(maven-wrapper) branch master updated: Print computed checksum on validation failure (#366)

Sat, 31 Jan 2026 04:50:27 -0800 

This is an automated email from the ASF dual-hosted git repository.

elharo pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/maven-wrapper.git


The following commit(s) were added to refs/heads/master by this push:
     new 78afa6e  Print computed checksum on validation failure (#366)
78afa6e is described below

commit 78afa6e66a0ef1f312e06aabd8790b201e0008fa
Author: Michael Bien <[email protected]>
AuthorDate: Sat Jan 31 13:50:14 2026 +0100

    Print computed checksum on validation failure (#366)
    
    simplifies the upgrade process a little bit
---
 maven-wrapper-distribution/src/resources/only-mvnw | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/maven-wrapper-distribution/src/resources/only-mvnw 
b/maven-wrapper-distribution/src/resources/only-mvnw
index 402d622..6d8e3f8 100755
--- a/maven-wrapper-distribution/src/resources/only-mvnw
+++ b/maven-wrapper-distribution/src/resources/only-mvnw
@@ -225,6 +225,7 @@ fi
 # If specified, validate the SHA-256 sum of the Maven distribution zip file
 if [ -n "${distributionSha256Sum-}" ]; then
   distributionSha256Result=false
+  computedSha256Sum=""
   if [ "$MVN_CMD" = mvnd.sh ]; then
     echo "Checksum validation is not supported for maven-mvnd." >&2
     echo "Please disable validation by removing 'distributionSha256Sum' from 
your maven-wrapper.properties." >&2
@@ -232,10 +233,14 @@ if [ -n "${distributionSha256Sum-}" ]; then
   elif command -v sha256sum >/dev/null; then
     if echo "$distributionSha256Sum  $TMP_DOWNLOAD_DIR/$distributionUrlName" | 
sha256sum -c --strict - >/dev/null 2>&1; then
       distributionSha256Result=true
+    else
+      computedSha256Sum=$(sha256sum "$TMP_DOWNLOAD_DIR/$distributionUrlName" | 
cut -b -64)
     fi
   elif command -v shasum >/dev/null; then
     if echo "$distributionSha256Sum  $TMP_DOWNLOAD_DIR/$distributionUrlName" | 
shasum -a 256 -c >/dev/null 2>&1; then
       distributionSha256Result=true
+    else
+      computedSha256Sum=$(shasum "$TMP_DOWNLOAD_DIR/$distributionUrlName" | 
cut -b -64)
     fi
   else
     echo "Checksum validation was requested but neither 'sha256sum' or 
'shasum' are available." >&2
@@ -245,6 +250,8 @@ if [ -n "${distributionSha256Sum-}" ]; then
   if [ $distributionSha256Result = false ]; then
     echo "Error: Failed to validate Maven distribution SHA-256, your Maven 
distribution might be compromised." >&2
     echo "If you updated your Maven version, you need to update the specified 
distributionSha256Sum property." >&2
+    echo "expected: $distributionSha256Sum" >&2
+    echo "received: $computedSha256Sum" >&2
     exit 1
   fi
 fi

Reply via email to