Hi everyone,I've added a convenience bash script to check the release files checksums and gpg signature to the tools repository.
Hope this makes life easier :-) Best regards, Michael Brohl ecomify GmbH www.ecomify.de Am 21.06.17 um 14:55 schrieb mbr...@apache.org:
Author: mbrohl Date: Wed Jun 21 12:55:02 2017 New Revision: 1799436 URL: http://svn.apache.org/viewvc?rev=1799436&view=rev Log: Improved: Added a bash script to verify the release file, checking md5/sha checksums and the signature. Added: ofbiz/tools/verify-ofbiz-release.sh (with props) Added: ofbiz/tools/verify-ofbiz-release.sh URL: http://svn.apache.org/viewvc/ofbiz/tools/verify-ofbiz-release.sh?rev=1799436&view=auto ============================================================================== --- ofbiz/tools/verify-ofbiz-release.sh (added) +++ ofbiz/tools/verify-ofbiz-release.sh Wed Jun 21 12:55:02 2017 @@ -0,0 +1,79 @@ +#!/bin/bash + +# verify-ofbiz-release.sh +# checks the given release zip file for correct md5/SHA checksums and signing certificate +# see https://www.apache.org/dev/release-signing.html + +# color definitions for output +RED='\033[0;31m' +GRN='\033[0;32m' +NC='\033[0m' # No Color + +if [[ $# -eq 0 ]] ; then + echo "Usage: $0 [apache-ofbiz-xx.xx.xx.zip]" + exit 1 +fi + +checkMD5() { + file1=`gpg --print-md MD5 $1` + file2=`cut -d* -f1 $1.md5` + + echo "md5 check of file: $1" + echo "Using md5 file: $1.md5" + echo $file1 + echo $file2 + + if [ "$file1" != "$file2" ] + then + echo -e "${RED}md5 sums mismatch!${NC}" + else + echo -e "${GRN}md5 checksum OK${NC}" + fi + + echo "" + + return 0 +} + +checkSHA () { + file1=`gpg --print-md SHA512 $1` + file2=`cut -d* -f1 $1.sha` + + echo "sha check of file: $1" + echo "Using sha file: $1.sha" + echo $file1 + echo $file2 + + if [ "$file1" != "$file2" ] + then + echo -e "${RED}sha sums mismatch!${NC}" + else + echo -e "${GRN}sha checksum OK${NC}" + fi + + echo "" + + return 0 +} + +if [ ! -f $1.md5 ]; +then + echo -e "${RED}skipping md5 check!${NC} (md5 checksum file $1.md5 not found)\n" +else + checkMD5 $1 +fi + +if [ ! -f $1.sha ]; +then + echo -e "${RED}skipping sha check!${NC} (sha checksum file $1.sha not found)\n" +else + checkSHA $1 +fi + +if [ ! -f $1.asc ]; +then + echo -e "${RED}skipping signature check!${NC} (signature file $1.asc not found)" +else + echo "GPG verification output" + gpg --verify $1.asc $1 +fi Propchange: ofbiz/tools/verify-ofbiz-release.sh ------------------------------------------------------------------------------ svn:eol-style = native Propchange: ofbiz/tools/verify-ofbiz-release.sh ------------------------------------------------------------------------------ svn:executable = * Propchange: ofbiz/tools/verify-ofbiz-release.sh ------------------------------------------------------------------------------ svn:keywords = Date Rev Author URL Id Propchange: ofbiz/tools/verify-ofbiz-release.sh ------------------------------------------------------------------------------ svn:mime-type = text/plain
smime.p7s
Description: S/MIME Cryptographic Signature
