update center (http://updates.jenkins-ci.org/download/plugins/) don't includes md5 / sha1 checksums afaik, but this would be a good addition for your use case and many others to avoid broken installations due to errors during plugin download.
2012/7/27 Fredrik Orderud <forde...@gmail.com> > (Forwarded posting > https://groups.google.com/forum/?fromgroups#!topic/jenkinsci-users/2v8csoO0cxE) > > In my corporate environment, we are working behind a firewall that returns > "nice" HTML webpages with detailed error instructions instead of a plain > "connection refused" error in situations of invalid PROXY settings. > > We have experienced several times that Jenkins servers with improper PROXY > settings will download jpi-files for plugin updates containing just "error > HTML webpage" content. Jenkins doesn't seem to detect this, and instead > tries to install the corrupted plugin. What then happens is that the plugin > upgrade fails, and the plugin gets _uninstalled_ altogether. Any > job-configuration related to the accidentally uninstalled plugin then also > seems to be removed, which is pretty serious. > > Would it be possible to add some sort of integrity-verification to > downloaded jpi-files prior to install them, so that we avoid accidentally > uninstalling plugins? > > > Thanks in advance, > Fredrik Orderud >
