acceptance-test-harness icon indicating copy to clipboard operation
acceptance-test-harness copied to clipboard

Published 20 hours ago verified publisher icon jenkinsci

Verify checksums of `geckodriver` and Maven

Open basil opened this issue 7 months ago • 0 comments

The curl commands in the Dockerfile that download geckodriver and Maven download these tools without verifying their checksums as in https://github.com/jenkinsci/docker/pull/1868, meaning that a truncated download or corrupted file could result in an execution failure later on. Better to verify the checksum immediately and fail fast in that case.

basil avatar Jul 26 '24 15:07 basil