Details
-
Improvement
-
Status: Open
-
Normal
-
Resolution: Unresolved
-
3.2.0
-
None
-
None
Description
The entry scripts for distributionType=only-script may change the base name of the distribution url, then the fixed sha256 checksum in maven-wrapper.properties becomes invalid. These cases are:
- maven, type .zip: verify OK
- maven, type .tar.gz: verify FAIL
- mvnd: always FAIL, since the url is dynamic decided based on OS and ARCH, the extension may also fallback to .tar.gz
To fix the issue, we need store all possible checksums in the config file, and better to have an easy and secure way to generate these checksums from the distribution url or from the apache site.