Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Check downloaded binary file size #812

Closed
bahmutov opened this issue Oct 25, 2017 · 8 comments

Comments

3 participants
@bahmutov
Copy link
Collaborator

commented Oct 25, 2017

When downloading binary, it might be corrupted / intercepted by a proxy. Sometimes even CDN has a hiccup like shown below from a test project run

Instead we will install version: https://cdn.cypress.io/beta/binary/1.0.3/win64/appveyor-develop-7b4c223233ca8eb6e147dc5e89b30a01061f6581-11678682/cypress.zip
Note: there is no guarantee these versions will work properly together.
Installing Cypress (version: https://cdn.cypress.io/beta/binary/1.0.3/win64/appveyor-develop-7b4c223233ca8eb6e147dc5e89b30a01061f6581-11678682/cypress.zip)
�[?25l[18:21:09]  Downloading Cypress     [started]
[18:21:16]  Downloading Cypress     [completed]
[18:21:16]  Unzipping Cypress       [started]
[18:22:16]  Unzipping Cypress       [completed]
[18:22:16]  Finishing Installation  [started]
[18:22:16]  Finishing Installation  [completed]
�[?25h
You can now open Cypress by running: node_modules\.bin\cypress open
https://on.cypress.io/installing-cypress
�[?25h
> node-sass@4.5.3 postinstall C:\projects\cypress-test-example-repos\cypress-example-piechopper\node_modules\node-sass
> node scripts/build.js
Binary found at C:\projects\cypress-test-example-repos\cypress-example-piechopper\node_modules\node-sass\vendor\win32-ia32-57\binding.node
Testing binary
Binary is fine
npm ERR! path C:\projects\cypress-test-example-repos\cypress-example-piechopper\node_modules\fsevents\node_modules
npm ERR! code EPERM
npm ERR! errno -4048
npm ERR! syscall lstat

Need to validate downloaded zip file size. If it < 50 MB something went terribly wrong.

@brian-mann

This comment has been minimized.

Copy link
Member

commented Oct 25, 2017

This is why we should use a checksum / sha like other big files do :P

You would just verify the integrity of that and boom, done.

@bahmutov

This comment has been minimized.

Copy link
Collaborator Author

commented Oct 25, 2017

yeah, but where do we get the checksum from - the only way I see is embed it into NPM package json file for example.

@brian-mann

This comment has been minimized.

Copy link
Member

commented Oct 25, 2017

@bahmutov

This comment has been minimized.

Copy link
Collaborator Author

commented Oct 25, 2017

yeah, this is secondary then - because if zip is corrupted or we cannot download it, we cannot validate the checksum. If we cannot download the binary zip, we might be able to download a separate checksum file either. So checking filesize might be the fastest way to determine if download failed.

@MarcLoupias

This comment has been minimized.

Copy link

commented Nov 2, 2017

You definitely do not want to embed it in the NPM package itself!

That's maybe a stupid question but i don't understand why you could not add something like this at binaries build time in your package.json :

"cyBinariesChecksums": {
    "darwin": "34dc8e1804c0a14aeb717e91af443219be617042",
    "linux": "ba324ca7b1c77fc20bb970d5aff6eea9377918a5",
    "win32": "d09fffb5db2d7f631ba43ccc256617b444056d2e"
}

then hash the downloaded binary at install time and compare it to the right platform checksum.

Is adding custom metadata in a package.json file considered a bad practice ? Or maybe the checksum duration that could be too long ?

@bahmutov

This comment has been minimized.

Copy link
Collaborator Author

commented Nov 2, 2017

@cypress-bot

This comment has been minimized.

Copy link

commented Jul 9, 2019

The code for this is done in cypress-io/cypress#4193, but has yet to be released.
We'll update this issue and reference the changelog when it's released.

@cypress-bot

This comment has been minimized.

Copy link

commented Jul 9, 2019

Released in 3.4.0.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.