Verify downloaded test runner zip file 812 #4193
Conversation
bahmutov
commented
May 14, 2019
•
bahmutov
commented
- uses custom meta headers from CDN to verify the downloaded file. If the checksum is available, uses both checksum and file size. If only file size is available, which is content-length, uses file size. Otherwise no verification, but it is hard to think of the case when there is no information
- closes Check downloaded binary file size #812
- closes Unzipping Cypress fails on Concourse #3515
- add a test where download goes through, but the checksum is different
- add a test where download goes through, there is no checksum, but file size is different
|
@bahmutov which says the hash header name is |
|
Hehehe no these are custom meta tags we set on the S3 resource ourselves!
…Sent from my iPhone
On May 14, 2019, at 16:57, Ben Kucera ***@***.***> wrote:
@bahmutov
Could you point me to where you got those header names? I found this https://docs.aws.amazon.com/AmazonS3/latest/API/RESTCommonRequestHeaders.html
which says the hash header name is x-amz-content-sha256
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub, or mute the thread.
|
|
oh, nice. And its a sha-512 ? edit: maybe add a comment explaining where the header comes from |
|
256
…Sent from my iPhone
On May 14, 2019, at 17:01, Ben Kucera ***@***.***> wrote:
oh, nice. And its a sha-512 ?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub, or mute the thread.
|
|
Hmm we should drop node 4 then - even node 6 is no longer supported by node itself
…Sent from my iPhone
On May 14, 2019, at 22:13, Jennifer Shehane ***@***.***> wrote:
@jennifer-shehane requested changes on this pull request.
All dependencies within the cli package should support Node 4+, hasha, after 3.0.0, does not support Node 4, I'd recommend downgrading this package to 3.0.0 or require a new package that support Node 4.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub, or mute the thread.
|
|
Yah, probably a discussion we need to have. |
|
Hasha defaults to sha-512 according to readme https://github.com/sindresorhus/hasha/blob/master/readme.md#algorithm |
|
Hmm maybe i misremember it then since it uses the default setting, 512 is good
…Sent from my iPhone
On May 14, 2019, at 22:35, Jennifer Shehane ***@***.***> wrote:
Yah, probably a discussion we need to have.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub, or mute the thread.
|
bahmutov
changed the title
|
I moved hasha to be dev dependency of CLI - and lifted the little code snippet for computing sha512 hash of a file using just system Node dependencies |
|
Since I removed Hasha as a production dependency in CLI, it is no longer changing Node 4 support |
|
verifying the downloaded file should resolve unzipping issues reported in #3515 |
|
Hello, seems like the test failing is in fact the same problem we are having here. |
|
@bahmutov This test is consistently failing on your PR, can you take a look please? |
| .reply(200, () => { | ||
| return fs.createReadStream('test/fixture/example.zip') | ||
| }, { | ||
| 'x-amz-meta-checksum': 'incorrect-checksum', |
There was a problem hiding this comment.
neat, didn't know you could add headers to s3 resources like this
