Description
Describe the request
Do not error if the downloaded file size doesn't match the size value in the index.
A mismatch should only generate a warning. This warning will serve two purposes:
- Give the user information that can be used in troubleshooting a failed installation due to checksum mismatch
- Communicate to the package developer that they made a mistake (which will have the minor harmful effect of throwing off the download progress indicator)
If there is actually a problem with the downloaded file, the checksum validation will still fail.
🙂 Users will no longer suffer when package developers fail to correctly set a size value.
Describe the current behavior
Arduino CLI performs two operations in order to validate downloaded files
If the file size doesn't match the size value in the index, installation fails:
$ ./arduino-cli version
arduino-cli.exe Version: git-snapshot Commit: dde30647 Date: 2023-09-22T02:26:41Z
$ arduino-cli --additional-urls https://raw.githubusercontent.com/geolink/opentracker-arduino-board/bf6158ebab0402db217bfb02ea61461ddc6f2940/package_opentracker_index.json core update-index
[...]
$ arduino-cli --additional-urls https://raw.githubusercontent.com/geolink/opentracker-arduino-board/bf6158ebab0402db217bfb02ea61461ddc6f2940/package_opentracker_index.json core install opentracker:sam@1.0.5
[...]
Installing opentracker:bossac@1.5-opentracker...
Error during install: Cannot install tool opentracker:bossac@1.5-opentracker: testing local archive integrity: testing archive size: fetched archive size differs from size specified in index: 218874 != 218849
The installation will also fail if the file's checksum doesn't match the value of the checksum property in the package index. A SHA-256 checksum is entirely sufficient on its own to validate a file, so a size check is completely superfluous for the purpose of validating the file.
The other use Arduino CLI makes of the size value is indicating the progress of the download. Although this is a nice convenience feature, an incorrect size field value will only result in a minor inaccuracy in the progress indicator, which is not sufficient grounds on its own to fail the installation.
Package developers sometimes fumble the creation of package index entries. These include the size fields:
Since an incorrect size field value doesn't cause any visible problems when using Arduino IDE 1.x, developers who have not migrated to Arduino CLI or Arduino IDE 2.x won't notice the problem while testing the index. This means the users who are often not able to do anything to fix the problem are the ones punished by Arduino CLI unnecessarily failing the platform installation under these conditions.
Arduino CLI version
Operating system
All
Operating system version
Any
Additional context
This proposal might appear similar to #1468. However, that proposal is to make it possible to skip all validation, while this proposal is only about removing a superfluous validation requirement, leaving the entirely sufficient validation via checksum intact.
Examples of users suffering from Arduino CLI unnecessarily failing the platform installation due to an incorrect size value:
- Don't fail installation on mismatch with
sizefields of index #2332 (comment) - Archive size differs from index ArduCAM/ArduCAM_ESP32S_UNO#22
- Index Erroe ArduCAM/ArduCAM_ESP8266_UNO#53
- https://forum.arduino.cc/t/error-13-arducam-esp8266-uno/1158062
- https://forum.arduino.cc/t/projet-camera-arducamov5642-esp32-nodered/1094620
- https://forum.arduino.cc/t/stop-warning-for-non-upgradable-board/1166106/5
- https://forum.arduino.cc/t/cant-install-m5stack-boards/1125562
Issue checklist
- I searched for previous requests in the issue tracker
- I verified the feature was still missing when using the latest nightly build
- My request contains all necessary details