We'll look at adding checksums to downloads/website for 3.0.0.CR1, but not
right now as we need to focus the testsuite.
On 27 January 2017 at 09:13, Stian Thorgersen <sthorger(a)redhat.com> wrote:
Checksums are already generated and Maven central already have
for all files:
The wrapper script should download from there and not from
as it's slower.
We will add checksums to downloads.jboss.org
and the website as well at
On 27 January 2017 at 02:04, Bruno Oliveira <bruno(a)abstractj.org> wrote:
> Ahoy, for the quickstarts we have to provide a wrapper, which will be
> responsible to download a specific version of Keycloak and other
> For this wrapper we have some scenarios:
> Scenario #1: User execute the script and manage to download Keycloak
> Scenario #2: User execute the script and download is interrupted. Which
> means that next time the script will resume that download
> Scenario #3: User already downloaded Keycloak and of course she does not
> want to do it again.
> For scenario 3, I was thinking about generate a SHA1 file for each
> Keycloak distribution to check the integrity of that file, not only for
> security, but for consistency. If we just check if file exists, thinking
> about scenario 2 and 3, we can't tell if that file was corrupted or not.
>  - https://issues.jboss.org/browse/KEYCLOAK-4321
>  - http://maven.apache.org/plugins/maven-install-plugin/example
> keycloak-dev mailing list