Add an checksum option

[GoogleCodeExporter]

In order to prevent people from using the wrong artifact, would be nice to
have a checksum along with the url.

VELO

Original issue reported on code.google.com by velo...@gmail.com on 9 Feb 2010 at 12:53

[GoogleCodeExporter]

What does the checksum do?  Do I calculate some checksum after the target file 
is 
downloaded to verify the integrity of the download?  Is there a standard way to 
calculate this?  

I do have the option in place for generating and installing checksum files into 
the 
local Maven repository,  I got this from the maven-install-plugin.  However, I 
have 
not figured out how to include the checksums with a deployment yet.  

Thanks

Thanks, Robert

Original comment by savage7....@gmail.com on 9 Feb 2010 at 4:13

• Added labels: Type-Enhancement
• Removed labels: Type-Defect

[GoogleCodeExporter]

The checksum is a fingerprint to a file.... so if I say I need the file from
http://velo.velo/velo.zip that in fact mean little... someone can just change 
that
link (like the website owner) returning an unexpected package (newer version 
maybe)
which can affect the build.  Also the download can get corrupted due to any 
network
issue.  So who define an entry on the pom should also define the file checksum, 
that
way plugin will be able to match with the file and know if it is safe to 
proceed.

To calculate it look at install plugin:
http://svn.apache.org/repos/asf/maven/plugins/trunk/maven-install-plugin/src/mai
n/java/org/apache/maven/plugin/install/AbstractInstallMojo.java

Line 183

Original comment by velo...@gmail.com on 9 Feb 2010 at 4:22

[GoogleCodeExporter]

checksum validation implemented

if a checksum value is defined for a configured external artifact, the plugin 
will now 
validate the file checksum after a download and before an install into the 
local 
repository.  It will validate for MD5 or SHA1 checksums.

Original comment by savage7....@gmail.com on 11 Feb 2010 at 2:55

• Changed state: Fixed