flex-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From OmPrakash Muppirala <bigosma...@gmail.com>
Subject Re: Installer and MD5 Checksums
Date Sun, 13 Jul 2014 16:52:25 GMT
On Sat, Jul 12, 2014 at 9:11 PM, Alex Harui <aharui@adobe.com> wrote:

> On 7/12/14 11:05 AM, "OmPrakash Muppirala" <bigosmallm@gmail.com> wrote:
> >On Sat, Jul 12, 2014 at 10:55 AM, Alex Harui <aharui@adobe.com> wrote:
> >
> >> The Installer 3.1 uses MD5 checksums on many of its downloads to verify
> >> their accuracy.  The checksums for Google Closure Library, Adobe AIR SDK
> >> and playerglobal.swc change every once in a while and that breaks
> >>installs
> >> until we find out, download the file, compute the new checksum and
> >>update
> >> the sdk-installer-config-4.0.xml file on the web-site.
> >>
> >> Is there a way we can automate that?  The Adobe AIR SDK is over 200MB
> >> (times 2 platforms) so it would be a lot of bandwidth to keep
> >>downloading
> >> it.  Is it possible to implement quicker check the way browsers verify
> >> what is in their caches?
> >>
> >>
> >Technically, yes we can automate it by creating a Jenkins job on one of
> >our
> >servers to just calculate a checksum of a downloaded file.  We can make
> >the
> >.MD5 file publicly available that the Installer could use.  This would be
> >a
> >one time set up.  We can probably run the job once a day.
> That could add up to 1GB per day or more?  Would that go beyond some limit
> allowed by Azure provider?
1GB per day in terms of bandwidth or storage?  Either way we have to try it
out and see what happens.

>  >
> >But I question the need for this. Normally checksums are created from the
> >source.  The act of downloading to your computer (manually or
> >automatically
> >via a job) could corrupt the file   If you compute the checksum on a
> >corrupted file and use that to verify subsequent downloads from a server,
> >that defeats the purpose.
> >
> >Either we ask Adobe, Google etc. to upload checksums which we can directly
> >download from the Installer and verify them.  Or we skip verification of
> >checksums of binaries that don't originate from ASF servers/mirrors.
> Bad downloads have been a significant problem.  And with the install
> scripts caching downloads, I wanted to verify the download before sticking
> into the cache.

How about unzipping and and doing a brain-dead check for certain files?
 Like air-config.xml or something like that.  And only then stick it into
the cache?

> If there's a better way to do that in Ant, I'm open to
> it, although I guess that will mean even more time before we ever ship
> another release.

Nope.  I dont want to add anything to the list for this release.  Lets get
this one out the door first :-)


> -Alex

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message