Github user bbende commented on the issue:
https://github.com/apache/nifi-registry/pull/148
Just pushed a new commit that allows the client to specify a SHA-256 when
uploading the bundle. If they specify one and it doesn't match what the server
calculates, then it is rejected. If they don't specify one then we accept the
bundle, but we mark a flag called "sha256Supplied" as false, so consumers later
will know if the bundle was uploaded with or without a client provided checksum.
Since the upload is already a multi-part request, I thought it made the
most sense for the SHA-256 to be another field in the multi-part form data. As
an example of a curl command to upload with the checksum:
`curl -v -F file=@./nifi-example-processors-nar-1.0.0.nar
-Fsha256=93d2c6537142497ca3f908452d3c3c2bcae928fdc07e1b48fd3ba95ec22bc639
"http://localhost:18080/nifi-registry-api/buckets/72f897d9-5645-4168-852f-4885cc7c9cfe/extensions/bundles/nifi-nar";
`
---
