Re: [keycloak-dev] SHA1 for checking Keycloak file integrity

We'll look at adding checksums to downloads/website for 3.0.0.CR1, but not right now as we need to focus the testsuite. On 27 January 2017 at 09:13, Stian Thorgersen <sthorger(a)redhat.com&gt; wrote: Checksums are already generated and Maven central already have checksums for all files: http://search.maven.org/remotecontent?filepath=org/keycloak/keycloak-serv... http://search.maven.org/remotecontent?filepath=org/keycloak/keycloak-serv... The wrapper script should download from there and not from downloads.jboss.org as it's slower. We will add checksums to downloads.jboss.org and the website as well at some point. On 27 January 2017 at 02:04, Bruno Oliveira <bruno(a)abstractj.org&gt; wrote: Ahoy, for the quickstarts we have to provide a wrapper, which will be responsible to download a specific version of Keycloak and other tasks[1]. For this wrapper we have some scenarios: Scenario #1: User execute the script and manage to download Keycloak Scenario #2: User execute the script and download is interrupted. Which means that next time the script will resume that download Scenario #3: User already downloaded Keycloak and of course she does not want to do it again. For scenario 3, I was thinking about generate a SHA1[2] file for each Keycloak distribution to check the integrity of that file, not only for security, but for consistency. If we just check if file exists, thinking about scenario 2 and 3, we can't tell if that file was corrupted or not. Thoughts? [1] - https://issues.jboss.org/browse/KEYCLOAK-4321 [2] - http://maven.apache.org/plugins/maven-install-plugin/examples/installing-... -- abstractj _______________________________________________ keycloak-dev mailing list keycloak-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-dev