[keycloak-dev] SHA1 for checking Keycloak file integrity
Stian Thorgersen
sthorger at redhat.com
Fri Jan 27 03:47:37 EST 2017
We'll look at adding checksums to downloads/website for 3.0.0.CR1, but not
right now as we need to focus the testsuite.
On 27 January 2017 at 09:13, Stian Thorgersen <sthorger at redhat.com> wrote:
> Checksums are already generated and Maven central already have checksums
> for all files:
>
> http://search.maven.org/remotecontent?filepath=org/
> keycloak/keycloak-server-dist/2.5.1.Final/keycloak-server-
> dist-2.5.1.Final.zip
> http://search.maven.org/remotecontent?filepath=org/
> keycloak/keycloak-server-dist/2.5.1.Final/keycloak-server-
> dist-2.5.1.Final.zip.sha1
>
> The wrapper script should download from there and not from
> downloads.jboss.org as it's slower.
>
> We will add checksums to downloads.jboss.org and the website as well at
> some point.
>
> On 27 January 2017 at 02:04, Bruno Oliveira <bruno at abstractj.org> wrote:
>
>> Ahoy, for the quickstarts we have to provide a wrapper, which will be
>> responsible to download a specific version of Keycloak and other
>> tasks[1].
>>
>> For this wrapper we have some scenarios:
>>
>> Scenario #1: User execute the script and manage to download Keycloak
>> Scenario #2: User execute the script and download is interrupted. Which
>> means that next time the script will resume that download
>> Scenario #3: User already downloaded Keycloak and of course she does not
>> want to do it again.
>>
>> For scenario 3, I was thinking about generate a SHA1[2] file for each
>> Keycloak distribution to check the integrity of that file, not only for
>> security, but for consistency. If we just check if file exists, thinking
>> about scenario 2 and 3, we can't tell if that file was corrupted or not.
>>
>> Thoughts?
>>
>>
>>
>> [1] - https://issues.jboss.org/browse/KEYCLOAK-4321
>> [2] - http://maven.apache.org/plugins/maven-install-plugin/example
>> s/installing-checksums.html
>>
>> --
>>
>> abstractj
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>
>
>
More information about the keycloak-dev
mailing list