[MWRAPPER-97] sha256 checksum is not well supported for distributionType=only-script - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Open
Priority: Normal
Resolution: Unresolved
Affects Version/s: 3.2.0
Fix Version/s: None
Component/s: Maven Wrapper Scripts
Labels:
None

Description

The entry scripts for distributionType=only-script may change the base name of the distribution url, then the fixed sha256 checksum in maven-wrapper.properties becomes invalid. These cases are:

maven, type .zip: verify OK
maven, type .tar.gz: verify FAIL
mvnd: always FAIL, since the url is dynamic decided based on OS and ARCH, the extension may also fallback to .tar.gz

To fix the issue, we need store all possible checksums in the config file, and better to have an easy and secure way to generate these checksums from the distribution url or from the apache site.

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: James Z.M. Gao

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 24/Feb/23 06:35

Updated:: 24/Feb/23 06:36