Add API support for file checksums in Generic Package Repository

Problem

User Need: Users need a way to verify file integrity when downloading files from the Generic Package Repository by accessing SHA256 checksums.

Current Limitation: The Generic Package Repository doesn't currently provide APIs or UI elements to access file checksums for verification purposes.

Background

This issue originated from customer feedback on the GitLab documentation:

Documentation page: https://docs.gitlab.com/user/packages/generic_packages/?tab=With%20GitLab%20CI%2FCD
User feedback: "Could not find what I needed" - specifically looking for "URL for sha256 associated value to each file"
Stage/Group: Package, Package Registry

Proposed Solution

Return file checksums in response headers when downloading files from the Generic Package Repository.

Implementation considerations:

Include SHA256 checksum in HTTP response headers (e.g., X-Checksum-SHA256 or similar)
Consider adding checksum information to API responses for file listings
Update documentation to explain how users can access and verify checksums

Acceptance Criteria

File downloads from Generic Package Repository include checksum in response headers
- Users can programmatically access file checksums for verification
- Documentation is updated to explain checksum verification process
- Consider API endpoints that list files with their checksums

Labels

~"Category:Generic Package Repository" ~"type::feature" ~"group::package registry"

Edited Oct 30, 2025 by 🤖 GitLab Bot 🤖