[JIRA] (JENKINS-60031) URL SCM needs to be able to verify a checksum

0 views
Skip to first unread message

mi+jenkins-2019@aldan.algebra.com (JIRA)

unread,
Nov 3, 2019, 9:54:03 PM11/3/19
to jenkinsc...@googlegroups.com
Mikhail T created an issue
 
Jenkins / Improvement JENKINS-60031
URL SCM needs to be able to verify a checksum
Issue Type: Improvement Improvement
Assignee: mdonohue
Components: urlscm-plugin
Created: 2019-11-04 02:53
Priority: Major Major
Reporter: Mikhail T

It should be possible, when providing the URL, to fill out the expected checksum (SHA1, SHA256, whatever). As it downloads, the plugin will calculate the digest using the specified algorithm, and fail, if the downloaded file does not match the expectation.

This is an important security-related feature – to guard against someone substituting the downloaded sources with their own version (either in transit or after hacking the file-repository).
Add Comment Add Comment
 
This message was sent by Atlassian Jira (v7.13.6#713006-sha1:cc4451f)
Atlassian logo
Reply all
Reply to author
Forward
0 new messages