[keycloak-dev] SHA1 for checking Keycloak file integrity
Bruno Oliveira
bruno at abstractj.org
Thu Jan 26 20:04:58 EST 2017
Ahoy, for the quickstarts we have to provide a wrapper, which will be
responsible to download a specific version of Keycloak and other
tasks[1].
For this wrapper we have some scenarios:
Scenario #1: User execute the script and manage to download Keycloak
Scenario #2: User execute the script and download is interrupted. Which
means that next time the script will resume that download
Scenario #3: User already downloaded Keycloak and of course she does not
want to do it again.
For scenario 3, I was thinking about generate a SHA1[2] file for each
Keycloak distribution to check the integrity of that file, not only for
security, but for consistency. If we just check if file exists, thinking
about scenario 2 and 3, we can't tell if that file was corrupted or not.
Thoughts?
[1] - https://issues.jboss.org/browse/KEYCLOAK-4321
[2] - http://maven.apache.org/plugins/maven-install-plugin/examples/installing-checksums.html
--
abstractj
More information about the keycloak-dev
mailing list