[jira] [Updated] (MWRAPPER-97) sha256 checksum is not well supported for distributionType=only-script

[James Z.M. Gao (Jira)]

     [ 
https://issues.apache.org/jira/browse/MWRAPPER-97?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

James Z.M. Gao updated MWRAPPER-97:
-----------------------------------
    Description: 
The entry scripts for distributionType=only-script may change the base name of 
the distribution url, then the fixed sha256 checksum in 
maven-wrapper.properties becomes invalid. These cases are:

 
 * maven, type .zip: verify OK
 * maven, type .tar.gz: verify FAIL
 * mvnd: always FAIL, since the url is dynamic decided based on OS and ARCH, 
and the extension may also fallback to .tar.gz

 

To fix the issue, we need store all possible checksums in the config file, and 
better to have an easy and secure way to generate these checksums from the 
distribution url or from the apache site.

  was:
The entry scripts for distributionType=only-script may change the base name of 
the distribution url, then the fixed sha256 checksum in 
maven-wrapper.properties becomes invalid. These case are:

 
 * maven, type .zip: verify OK
 * maven, type .tar.gz: verify FAIL
 * mvnd: always FAIL, since the url is dynamic decided based on OS and ARCH, 
and the extension may also fallback to .tar.gz

 

To fix the issue, we need store all possible checksums in the config file, and 
better to have an easy and secure way to generate these checksums from the 
distribution url or from the apache site.


> sha256 checksum is not well supported for distributionType=only-script
> ----------------------------------------------------------------------
>
>                 Key: MWRAPPER-97
>                 URL: https://issues.apache.org/jira/browse/MWRAPPER-97
>             Project: Maven Wrapper
>          Issue Type: Improvement
>          Components: Maven Wrapper Scripts
>    Affects Versions: 3.2.0
>            Reporter: James Z.M. Gao
>            Priority: Normal
>
> The entry scripts for distributionType=only-script may change the base name 
> of the distribution url, then the fixed sha256 checksum in 
> maven-wrapper.properties becomes invalid. These cases are:
>  
>  * maven, type .zip: verify OK
>  * maven, type .tar.gz: verify FAIL
>  * mvnd: always FAIL, since the url is dynamic decided based on OS and ARCH, 
> and the extension may also fallback to .tar.gz
>  
> To fix the issue, we need store all possible checksums in the config file, 
> and better to have an easy and secure way to generate these checksums from 
> the distribution url or from the apache site.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)