Hi Jacques,
why should we change the checksum algorithm now, for this release? I
would leave it as is and introduce another one beginning with trunk.
For the shasum part: the program is needed for the checks, like other
programs (curl/wget, grep, whereis) are needed also. The script clearly
states that when shasum is missing. I see no problem with that.
Best regards,
Michael Brohl
ecomify GmbH - www.ecomify.de
Am 10.04.21 um 14:16 schrieb jler...@apache.org:
Hi,
I think we should at least discuss the 2 points below before releasing
17.12.07
Thanks
Jacques
Le 10/04/2021 à 14:10, jler...@apache.org a écrit :
This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch release17.12
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
The following commit(s) were added to refs/heads/release17.12 by this
push:
new 564b605 Improved: Replace Bintray by a new place to upload
the Gradle Wrapper (OFBIZ-12192)
564b605 is described below
commit 564b605d5509cd85f8d7b6355b4ebe62280e5686
Author: Jacques Le Roux <jacques.le.r...@les7arts.com>
AuthorDate: Sat Apr 10 14:10:43 2021 +0200
Improved: Replace Bintray by a new place to upload the Gradle
Wrapper (OFBIZ-12192)
The checksum part was missing in Windows
init-gradle-wrapper.ps1 script
I have noticed 2 points:
1. We should use SHA256, not SHA1
2. The unix-like shell script in OFBiz misses checksum
verification in case
shasum command is not installed. In other words, if I launch the
script it would
fail with "shasum not found, the downloaded files could not be
verified".
However, the file will be kept there, so the user could launch
unverified jar.
Last point was reported by Vladimir Sitnikov at LEGAL-288
---
gradle/init-gradle-wrapper.ps1 | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/gradle/init-gradle-wrapper.ps1
b/gradle/init-gradle-wrapper.ps1
index c4911bd..2401147 100644
--- a/gradle/init-gradle-wrapper.ps1
+++ b/gradle/init-gradle-wrapper.ps1
@@ -25,6 +25,14 @@ If ($ExecutionContext.SessionState.LanguageMode
-eq "ConstrainedLanguage") {
Invoke-WebRequest -outf gradle\wrapper\gradle-wrapper.jar
https://github.com/gradle/gradle/raw/v4.5.1/gradle/wrapper/gradle-wrapper.jar
}
+$expected = "00d0743607178962f8b120da4ccad2c64c698aec"
+$actual = (Get-FileHash gradle\wrapper\gradle-wrapper.jar -Algorithm
SHA1).Hash.ToLower()
+@{$true = 'OK: Checksum match'; $false = "ERROR: Checksum
mismatch!`nExpected: $expected`nActual: $actual"}[$actual -eq $expected]
+
+if (!$true) {
+ Remove-Item gradle\wrapper\gradle-wrapper.jar
+ }
+
#Write-Host $ExecutionContext.SessionState.LanguageMode
Start-Sleep -s 3