Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Fix checksum in Artifactory when uploading file through REST API

I'm using the code below to upload a file through Artifactory's REST API. My problem is that when I view the file through the GUI I get this message:

Client did not publish a checksum value. If you trust the uploaded artifact you can accept the actual checksum by clicking the 'Fix Checksum' button.

How do I fix the upload so that this message disappears?

If I upload the file through the GUI I'm not supplying checksum values so why do I have to do it when I use the API? Is there an extra function I can call when using the API to fix the checksums?

I also saw this setting: https://www.jfrog.com/confluence/display/RTF20/Handling+Checksums Could this have anything to do with my problem?

string inFilePath = @"C:\temp\file.ext";
string inUrl = @"domain.com/repoKey/";
string username = "username";
string apiKey = "apikey";

using (HttpClient client = new HttpClient())
{
    client.DefaultRequestHeaders.Authorization =
        new AuthenticationHeaderValue("Basic", Convert.ToBase64String(Encoding.ASCII.GetBytes(username+":"+apiKey)));

    using (var stream = File.OpenRead(inFilePath))
    {
        var response = client.PutAsync(inUrl + stream.Name, new StreamContent(stream));

        using (HttpContent content = response.Result.Content)
        {
            string data = content.ReadAsStringAsync().Result;
        }
    }
}

Updates

There are three types of checksums and two sets of checksum groups.

"checksums" : {
  "sha1" : "94332c090bdcdd87bd86426c224bcc7dc1c5f784",
  "md5" : "dcada413214a5bd7164c6961863f5111",
  "sha256" : "049c671f48e94c1ad25500f64e4879312cae70f489edc21313334b3f77b631e6"
},
"originalChecksums" : {
  "sha1" : "94332c090bdcdd87bd86426c224bcc7dc1c5f784",
  "md5" : "dcada413214a5bd7164c6961863f5111"
}

checksums - are calculated by Artifactory
originalChecksums - are the ones supplied by the uploader

When I use the API the originalChecksums group is empty which I think renders the message above.

like image 247
Niklas Avatar asked Oct 12 '17 06:10

Niklas


People also ask

What is checksum in REST API?

The checksum is a digital signature that authenticates the sender of the message. This prevents others from sending payment requests in your name and prevents request tampering. It also assures you that any response or postback you receive actually originated from ICEPAY.

How do I upload large files to Artifactory?

By default, Artifactory limits UI-generated file deployments to 100MB. You are free to adjust this limit at Administration > Artifactory > General (in version 7. x); at Admin > General (in version 6.

What are the advantages of checksum-based storage in Artifactory?

Fast and robust search: With a checksum-based storage, all repository information and artifact metadata are stored in optimized database-indexes. This means the data is always up-to-date, and searching through it is extremely fast.


2 Answers

@Arnaud Jeansen's answer is good and true. I thought I would share my bash/curl script for deploying with checksums to provide additional details.

This is current as of Artifactory 6.2, and the date of this writing.

# assume test2.zip is the file to upload in current directory

# calculate checksums
sha256=$(openssl dgst -sha256 test2.zip|sed 's/^SHA256.*= //')
sha1=$(openssl dgst -sha1 test2.zip|sed 's/^SHA.*= //')

# upload to Artifactory
curl -u"${ARTIFACTORY_USER}:${ARTIFACTORY_PASSWORD}" \
 -sS -T test2.zip  \
 -H "X-Checksum-Sha256:${sha256}" -H "X-Checksum-Sha1:${sha1}" \
 "http://${ARTIFACTORY_HOST}:8081/artifactory/REPO/path/test2.zip" \
 > response

 jq '.' < response
 echo ''

The resultant artifact does not display the warning about checksums in the UI.

like image 53
Kevin Buchs Avatar answered Oct 18 '22 22:10

Kevin Buchs


I am hitting the same issue using the artifactory-client-java library :-(

So after some digging, it appears that you need to:

  • calculate the checksums on the client side (sha1)
  • provide each checksum as a HTTP header on the PUT request

For your C# example, the correct solution is to add a header "X-Checksum-Sha1" with the calculated checksum. As explained in the link documentation, a simple curl example is

curl -uadmin:password -T file.jar -H "X-Checksum-Sha1:c9a355147857198da3bdb3f24c4e90bd98a61e8b""http://localhost:8081/artifactory/libs-release-local/file.jar" -i

For artifactory-client-java users, the easy fix is to add to the documented upload example:

java.io.File file = new java.io.File("fileToUpload.txt");
File result = artifactory.repository("RepoName").upload("path/to/newName.txt", file).doUpload();

an additional intermediary call: bySha1Checksum():

java.io.File file = new java.io.File("fileToUpload.txt");
File result = artifactory.repository("RepoName").upload("path/to/newName.txt", file).bySha1Checksum().doUpload();
like image 14
Arnaud Jeansen Avatar answered Oct 18 '22 21:10

Arnaud Jeansen