Hi,
Am Sonntag, den 16.12.2007, 10:58 -0500 schrieb Richard S. Hall:
> A couple of questions. I don't know if it is just me, but I can verify
> md5 and sha1 sums, however I must do it manually as opposed to just doing:
>
> md5sum -c filename.md5
>
> For me, md5sum and sha1sum are expecting a file in the form of:
>
> b8596e4574cdb9192a5483cb0fb805f9d2e26c3d maven-scr-plugin-1.0.0.jar
The sums apply to the 'same named file', e.g. the file XYZ.jar.md5
applies to the file XYZ.jar. That is each file has its own checksum
file, therefore repeating the file names in the checksum file is
somewhat overkill.
I use openssl to verify the checksum:
MD5_GENERATED=`openssl md5 < ${NAME}`
MD5_NAME="${NAME}.md5"
MD5_DOWNLOADED=`cat ${MD5_NAME}`
echo [ OK ] MD5 Checksum file is ${MD5_NAME}
if [ "${MD5_GENERATED}" == "${MD5_DOWNLOADED}" ] ; then
echo [ OK ] MD5 Checksum verified
else
echo [FAIL] MD5 Checksum
echo [FAIL] \ \ Expected Checksum : ${MD5_DOWNLOADED}
echo [FAIL] \ \ Actual Checksumi : ${MD5_GENERATED}
fi
> Also, I notice that the POM depends on com.thoughtworks.qdox, but I
> don't see any mention of the copyrights in the NOTICE file.
Outsch ... This would have to turn my +1 into a -1, right ?
Regards
Felix
