You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@maven.apache.org by GitBox <gi...@apache.org> on 2022/10/05 20:07:13 UTC

[GitHub] [maven-wrapper] slawekjaranowski commented on a diff in pull request #58: [MWRAPPER-75] Allow for sha256 checksum verification of downloaded artifacts.

slawekjaranowski commented on code in PR #58:
URL: https://github.com/apache/maven-wrapper/pull/58#discussion_r985951900


##########
maven-wrapper/src/main/java/org/apache/maven/wrapper/Installer.java:
##########
@@ -87,6 +91,14 @@ public Path createDist( WrapperConfiguration configuration )
             downloaded = Files.exists( localZipFile );
         }
 
+        if ( verifyDistributionSha256Sum )
+        {
+            verifier.verify( localZipFile,
+                    "distributionSha256Sum",
+                    Verifier.SHA_256_ALGORITHM,
+                    configuration.getDistributionSha256Sum() );
+        }
+

Review Comment:
   I would like to execute this block only when new file is downloaded, now we will calculate checksum on every Maven execute.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@maven.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org