If you upload an artifact to Artifactory and don't provide a checksum, it gives this warning:
How do you upload with curl and include a checksum?
Asked
Active
Viewed 2.0k times
27
StackzOfZtuff
- 2,534
- 1
- 28
- 25
spuder
- 17,437
- 19
- 87
- 153
-
4I know you specifically asked about uploading with curl, and you already got an answer for it, but if it is relevant for you, when uploading withJFrog CLI, it automatically calculates and appends the checksums to the upload request. – Eyal Ben Moshe Oct 13 '16 at 01:26
3 Answers
43
This feature currently isn't well documented, an example is found on this page:
Simply add the following to the curl command: "--header "X-Checksum-<type>:${CHECKSUM}"
Sha1
CHECKSUM=$(shasum -a 1 foo.zip | awk '{ print $1 }')
curl --header "X-Checksum-Sha1:${CHECKSUM}" --upload-file "foo.zip -u "admin:<apikey>" -v https://artifactory.example.com/foo/
MD5
CHECKSUM=$(md5sum foo.zip | awk '{ print $1 }')
curl --header "X-Checksum-MD5:${CHECKSUM}" --upload-file "foo.zip -u "admin:<apikey>" -v https://artifactory.example.com/foo/
Or provide both checksums at once
ARTIFACT_MD5_CHECKSUM=$(md5sum foo.zip | awk '{print $1}')
ARTIFACT_SHA1_CHECKSUM=$(shasum -a 1 foo.zip | awk '{ print $1 }')
curl --upload-file "foo.zip" \
--header "X-Checksum-MD5:${ARTIFACT_MD5_CHECKSUM}" \
--header "X-Checksum-Sha1:${ARTIFACT_SHA1_CHECKSUM}" \
-u "admin:<apikey>" \
-v https://artifactory.example.com/foo/
Unfortunatley, uploading with the sha256 doesn't work with curl because of a bug
spuder
- 17,437
- 19
- 87
- 153
-
1Just in case it doesn't work for you beware that uploading checksums using headers is available only since Artifactory version 2.3.2 See: https://www.mail-archive.com/artifactory-users@lists.sourceforge.net/msg02203.html For previous versions you will have to upload checksupms separately – Pedro Jul 06 '18 at 10:29
-
2The link has apparently been deprecated. The current documentation appears to be over at https://www.jfrog.com/confluence/display/RTF/Artifactory+REST+API#ArtifactoryRESTAPI-DeployArtifactbyChecksum – shovavnik Oct 02 '19 at 15:48
15
This is working for me in 7.4.3 for MD5, SHA1 and SHA256.
for file in $(find a_folder -type f)
do
ARTIFACT_MD5_CHECKSUM=$(md5sum $file | awk '{print $1}')
ARTIFACT_SHA1_CHECKSUM=$(shasum -a 1 $file | awk '{ print $1 }')
ARTIFACT_SHA256_CHECKSUM=$(shasum -a 256 $file | awk '{ print $1 }')
echo curl --upload-file $file \
--header "X-Checksum-MD5:${ARTIFACT_MD5_CHECKSUM}" \
--header "X-Checksum-Sha1:${ARTIFACT_SHA1_CHECKSUM}" \
--header "X-Checksum-Sha256:${ARTIFACT_SHA256_CHECKSUM}" \
-u "admin:${APIKEY}" \
-v http://URL/$file
done
Jim
- 151
- 2
- 4
-
1This works. For the warning to disappear, only SHA1 and SHA256 are required as of Artifactory 6.18.1. MD5 checksum is accepted, but not required. – Geier Jan 27 '21 at 08:30
1
Since I'm not allowed to comment I will post a clarification as an answer.
This comment suggests that the Deploy Artifact by Checksum API is the documentation regarding uploads with checksum verification. But that is only valid for uploads of artifacts that already exist in Artifactory.
As documented, it will reject new artifact uploads with a 404.
gangefors
- 40
- 5
-
If you tried with the header -H "X-Checksum-Deploy:true". If that is the case, it will upload only if the content exists. Just try without this header or with -H "X-Checksum-Deploy:false" – Neron Joseph Jun 13 '21 at 06:08
-
Looks like the X-Checksum-Deploy header behaviour is documented now. "If the X-Checksum-Deploy header is set to false, the artifact will be uploaded successfully with a 201 response, even if it didn't exist before, and submitted checksums will have status Uploaded: Identical." – gangefors Feb 14 '22 at 11:53