[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Subversion 1.10.2 Checksum (SHA512)

From: Daniel Shahaf <d.s_at_daniel.shahaf.name>
Date: Sat, 22 Sep 2018 14:13:37 +0000

Adam Jensen wrote on Sat, 22 Sep 2018 09:39 -0400:
> Given the current situation, can anyone think of a shell script blurb to
> download the files then verify with the hash?

wget .../subversion-1.10.2.tar.bz2
wget https://www.apache.org/dist/subversion/subversion-1.10.2.tar.bz2.sha512
sha512sum subversion-1.10.2.tar.bz2 | grep -x -- "$(cat < subversion-1.10.2.tar.bz2.sha512)"

> Normally, I would do it with something like this:
>
> #!/usr/bin/env bash
> FILE=subversion-1.10.2.tar.bz2
> if [ ! -f $FILE ]; then
> echo "Fetching $FILE"
> wget http://www-eu.apache.org/dist/subversion/subversion-1.10.2.tar.bz2

Please don't download the artifacts from www*.apache.org but from a
mirror. I think there is a redirector CGI somewhere that automatically
redirects you to a mirror close to you, but I can't find it :(

(The checksum files, in contrast, are intentionally available *only*
from www*.apache.org.)

> sha512sum --check subversion-1.10.2.tar.bz2.sha512 || exit 1

One reason for not creating the file in the form "${hash}${two_spaces}${filename}"
is that not everyone uses sha512sum from GNU coreutils. If there were
additional information in the file besides the hash value, people not on
linux would have had to sed it out.

Cheers,

Daniel
Received on 2018-09-22 16:13:53 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.