diff options
Diffstat (limited to 'lib/api/maven_packages.rb')
-rw-r--r-- | lib/api/maven_packages.rb | 19 |
1 files changed, 16 insertions, 3 deletions
diff --git a/lib/api/maven_packages.rb b/lib/api/maven_packages.rb index e2481dcb8c1..fb0221ee907 100644 --- a/lib/api/maven_packages.rb +++ b/lib/api/maven_packages.rb @@ -43,6 +43,9 @@ module API end end + # The sha verification done by the maven api is between: + # - the sha256 set by workhorse helpers + # - the sha256 of the sha1 of the uploaded package file def verify_package_file(package_file, uploaded_file) stored_sha256 = Digest::SHA256.hexdigest(package_file.file_sha1) expected_sha256 = uploaded_file.sha256 @@ -50,6 +53,16 @@ module API if stored_sha256 == expected_sha256 no_content! else + # Track sha1 conflicts. + # See https://gitlab.com/gitlab-org/gitlab/-/issues/367356 + Gitlab::ErrorTracking.log_exception( + ArgumentError.new, + message: 'maven package file sha1 conflict', + stored_sha1: package_file.file_sha1, + received_sha256: uploaded_file.sha256, + sha256_hexdigest_of_stored_sha1: stored_sha256 + ) + conflict! end end @@ -270,12 +283,12 @@ module API '' else file_params = { - file: params[:file], - size: params['file.size'], + file: params[:file], + size: params['file.size'], file_name: file_name, file_type: params['file.type'], file_sha1: params['file.sha1'], - file_md5: params['file.md5'] + file_md5: params['file.md5'] } ::Packages::CreatePackageFileService.new(package, file_params.merge(build: current_authenticated_job)).execute |