elharo commented on code in PR #398:
URL: https://github.com/apache/maven-wrapper/pull/398#discussion_r2749530047
##########
maven-wrapper-distribution/src/resources/only-mvnw:
##########
@@ -249,6 +250,33 @@ if [ -n "${distributionSha256Sum-}" ]; then
fi
fi
+# If specified, validate the SHA-512 sum of the Maven distribution zip file
+if [ -n "${distributionSha512Sum-}" ]; then
+ distributionSha512Result=false
+ if [ "$MVN_CMD" = mvnd.sh ]; then
+ echo "Checksum validation is not supported for maven-mvnd." >&2
+ echo "Please disable validation by removing 'distributionSha512Sum' from
your maven-wrapper.properties." >&2
+ exit 1
+ elif command -v sha512sum >/dev/null; then
+ if echo "$distributionSha512Sum $TMP_DOWNLOAD_DIR/$distributionUrlName" |
sha512sum -c - >/dev/null 2>&1; then
+ distributionSha512Result=true
+ fi
+ elif command -v shasum >/dev/null; then
+ if echo "$distributionSha512Sum $TMP_DOWNLOAD_DIR/$distributionUrlName" |
shasum -a 512 -c >/dev/null 2>&1; then
+ distributionSha512Result=true
+ fi
+ else
+ echo "Checksum validation was requested but neither 'sha512sum' or
'shasum' are available." >&2
+ echo "Please install either command, or disable validation by removing
'distributionSha512Sum' from your maven-wrapper.properties." >&2
+ exit 1
+ fi
+ if [ $distributionSha512Result = false ]; then
+ echo "Error: Failed to validate Maven distribution SHA-512, your Maven
distribution might be compromised." >&2
Review Comment:
run-on sentence
##########
maven-wrapper-distribution/src/resources/only-mvnw:
##########
@@ -249,6 +250,33 @@ if [ -n "${distributionSha256Sum-}" ]; then
fi
fi
+# If specified, validate the SHA-512 sum of the Maven distribution zip file
+if [ -n "${distributionSha512Sum-}" ]; then
+ distributionSha512Result=false
+ if [ "$MVN_CMD" = mvnd.sh ]; then
+ echo "Checksum validation is not supported for maven-mvnd." >&2
+ echo "Please disable validation by removing 'distributionSha512Sum' from
your maven-wrapper.properties." >&2
+ exit 1
+ elif command -v sha512sum >/dev/null; then
+ if echo "$distributionSha512Sum $TMP_DOWNLOAD_DIR/$distributionUrlName" |
sha512sum -c - >/dev/null 2>&1; then
+ distributionSha512Result=true
+ fi
+ elif command -v shasum >/dev/null; then
+ if echo "$distributionSha512Sum $TMP_DOWNLOAD_DIR/$distributionUrlName" |
shasum -a 512 -c >/dev/null 2>&1; then
+ distributionSha512Result=true
+ fi
+ else
+ echo "Checksum validation was requested but neither 'sha512sum' or
'shasum' are available." >&2
Review Comment:
or --> nor
##########
maven-wrapper-distribution/src/resources/only-mvnw.cmd:
##########
@@ -146,6 +146,18 @@ if ($distributionSha256Sum) {
}
}
+# If specified, validate the SHA-512 sum of the Maven distribution zip file
+$distributionSha512Sum = (Get-Content -Raw
"$scriptDir/.mvn/wrapper/maven-wrapper.properties" |
ConvertFrom-StringData).distributionSha512Sum
+if ($distributionSha512Sum) {
+ if ($USE_MVND) {
+ Write-Error "Checksum validation is not supported for maven-mvnd. `nPlease
disable validation by removing 'distributionSha512Sum' from your
maven-wrapper.properties."
Review Comment:
remove nPlease
##########
maven-wrapper-distribution/src/resources/only-mvnw.cmd:
##########
@@ -146,6 +146,18 @@ if ($distributionSha256Sum) {
}
}
+# If specified, validate the SHA-512 sum of the Maven distribution zip file
+$distributionSha512Sum = (Get-Content -Raw
"$scriptDir/.mvn/wrapper/maven-wrapper.properties" |
ConvertFrom-StringData).distributionSha512Sum
+if ($distributionSha512Sum) {
+ if ($USE_MVND) {
+ Write-Error "Checksum validation is not supported for maven-mvnd. `nPlease
disable validation by removing 'distributionSha512Sum' from your
maven-wrapper.properties."
+ }
+ Import-Module $PSHOME\Modules\Microsoft.PowerShell.Utility -Function
Get-FileHash
+ if ((Get-FileHash "$TMP_DOWNLOAD_DIR/$distributionUrlName" -Algorithm
SHA512).Hash.ToLower() -ne $distributionSha512Sum) {
+ Write-Error "Error: Failed to validate Maven distribution SHA-512, your
Maven distribution might be compromised. If you updated your Maven version, you
need to update the specified distributionSha512Sum property."
Review Comment:
run-on sentence
##########
maven-wrapper-distribution/src/resources/only-mvnw:
##########
@@ -249,6 +250,33 @@ if [ -n "${distributionSha256Sum-}" ]; then
fi
fi
+# If specified, validate the SHA-512 sum of the Maven distribution zip file
+if [ -n "${distributionSha512Sum-}" ]; then
+ distributionSha512Result=false
+ if [ "$MVN_CMD" = mvnd.sh ]; then
+ echo "Checksum validation is not supported for maven-mvnd." >&2
+ echo "Please disable validation by removing 'distributionSha512Sum' from
your maven-wrapper.properties." >&2
+ exit 1
+ elif command -v sha512sum >/dev/null; then
+ if echo "$distributionSha512Sum $TMP_DOWNLOAD_DIR/$distributionUrlName" |
sha512sum -c - >/dev/null 2>&1; then
+ distributionSha512Result=true
+ fi
+ elif command -v shasum >/dev/null; then
+ if echo "$distributionSha512Sum $TMP_DOWNLOAD_DIR/$distributionUrlName" |
shasum -a 512 -c >/dev/null 2>&1; then
+ distributionSha512Result=true
+ fi
+ else
+ echo "Checksum validation was requested but neither 'sha512sum' or
'shasum' are available." >&2
+ echo "Please install either command, or disable validation by removing
'distributionSha512Sum' from your maven-wrapper.properties." >&2
Review Comment:
no Please
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
