Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use pub to download package, to have checksum validation of download #509

Closed
jonasfj opened this issue Feb 11, 2019 · 2 comments
Closed

Use pub to download package, to have checksum validation of download #509

jonasfj opened this issue Feb 11, 2019 · 2 comments
Labels
P3 A lower priority bug or feature request type-enhancement A request for a change that isn't a bug

Comments

@jonasfj
Copy link
Member

jonasfj commented Feb 11, 2019

If the x-goog-hash header is present when downloading a file, we should validate md5 and crc32.

This could help mitigate corrupted downloads, with HTTPS I think this can only happen if the connection is broken is an unfortunate way that leaves the client with a partial download. So checking content-length might be enough -- I'm not sure if we're doing this, from a quick look I couldn't find where it happens. But it's quite possible it does happen somewhere :)
@jonasfj jonasfj added type-enhancement A request for a change that isn't a bug contributions-welcome Contributions welcome to help resolve this (the resolution is expected to be clear from the issue) P3 A lower priority bug or feature request labels Feb 11, 2019
@jonasfj jonasfj removed the contributions-welcome Contributions welcome to help resolve this (the resolution is expected to be clear from the issue) label Feb 26, 2020
@sigurdm
Copy link
Contributor

sigurdm commented Jan 25, 2024

We should probably just use pub unpack (when finished) or make a dummy-package depending on the package, and use pub get to download it.

@sigurdm sigurdm changed the title Check x-goog-hash header if present Use pub to download package, to have checksum validation of download Jan 25, 2024
@sigurdm
Copy link
Contributor

sigurdm commented Jan 25, 2024

Closing as duplicate of #1170

@sigurdm sigurdm closed this as not planned Won't fix, can't repro, duplicate, stale Jan 25, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
P3 A lower priority bug or feature request type-enhancement A request for a change that isn't a bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jonasfj @sigurdm