-
Notifications
You must be signed in to change notification settings - Fork 127
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[MRESOLVER-354] Document Expected Checksums in Resolver #281
Conversation
## Transport Checksum Strategies | ||
|
||
Historically, the "obtain expected checksum" was implemented as simple HTTP GET | ||
request against Artifact checksum URL (Artifact URL appended by ".sha1"). This logic |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Note that this is actually transport specific.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
removed mention of HTTP GET
means, possibly ahead of any transport operation. There is an SPI extension point that users may | ||
implement, to have own ways to provide checksums to resolver. Alternatively, one may use Resolver out of the |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
An example implementation or demo - how to implement will be helpful, can be on separated document.
provided by user. This new feature may become handy in cases when user does not trust the local | ||
repository, as it may be shared with some other unknown or even untrusted party. | ||
|
||
The Trusted Checksums provide two source implementations out of the box. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
example how to configure, which property to set ... etc will be appreciated, can be as link to other document
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Generally ok, it describes used mechanizm and possibility from theoretically side.
Examples how to use and configure will be appreciated.
Of course on separate documents for each case as next step.
@slawekjaranowski re examples, all the new features (RRF, TrustedChecksums) are kinda incomplete without https://issues.apache.org/jira/browse/MRESOLVER-304 (or linked Maven issue https://issues.apache.org/jira/browse/MNG-6303) as ultimate goal would be to commit checksums, filter config along with project sources. Sadly, that is impossible today. So I'd rather wait with examples. But still, this doco is useful, as it explains at least one confusion users hit (and reported as "bug" while it was actually OK) https://lists.apache.org/thread/nsbormhpfgqq19qzgo4rx12lg28qv0tb |
Add documentation to new resolver transport features like "provided" and "remote included" checksums. Also explain "trusted" checksums.
https://issues.apache.org/jira/browse/MRESOLVER-354