[
https://issues.apache.org/jira/browse/WW-4951?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16622394#comment-16622394
]
Yasser Zamani edited comment on WW-4951 at 9/20/18 5:39 PM:
------------------------------------------------------------
I could automate it via configuration at [1] which automatically upload a
{{csv}} file containing checksums for files in each artifact (e.g. [2] for
{{.m2/repository/org/apache/struts/struts2-parent/2.3.36}}). Is it OK?
[1] root {{pom.xml}}
{code:xml}
<plugin>
<groupId>net.nicoulaj.maven.plugins</groupId>
<artifactId>checksum-maven-plugin</artifactId>
<version>1.7</version>
<executions>
<execution>
<goals>
<goal>files</goal>
</goals>
</execution>
</executions>
<configuration>
<algorithms>
<algorithm>SHA-256</algorithm>
<algorithm>SHA-512</algorithm>
</algorithms>
<csvSummary>true</csvSummary>
<fileSets>
<fileSet>
<directory>${project.build.directory}</directory>
<includes>
<include>${project.artifactId}-${project.version}-*.zip</include>
<include>${project.artifactId}-${project.version}-javadoc.jar</include>
<include>${project.artifactId}-${project.version}-sources.jar</include>
<include>${project.artifactId}-${project.version}.jar</include>
<include>${project.artifactId}-${project.version}.pom</include>
</includes>
</fileSet>
</fileSets>
<failIfNoFiles>false</failIfNoFiles><!-- usually, no file to do checksum: don't
consider error -->
<individualFiles>false</individualFiles>
</configuration>
</plugin>
{code}
[2]
{{.m2/repository/org/apache/struts/struts2-parent/2.3.36/struts2-parent-2.3.36.csv}}
{code:none}
#File,SHA-256,SHA-512
struts2-parent-2.3.36-source-release.zip,61d5bdc80575a87f6d23a2c4ba826fbc383285bf4bed92a685c4f950ce674e83,8bfc87b216b628cea72d7ccf2cbe021206b957f654820b2ce7c45f735ed283d07d026770937cc1d12f60ac9a2578a64213db722d1b45d090b79a1f2dd47fc98b
struts2-parent-2.3.36.pom,9b0e1fadd6a6008f7aa927c8485e8f2559f961895980f37b27d519387ee032fe,8c770713d7d4aa97e6535ed813b92c03e3ad959755e5d04ea3f1f97fc2030debda7923773af5841d56de8321252851aa359a69c97cc7d46b852fe81da8db293d
{code}
was (Author: yasser.zamani):
I could automate it via configuration at [1] which automatically upload a
{{csv}} file containing checksums for files in each artifact (e.g. [2] for
{{.m2/repository/org/apache/struts/struts2-parent/2.3.36}}). Is it OK?
[1] root {{pom.xml}}
{code:xml}
<plugin>
<groupId>net.nicoulaj.maven.plugins</groupId>
<artifactId>checksum-maven-plugin</artifactId>
<version>1.7</version>
<executions>
<execution>
<goals>
<goal>files</goal>
</goals>
</execution>
</executions>
<configuration>
<algorithms>
<algorithm>SHA-256</algorithm>
<algorithm>SHA-512</algorithm>
</algorithms>
<csvSummary>false</csvSummary>
<fileSets>
<fileSet>
<directory>${project.build.directory}</directory>
<includes>
<include>${project.artifactId}-${project.version}-*.zip</include>
<include>${project.artifactId}-${project.version}-javadoc.jar</include>
<include>${project.artifactId}-${project.version}-sources.jar</include>
<include>${project.artifactId}-${project.version}.jar</include>
<include>${project.artifactId}-${project.version}.pom</include>
</includes>
</fileSet>
</fileSets>
<failIfNoFiles>false</failIfNoFiles><!-- usually, no file to do checksum: don't
consider error -->
<individualFiles>false</individualFiles>
</configuration>
</plugin>
{code}
[2]
{{.m2/repository/org/apache/struts/struts2-parent/2.3.36/struts2-parent-2.3.36.csv}}
{code:none}
#File,SHA-256,SHA-512
struts2-parent-2.3.36-source-release.zip,61d5bdc80575a87f6d23a2c4ba826fbc383285bf4bed92a685c4f950ce674e83,8bfc87b216b628cea72d7ccf2cbe021206b957f654820b2ce7c45f735ed283d07d026770937cc1d12f60ac9a2578a64213db722d1b45d090b79a1f2dd47fc98b
struts2-parent-2.3.36.pom,9b0e1fadd6a6008f7aa927c8485e8f2559f961895980f37b27d519387ee032fe,8c770713d7d4aa97e6535ed813b92c03e3ad959755e5d04ea3f1f97fc2030debda7923773af5841d56de8321252851aa359a69c97cc7d46b852fe81da8db293d
{code}
> MD5 and SHA1 should no longer be provided on download pages
> ------------------------------------------------------------
>
> Key: WW-4951
> URL: https://issues.apache.org/jira/browse/WW-4951
> Project: Struts 2
> Issue Type: Bug
> Reporter: Sebb
> Priority: Major
> Fix For: 2.6, 2.3.36, 2.5.18
>
>
> As the subject says:
> MD5 and SHA1 are deprecated and should no longer be provided on download
> pages:
> http://www.apache.org/dev/release-distribution#sigs-and-sums
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
