The script was patched with a line like this:
echo " subversion-1.10.2.tar.bz2" >> subversion-1.10.2.tar.bz2.sha512
On 09/22/2018 09:39 AM, Adam Jensen wrote:
>>From the recommended release page:
> https://subversion.apache.org/download.cgi#recommended-release
>
> The Checksum (SHA512) file:
> https://www.apache.org/dist/subversion/subversion-1.10.2.tar.bz2.sha512
>
> Contains:
> ccbe860ec93a198745e40620cb7e005a85797e344a99ddbc0e24c32ad846976eae35cf5b3d62ba5751b998f0d40bbebbba72f484d92c92693bbb2112c989b129
>
> In order to check the hash of the file using a command like this:
> sha512sum --check subversion-1.10.2.tar.bz2.sha512
>
> Shouldn't the format of that file (subversion-1.10.2.tar.bz2.sha512) be
> something like this:
> ccbe860ec93a198745e40620cb7e005a85797e344a99ddbc0e24c32ad846976eae35cf5b3d62ba5751b998f0d40bbebbba72f484d92c92693bbb2112c989b129
> subversion-1.10.2.tar.bz2
>
> That is, it should contain the hash AND the file name.
>
> Given the current situation, can anyone think of a shell script blurb to
> download the files then verify with the hash? Normally, I would do it
> with something like this:
>
> #!/usr/bin/env bash
> FILE=subversion-1.10.2.tar.bz2
> if [ ! -f $FILE ]; then
> echo "Fetching $FILE"
> wget http://www-eu.apache.org/dist/subversion/subversion-1.10.2.tar.bz2
> fi
> FILE=subversion-1.10.2.tar.bz2.sha512
> if [ ! -f $FILE ]; then
> echo "Fetching $FILE"
> wget
> https://www.apache.org/dist/subversion/subversion-1.10.2.tar.bz2.sha512
> fi
> sha512sum --check subversion-1.10.2.tar.bz2.sha512 || exit 1
> # and the script continues...
>
>
Received on 2018-09-22 16:52:45 CEST