Uploaded image for project: 'Infrastructure'
  1. Infrastructure
  2. INFRA-13629

release .sha checksum file download from dist.apache.org is incorrect when using Firefox

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Trivial
    • Resolution: Fixed
    • Fix Version/s: Mar 2017
    • Component/s: Dists, Subversion
    • Labels:
      None

      Description

      We have historically shipped a .sha1 signature file with our releases, but swapped for a couple of in-progress releases to use .sha file with a SHA512 checksum, as noted in http://www.apache.org/dev/release-distribution.html#sigs-and-sums. In testing these releases, it was noticed the .sha file failed to download correctly.

      The issue was noticed when the file was grabbed using Firefox, however the file downloads successfully when using wget or checking out the svn dir of the dist repo. Looking at the wget output, it is visible that previously the .sha1 mime type was reported as application/x-sha1, but with the new .sha file it is now being reported as application/x-gzip.

      Forcing a mime type of text/plain in svn with a svn:mime-type propset allows the browser to view/download the file successfully, but it doesnt feel like this should be needed given svn itself treats files as text by default and other checksum extensions are handled without issue.

      https://dist.apache.org/repos/dist/dev/qpid/proton-j/0.18.0-rc1/apache-qpid-proton-j-0.18.0-src.tar.gz.sha is an example of a file with the issue. Mime type currently not set in svn.

        Activity

        Hide
        cml Chris Lambertus added a comment -
        Does changing the filename from .sha to .sha2 change anything?
        Show
        cml Chris Lambertus added a comment - Does changing the filename from .sha to .sha2 change anything?
        Hide
        sebb@apache.org Sebb added a comment -
        Curious - it's only a problem with Firefox.
        Opera, Chrome and Safari are all OK on my Mac.
        Show
        sebb@apache.org Sebb added a comment - Curious - it's only a problem with Firefox. Opera, Chrome and Safari are all OK on my Mac.
        Hide
        sebb@apache.org Sebb added a comment -
        Looks like it is being sent with Content-encoding: gzip. That seems unnecessary given its size.
        Show
        sebb@apache.org Sebb added a comment - Looks like it is being sent with Content-encoding: gzip. That seems unnecessary given its size.
        Hide
        gemmellr Robbie Gemmell added a comment - - edited Reporter
        Chris: no, copying a test file to use .sha2 and .sha512 extensions shows the same issue.

        Sebb]: interesting, I didn't catch that it was a Firefox-only issue (both of us that saw this must be using it). I'd noticed the gzip mime type, and indeed forcing svn to say it is text/plain mime type lets it work, it just doesnt seem like that should be needed.
        Show
        gemmellr Robbie Gemmell added a comment - - edited Reporter Chris: no, copying a test file to use .sha2 and .sha512 extensions shows the same issue. Sebb]: interesting, I didn't catch that it was a Firefox-only issue (both of us that saw this must be using it). I'd noticed the gzip mime type, and indeed forcing svn to say it is text/plain mime type lets it work, it just doesnt seem like that should be needed.
        Hide
        gemmellr Robbie Gemmell added a comment - Reporter
        Setting the mime type in the svn repo to "application/x-sha" or "application/x-sha2" also lets things work, with the same then being reported when downloaded from the webserver with wget, and the file being downloaded ok in Firefox and indicated as ".sha file" type in Firefox. I tried those since the webserver is automatically using "application/x-sha1" on .sha1 files, and "application/x-md5" on .md5 files (which dont have a mime-type set in svn).

        Can we figure out where the webserver bits are doing this mime type selection and update them to report something other than "application/x-gzip"?

        Show
        gemmellr Robbie Gemmell added a comment - Reporter Setting the mime type in the svn repo to "application/x-sha" or "application/x-sha2" also lets things work, with the same then being reported when downloaded from the webserver with wget, and the file being downloaded ok in Firefox and indicated as ".sha file" type in Firefox. I tried those since the webserver is automatically using "application/x-sha1" on .sha1 files, and "application/x-md5" on .md5 files (which dont have a mime-type set in svn). Can we figure out where the webserver bits are doing this mime type selection and update them to report something other than "application/x-gzip"?
        Hide
        sebb@apache.org Sebb added a comment -
        I wonder if the extension matching is looking for .zip and .gz without checking that these are at the end of the path name?

