Re: [ofbiz-framework] branch release17.12 updated: Improved: Replace Bintray by a new place to upload the Gradle Wrapper (OFBIZ-12192)

Sun, 11 Apr 2021 06:31:27 -0700 

Hi Jacques,
why should we change the checksum algorithm now, for this release? I would leave it as is and introduce another one beginning with trunk. 


For the shasum part: the program is needed for the checks, like other 
programs (curl/wget, grep, whereis) are needed also. The script clearly 
states that when shasum is missing. I see no problem with that.


Best regards,

Michael Brohl

ecomify GmbH - www.ecomify.de


Am 10.04.21 um 14:16 schrieb jler...@apache.org:

Hi,


I think we should at least discuss the 2 points below before releasing 
17.12.07


Thanks

Jacques

Le 10/04/2021 à 14:10, jler...@apache.org a écrit :

This is an automated email from the ASF dual-hosted git repository.

jleroux pushed a commit to branch release17.12
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git



The following commit(s) were added to refs/heads/release17.12 by this 
push:
      new 564b605  Improved: Replace Bintray by a new place to upload 
the Gradle Wrapper (OFBIZ-12192)

564b605 is described below

commit 564b605d5509cd85f8d7b6355b4ebe62280e5686
Author: Jacques Le Roux <jacques.le.r...@les7arts.com>
AuthorDate: Sat Apr 10 14:10:43 2021 +0200


     Improved: Replace Bintray by a new place to upload the Gradle 
Wrapper (OFBIZ-12192)
          The checksum part was missing in Windows 
init-gradle-wrapper.ps1 script

          I have noticed 2 points:
     1. We should use SHA256, not SHA1

     2. The unix-like shell script in OFBiz misses checksum 
verification in case
     shasum command is not installed. In other words, if I launch the 
script it would
     fail with "shasum not found, the downloaded files could not be 
verified".
     However, the file will be kept there, so the user could launch 
unverified jar.

          Last point was reported by Vladimir Sitnikov at LEGAL-288
---
  gradle/init-gradle-wrapper.ps1 | 8 ++++++++
  1 file changed, 8 insertions(+)


diff --git a/gradle/init-gradle-wrapper.ps1 
b/gradle/init-gradle-wrapper.ps1

index c4911bd..2401147 100644
--- a/gradle/init-gradle-wrapper.ps1
+++ b/gradle/init-gradle-wrapper.ps1

@@ -25,6 +25,14 @@ If ($ExecutionContext.SessionState.LanguageMode 
-eq "ConstrainedLanguage") {
      Invoke-WebRequest -outf gradle\wrapper\gradle-wrapper.jar 
https://github.com/gradle/gradle/raw/v4.5.1/gradle/wrapper/gradle-wrapper.jar 


  }
  +$expected = "00d0743607178962f8b120da4ccad2c64c698aec"

+$actual = (Get-FileHash gradle\wrapper\gradle-wrapper.jar -Algorithm 
SHA1).Hash.ToLower()
+@{$true = 'OK: Checksum match'; $false = "ERROR: Checksum 
mismatch!`nExpected: $expected`nActual: $actual"}[$actual -eq $expected]

+
+if (!$true)  {
+    Remove-Item gradle\wrapper\gradle-wrapper.jar
+    }
+
  #Write-Host $ExecutionContext.SessionState.LanguageMode
    Start-Sleep -s 3






















					Reply via email to