How to check sums being generated by this plugin?
solomax opened this issue · 12 comments
sha256 sum being generated by this plugin looks like follows:
8a4ec21b00c1b8bcb9fb51f02e7d0e40401f753c749334717ce022988daccc96
no spaces, no file name
sha256sum tool on the linux requires following format:
sum space space file_name
http://linux.die.net/man/1/sha256sum
this is why sha256sum -c command results to the following error:
no properly formatted SHA256 checksum lines found
What is the correct way of checking sums being generated by this plugin?
Or maybe output format need to be changed?
Use the new shasum summary file option
*Edit
my bad, checkable sums are being stored in artifacts-checksums.sha
Is this the only option? I would prefer to have individual *.sha256 files to be properly formatted
Please provide samples. It is unclear what you are asking for or what is going wrong.
samples:
your plugin produces *.sha256 file with following content:
775631779dbfdbdc164659e39ac6253fcefbec680b318fa6ad1bd56727a2792d
if I'll run
sha256sum -c README.sha256
I'll get an error
no properly formatted SHA256 checksum lines found
same time
sha256sum README >README.sha
command will produce README.sha with following content
775631779dbfdbdc164659e39ac6253fcefbec680b318fa6ad1bd56727a2792d README
then it can be verified using
sha256sum -c README.sha
What you are looking for is the summary file. Use something like the following in your pom file.
<plugin>
<groupId>net.ju-n.maven.plugins</groupId>
<artifactId>checksum-maven-plugin</artifactId>
<version>1.3</version>
<executions>
<execution>
<id>checksum-artifacts</id>
<phase>package</phase>
<goals>
<goal>artifacts</goal>
</goals>
<configuration>
<csvSummary>false</csvSummary>
<shasumSummary>true</shasumSummary>
<shasumSummaryFile>sha512-libs.sum/shasumSummaryFile>
<individualFiles>false</individualFiles>
<algorithms>
<algorithm>SHA-512</algorithm>
</algorithms>
<types>
<type>jar</type>
</types>
<scopes>
<scope>runtime</scope>
</scopes>
</configuration>
</execution>
</executions>
</plugin>Hello @bondolo,
sorry for keeping silence, your config will work for me as expected only if only one artifact per multi-module project will be produced.
What I need is to sign all project artifacts and produce 'individual' signatures, and give our user the straightforward algorithm on how it can be verified.
so I can put artifacts and signatures on our download page http://openmeetings.apache.org/downloads.html with instructions, and user can download/check it.
right now it is not possible, user need to compare hashes "visually"
maybe you can provide "linux compatible mode" for your plugin?
ping :)
I am using the plugin to generate shasum files from multiple artifacts which are then later checked with *nix shasum tool. This sounds to be exactly what you are looking for.
Perhaps you can post the checksum portion of your pom file?
I should mention that the use case you describe is exactly why I got involved with this project and I do believe what we have should work for what you need.
Thanks for the reply @bondolo :)
Here is the portion of pom.xml: https://github.com/apache/openmeetings/blob/3.2.x/pom.xml#L140
In the release I have at least 3 artifact per module (jar, source, javadoc)
and 4 main artifacts:
complete sources tgz+zip and complete binaries tgz+zip