        I set up some test files:

        https://dist.apache.org/repos/dist/dev/jmeter/test/
        test-tar.gz.sha => x-gzip
        test-tar.gz.sha1 => x-sha1
        test-tar.sha => plain
        test.sha => plain
        test.tgz.sha => x-gzip
        test.zip.sha => zip

        The above list shows the file names and the content type reported.
        Show
        sebb@apache.org Sebb added a comment - I wonder if the extension matching is looking for .zip and .gz without checking that these are at the end of the path name? I set up some test files: https://dist.apache.org/repos/dist/dev/jmeter/test/ test-tar.gz.sha => x-gzip test-tar.gz.sha1 => x-sha1 test-tar.sha => plain test.sha => plain test.tgz.sha => x-gzip test.zip.sha => zip The above list shows the file names and the content type reported.
        Hide
        gemmellr Robbie Gemmell added a comment - Reporter
        Sounds like a reasonable bet based on the testing results.
        Show
        gemmellr Robbie Gemmell added a comment - Reporter Sounds like a reasonable bet based on the testing results.
        Hide
        gemmellr Robbie Gemmell added a comment - Reporter
        For what it is worth, they are reported as "text/plain" type by the https://www.apache.org/dist/ webserver, even when given a different mime type in svn, so it looks to be only the dist.apache.org webserver giving the odd behaviour.
        Show
        gemmellr Robbie Gemmell added a comment - Reporter For what it is worth, they are reported as "text/plain" type by the https://www.apache.org/dist/ webserver, even when given a different mime type in svn, so it looks to be only the dist.apache.org webserver giving the odd behaviour.
        Hide
        jira-bot ASF subversion and git services added a comment -
        Commit 646f3a2c434070b1675a16e2af0a9ca16822ccd1 in infrastructure-puppet's branch refs/heads/cml/INFRA-13629 from [~cml]
        [ https://git-wip-us.apache.org/repos/asf?p=infrastructure-puppet.git;h=646f3a2 ]

        add text/plain mimetype for .sha and .sha2 per INFRA-13629
        Show
        jira-bot ASF subversion and git services added a comment - Commit 646f3a2c434070b1675a16e2af0a9ca16822ccd1 in infrastructure-puppet's branch refs/heads/cml/ INFRA-13629 from [~cml] [ https://git-wip-us.apache.org/repos/asf?p=infrastructure-puppet.git;h=646f3a2 ] add text/plain mimetype for .sha and .sha2 per INFRA-13629
        Hide
        cml Chris Lambertus added a comment -
        Similar to https://issues.apache.org/jira/browse/INFRA-2177. I'll update the dist vhost to set text/plain for .sha and .sha2. This will likely go live in a few hours.
        Show
        cml Chris Lambertus added a comment - Similar to https://issues.apache.org/jira/browse/INFRA-2177 . I'll update the dist vhost to set text/plain for .sha and .sha2. This will likely go live in a few hours.
        Hide
        jira-bot ASF subversion and git services added a comment -
        Commit 646f3a2c434070b1675a16e2af0a9ca16822ccd1 in infrastructure-puppet's branch refs/heads/deployment from [~cml]
        [ https://git-wip-us.apache.org/repos/asf?p=infrastructure-puppet.git;h=646f3a2 ]

        add text/plain mimetype for .sha and .sha2 per INFRA-13629
        Show
        jira-bot ASF subversion and git services added a comment - Commit 646f3a2c434070b1675a16e2af0a9ca16822ccd1 in infrastructure-puppet's branch refs/heads/deployment from [~cml] [ https://git-wip-us.apache.org/repos/asf?p=infrastructure-puppet.git;h=646f3a2 ] add text/plain mimetype for .sha and .sha2 per INFRA-13629
        Hide
        cml Chris Lambertus added a comment -
        Change is live. .sha files seem to behave as expected with firefox now.
        Show
        cml Chris Lambertus added a comment - Change is live. .sha files seem to behave as expected with firefox now.
        Hide
        gemmellr Robbie Gemmell added a comment - Reporter
        Thanks for making the update. I've given it a test and it indeed gets things working in firefox, with .sha checksums from dist.apache.org now containing the expected content once saved.

        Resolving.
        Show
        gemmellr Robbie Gemmell added a comment - Reporter Thanks for making the update. I've given it a test and it indeed gets things working in firefox, with .sha checksums from dist.apache.org now containing the expected content once saved. Resolving.

          People

          • Assignee:
            cml Chris Lambertus
            Reporter:
            gemmellr Robbie Gemmell
            Request participants:
            None
          • Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: