Fix checksum in Artifactory when uploading file through REST API

Question

I'm using the code below to upload a file through Artifactory's REST API. My problem is that when I view the file through the GUI I get this message:

Client did not publish a checksum value. If you trust the uploaded artifact you can accept the actual checksum by clicking the 'Fix Checksum' button.

How do I fix the upload so that this message disappears?

If I upload the file through the GUI I'm not supplying checksum values so why do I have to do it when I use the API? Is there an extra function I can call when using the API to fix the checksums?

I also saw this setting: https://www.jfrog.com/confluence/display/RTF20/Handling+Checksums Could this have anything to do with my problem?

string inFilePath = @"C:\temp\file.ext";
string inUrl = @"domain.com/repoKey/";
string username = "username";
string apiKey = "apikey";

using (HttpClient client = new HttpClient())
{
    client.DefaultRequestHeaders.Authorization =
        new AuthenticationHeaderValue("Basic", Convert.ToBase64String(Encoding.ASCII.GetBytes(username+":"+apiKey)));

    using (var stream = File.OpenRead(inFilePath))
    {
        var response = client.PutAsync(inUrl + stream.Name, new StreamContent(stream));

        using (HttpContent content = response.Result.Content)
        {
            string data = content.ReadAsStringAsync().Result;
        }
    }
}

Updates

There are three types of checksums and two sets of checksum groups.

"checksums" : {
  "sha1" : "94332c090bdcdd87bd86426c224bcc7dc1c5f784",
  "md5" : "dcada413214a5bd7164c6961863f5111",
  "sha256" : "049c671f48e94c1ad25500f64e4879312cae70f489edc21313334b3f77b631e6"
},
"originalChecksums" : {
  "sha1" : "94332c090bdcdd87bd86426c224bcc7dc1c5f784",
  "md5" : "dcada413214a5bd7164c6961863f5111"
}

checksums - are calculated by Artifactory
originalChecksums - are the ones supplied by the uploader

When I use the API the originalChecksums group is empty which I think renders the message above.

Answer 1

@Arnaud Jeansen's answer is good and true. I thought I would share my bash/curl script for deploying with checksums to provide additional details.

This is current as of Artifactory 6.2, and the date of this writing.

# assume test2.zip is the file to upload in current directory

# calculate checksums
sha256=$(openssl dgst -sha256 test2.zip|sed 's/^SHA256.*= //')
sha1=$(openssl dgst -sha1 test2.zip|sed 's/^SHA.*= //')

# upload to Artifactory
curl -u"${ARTIFACTORY_USER}:${ARTIFACTORY_PASSWORD}" \
 -sS -T test2.zip  \
 -H "X-Checksum-Sha256:${sha256}" -H "X-Checksum-Sha1:${sha1}" \
 "http://${ARTIFACTORY_HOST}:8081/artifactory/REPO/path/test2.zip" \
 > response

 jq '.' < response
 echo ''

The resultant artifact does not display the warning about checksums in the UI.

Answer 2

I am hitting the same issue using the artifactory-client-java library :-(

So after some digging, it appears that you need to:

• calculate the checksums on the client side (sha1)
• provide each checksum as a HTTP header on the PUT request

For your C# example, the correct solution is to add a header "X-Checksum-Sha1" with the calculated checksum. As explained in the link documentation, a simple curl example is

curl -uadmin:password -T file.jar -H "X-Checksum-Sha1:c9a355147857198da3bdb3f24c4e90bd98a61e8b""http://localhost:8081/artifactory/libs-release-local/file.jar" -i

For artifactory-client-java users, the easy fix is to add to the documented upload example:

java.io.File file = new java.io.File("fileToUpload.txt");
File result = artifactory.repository("RepoName").upload("path/to/newName.txt", file).doUpload();

an additional intermediary call: bySha1Checksum():

java.io.File file = new java.io.File("fileToUpload.txt");
File result = artifactory.repository("RepoName").upload("path/to/newName.txt", file).bySha1Checksum().doUpload();