[keycloak-dev] SHA1 for checking Keycloak file integrity
sthorger at redhat.com
Fri Jan 27 03:47:37 EST 2017
We'll look at adding checksums to downloads/website for 3.0.0.CR1, but not
right now as we need to focus the testsuite.
On 27 January 2017 at 09:13, Stian Thorgersen <sthorger at redhat.com> wrote:
> Checksums are already generated and Maven central already have checksums
> for all files:
> The wrapper script should download from there and not from
> downloads.jboss.org as it's slower.
> We will add checksums to downloads.jboss.org and the website as well at
> some point.
> On 27 January 2017 at 02:04, Bruno Oliveira <bruno at abstractj.org> wrote:
>> Ahoy, for the quickstarts we have to provide a wrapper, which will be
>> responsible to download a specific version of Keycloak and other
>> For this wrapper we have some scenarios:
>> Scenario #1: User execute the script and manage to download Keycloak
>> Scenario #2: User execute the script and download is interrupted. Which
>> means that next time the script will resume that download
>> Scenario #3: User already downloaded Keycloak and of course she does not
>> want to do it again.
>> For scenario 3, I was thinking about generate a SHA1 file for each
>> Keycloak distribution to check the integrity of that file, not only for
>> security, but for consistency. If we just check if file exists, thinking
>> about scenario 2 and 3, we can't tell if that file was corrupted or not.
>>  - https://issues.jboss.org/browse/KEYCLOAK-4321
>>  - http://maven.apache.org/plugins/maven-install-plugin/example
>> keycloak-dev mailing list
>> keycloak-dev at lists.jboss.org
More information about the keycloak-dev