[keycloak-dev] SHA1 for checking Keycloak file integrity
Bruno Oliveira
bruno at abstractj.org
Fri Jan 27 04:07:31 EST 2017
Thanks Stian, that helps.
On Fri, Jan 27, 2017, 6:47 AM Stian Thorgersen <sthorger at redhat.com> wrote:
> We'll look at adding checksums to downloads/website for 3.0.0.CR1, but not
> right now as we need to focus the testsuite.
>
> On 27 January 2017 at 09:13, Stian Thorgersen <sthorger at redhat.com> wrote:
>
> Checksums are already generated and Maven central already have checksums
> for all files:
>
>
> http://search.maven.org/remotecontent?filepath=org/keycloak/keycloak-server-dist/2.5.1.Final/keycloak-server-dist-2.5.1.Final.zip
>
> http://search.maven.org/remotecontent?filepath=org/keycloak/keycloak-server-dist/2.5.1.Final/keycloak-server-dist-2.5.1.Final.zip.sha1
>
> The wrapper script should download from there and not from
> downloads.jboss.org as it's slower.
>
> We will add checksums to downloads.jboss.org and the website as well at
> some point.
>
> On 27 January 2017 at 02:04, Bruno Oliveira <bruno at abstractj.org> wrote:
>
> Ahoy, for the quickstarts we have to provide a wrapper, which will be
> responsible to download a specific version of Keycloak and other
> tasks[1].
>
> For this wrapper we have some scenarios:
>
> Scenario #1: User execute the script and manage to download Keycloak
> Scenario #2: User execute the script and download is interrupted. Which
> means that next time the script will resume that download
> Scenario #3: User already downloaded Keycloak and of course she does not
> want to do it again.
>
> For scenario 3, I was thinking about generate a SHA1[2] file for each
> Keycloak distribution to check the integrity of that file, not only for
> security, but for consistency. If we just check if file exists, thinking
> about scenario 2 and 3, we can't tell if that file was corrupted or not.
>
> Thoughts?
>
>
>
> [1] - https://issues.jboss.org/browse/KEYCLOAK-4321
> [2] -
> http://maven.apache.org/plugins/maven-install-plugin/examples/installing-checksums.html
>
> --
>
> abstractj
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
>
>
>
More information about the keycloak-dev
mailing list