Inedo Community Forums Forums
    • Recent
    • Tags
    • Popular
    • Login

    Welcome to the Inedo Forums! Check out the Forums Guide for help getting started.

    If you are experiencing any issues with the forum software, please visit the Contact Form on our website and let us know!

    How is the "PackageHash_SHA512_Bytes" calculated and can be used to validate the package integrity?

    Scheduled Pinned Locked Moved Support
    nugetapiproget
    3 Posts 2 Posters 31 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • ? This user is from outside of this forum
      Guest
      last edited by

      Hi was just wondering how the "PackageHash_SHA512_Bytes" is calculated and if can be used to validate the package integrity.
      It doesn't seem to match the filehash of the actual package file.

      [
      {
          "Feed_Id": 1,
          "Package_Id": "Mx.Release.Package",
          "Version_Text": "16.0.0",
          "TargetFrameworks_Text": null,
          "Published_Date": "2018-02-05T15:12:41.303Z",
          "Package_Size": 24987,
          "Nuspec_Bytes": "77u/PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz48cGFja2----trimmed_rest",
          "PackageHash_SHA1_Bytes": "vRLwsut5rwlgYKE0C9aAdwbM2xo=",
          "PackageHash_SHA512_Bytes": "IOKFNp3q+CuDIaSEGAeAh2HrU3B+d7poJHgEj+Lx/h86gB1JiIROAh/SaRaBalSQWVwqU3ctHtP8xxTPmM/T0g==",
          "Symbols_Indicator": false,
          "Source_Indicator": false,
          "Cached_Indicator": false,
          "LastDownloaded_Date": "2018-02-18T12:07:30.22Z",
          "Version_Download_Count": 1,
          "Total_Download_Count": 1
      }
      

      ]

      Product: ProGet
      Version: 5.0.8

      1 Reply Last reply Reply Quote 0
      • ? This user is from outside of this forum
        Guest
        last edited by

        I forgot to mention that I'm calling the API (api/json/NuGetPackagesV2_GetLatest)
        And I noticed the "PackageHash_SHA512_Bytes" was there.

        And thought it might be useful if this was in fact the filehash of the package in the response.

        1 Reply Last reply Reply Quote 0
        • benB Offline
          ben inedo-engineer
          last edited by

          Hello Emil,

          If source or symbol stripping is enabled on the NuGet feed, the package you download will be dynamically created. If you add a query parameter ?includeSymbols=Y in the package request, ProGet will give you the original nupkg file, which should have the SHA512 sum from that field.

          1 Reply Last reply Reply Quote 0

          Hello! It looks like you're interested in this conversation, but you don't have an account yet.

          Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.

          With your input, this post could be even better 💗

          Register Login
          • 1 / 1
          • First post
            Last post
          Inedo Website Home • Support Home • Code of Conduct • Forums Guide • Documentation