed 's/^SHA.*= //')
# upload to Artifactory
curl -u"${ARTIFACTORY_USER}:${ARTIFACTORY_PASSWORD}" \
-sS -T test2.zip \
-H "X-Checksum-Sha256:${sha256}" -H "X-Checksum-Sha1:${sha1}" \
"http://${ARTIFACTORY_HOST}:8081/artifactory/REPO/path/test2.zip" \
> response
jq '.' < response
echo ''
The resultant artifact does not display the warning about checksums in the UI.
I am hitting the same issue using the artifactory-client-java library :-(
So after some digging, it appears that you need to:
For your C# example, the correct solution is to add a header "X-Checksum-Sha1" with the calculated checksum. As explained in the link documentation, a simple curl example is
curl -uadmin:password -T file.jar -H "X-Checksum-Sha1:c9a355147857198da3bdb3f24c4e90bd98a61e8b""http://localhost:8081/artifactory/libs-release-local/file.jar" -i
For artifactory-client-java users, the easy fix is to add to the documented upload example:
java.io.File file = new java.io.File("fileToUpload.txt");
File result = artifactory.repository("RepoName").upload("path/to/newName.txt", file).doUpload();
an additional intermediary call: bySha1Checksum():
java.io.File file = new java.io.File("fileToUpload.txt");
File result = artifactory.repository("RepoName").upload("path/to/newName.txt", file).bySha1Checksum().doUpload();
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With