Uploaded image for project: 'Infrastructure'
  1. Infrastructure
  2. INFRA-13629

release .sha checksum file download from dist.apache.org is incorrect when using Firefox


    • Type: Bug
    • Status: Closed
    • Priority: Trivial
    • Resolution: Fixed
    • Fix Version/s: Mar 2017
    • Component/s: Dists, Subversion
    • Labels:


      We have historically shipped a .sha1 signature file with our releases, but swapped for a couple of in-progress releases to use .sha file with a SHA512 checksum, as noted in http://www.apache.org/dev/release-distribution.html#sigs-and-sums. In testing these releases, it was noticed the .sha file failed to download correctly.

      The issue was noticed when the file was grabbed using Firefox, however the file downloads successfully when using wget or checking out the svn dir of the dist repo. Looking at the wget output, it is visible that previously the .sha1 mime type was reported as application/x-sha1, but with the new .sha file it is now being reported as application/x-gzip.

      Forcing a mime type of text/plain in svn with a svn:mime-type propset allows the browser to view/download the file successfully, but it doesnt feel like this should be needed given svn itself treats files as text by default and other checksum extensions are handled without issue.

      https://dist.apache.org/repos/dist/dev/qpid/proton-j/0.18.0-rc1/apache-qpid-proton-j-0.18.0-src.tar.gz.sha is an example of a file with the issue. Mime type currently not set in svn.




            • Assignee:
              cml Chris Lambertus
              gemmellr Robbie Gemmell
            • Votes:
              0 Vote for this issue
              4 Start watching this issue


              • Created: