-
Notifications
You must be signed in to change notification settings - Fork 946
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[feature] Integrity check in install command #16262
Comments
Hi @sharpepd Thanks for your suggestion. This is intentional at the moment. Packages are almost never corrupted at download or install time, and the The integrity checks makes a bit more sense to check if the users have manually modified the cache, like editing some files via an editor that found those files with its navigation capabilities. This is the reason the check is done as a Also, the So I am afraid this would be too much complexity for the value, and not very aligned with the idea that this error should be an exceptional thing and not part of the normal dependencies installation flow. Thanks very much for the feedback anyway! |
It is also not completely clear what it means that people can change the content on the server, this is not a thing, server doesn't have caches, and they cannot corrupt packages, because they store things in |
Thanks for your comments. It kinda feels like that should be default behaviour, but also understand why it is not. If you are not going to add this to install, do you have any suggestions on how we can ensure the integrity of the cache? |
But it is happening that often? This should be pretty unusual from my experience.
As another extra reason, there is also the cost. The operation can be pretty slow if there are many large packages. Having the time of
Have you considered doing a custom command that does the integrity checks as you want? Custom commands are very powerful feature in Conan 2 and allows to do this relatively easily |
What is your suggestion?
Hi! We are now using Conan 2.x (specifically on 2.1.0) and are looking at the "cache check-integrity" command.
This is great and something we feel we were missing, as it seems too easy for people change the cache content from that on the server and this allows us to at least check if that happens.
However, if we want to be sure that the Conan cache has the latest content from the Conan server when we install dependencies, the workflow seems to be:
Are we missing a trick?
It would be handy if we could tell the Conan install command we want to ensure that the cache is in sync with the server. I looked at the --update option, but that does not seem to be doing the integrity check - just checking if a newer version is available.
Have you read the CONTRIBUTING guide?
The text was updated successfully, but these errors were encountered: