(maven-wrapper) branch master updated: Add --strict flag to sha256sum verification

Sat, 17 Jan 2026 00:38:26 -0800 

This is an automated email from the ASF dual-hosted git repository.

slachiewicz pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/maven-wrapper.git


The following commit(s) were added to refs/heads/master by this push:
     new 4ab5304  Add --strict flag to sha256sum verification
4ab5304 is described below

commit 4ab5304132fe4287fea8c0f3961ab0675d5ff47a
Author: Emil Lindholm Brandt <[email protected]>
AuthorDate: Sat Jan 17 07:24:10 2026 +0100

    Add --strict flag to sha256sum verification
    
    Without it, the macOS implementation exits with code 0 for malformed input, 
triggering a false positive
---
 maven-wrapper-distribution/src/resources/mvnw      | 2 +-
 maven-wrapper-distribution/src/resources/only-mvnw | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/maven-wrapper-distribution/src/resources/mvnw 
b/maven-wrapper-distribution/src/resources/mvnw
index 6deb5c2..df1a80a 100755
--- a/maven-wrapper-distribution/src/resources/mvnw
+++ b/maven-wrapper-distribution/src/resources/mvnw
@@ -290,7 +290,7 @@ done 
<"$MAVEN_PROJECTBASEDIR/.mvn/wrapper/maven-wrapper.properties"
 if [ -n "$wrapperSha256Sum" ]; then
   wrapperSha256Result=false
   if command -v sha256sum >/dev/null; then
-    if echo "$wrapperSha256Sum  $wrapperJarPath" | sha256sum -c - >/dev/null 
2>&1; then
+    if echo "$wrapperSha256Sum  $wrapperJarPath" | sha256sum -c --strict - 
>/dev/null 2>&1; then
       wrapperSha256Result=true
     fi
   elif command -v shasum >/dev/null; then
diff --git a/maven-wrapper-distribution/src/resources/only-mvnw 
b/maven-wrapper-distribution/src/resources/only-mvnw
index 9337313..b4861c0 100755
--- a/maven-wrapper-distribution/src/resources/only-mvnw
+++ b/maven-wrapper-distribution/src/resources/only-mvnw
@@ -230,7 +230,7 @@ if [ -n "${distributionSha256Sum-}" ]; then
     echo "Please disable validation by removing 'distributionSha256Sum' from 
your maven-wrapper.properties." >&2
     exit 1
   elif command -v sha256sum >/dev/null; then
-    if echo "$distributionSha256Sum  $TMP_DOWNLOAD_DIR/$distributionUrlName" | 
sha256sum -c - >/dev/null 2>&1; then
+    if echo "$distributionSha256Sum  $TMP_DOWNLOAD_DIR/$distributionUrlName" | 
sha256sum -c --strict - >/dev/null 2>&1; then
       distributionSha256Result=true
     fi
   elif command -v shasum >/dev/null; then

Reply via email to