Hi Nils, thanks for your quick response!
Yeah, calculating the checksum yourself kind of defeats the purpose (since
we don't know if the file is the right one).
Although that's true I could use another available checksum, verify it and
then calculate the sha256.
But it would add complexity to the automated workflow I'm working on. I'll
fill a request ticket then.
Thanks!
Le jeu. 14 sept. 2023 à 18:17, Nils Breunese <n...@breun.nl> a écrit :
> Hi Alexis,
>
> I don’t know if SHA-256 hashes are published anywhere, but after verifying
> the other hashes that are published on Maven Central, you could calculate
> the SHA-256 hashes yourself. (I’m sorry if I’m being Captain Obvious here.)
>
> For the Maven distribution:
>
> ❯ shasum -a 256
> ~/.m2/wrapper/dists/apache-maven-3.9.4-bin/*/apache-maven-3.9.4-bin.zip |
> awk ‘{ print $1 }'
> e896b60329a71b719d77bb4388b251a50aebcd73c62f69d510c858ce360afe0f
>
> And for the Maven Wrapper JAR in your project:
>
> ❯ shasum -a 256 .mvn/wrapper/maven-wrapper.jar | awk '{ print $1 }'
> e63a53cfb9c4d291ebe3c2b0edacb7622bbc480326beaa5a0456e412f52f066a
>
> But yes, I agree it would be nicer if Maven Central and/or release notes
> would contain the SHA-256 hashes for use with this feature. Maybe open a
> request ticket for that (
> https://issues.apache.org/jira/secure/CreateIssue!default.jspa)?
>
> Nils.
>
> > Op 14 sep. 2023, om 16:29 heeft Alexis Tual <at...@gradle.com> het
> volgende geschreven:
> >
> > Hi,
> >
> > I noticed the Maven wrapper supports setting the sha256 for both the
> > distributions and the wrapper jar:
> >
> https://maven.apache.org/wrapper/#checksum-verification-of-downloaded-binaries
> > .
> > However I could not find those checksums in
> > https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/ nor
> >
> https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper
> .
> > Where are they located?
> >
> > Thanks for your help!
> >
> > --
> >
> > Alexis Tual
>
--
Alexis Tual
Senior Software Engineer
W. gradle.com <https://gradle.com/>
--
*
CONFIDENTIALITY NOTICE*: The contents of this email message, and any
attachments, are intended solely for the addressee(s) and may contain
confidential, proprietary and/or privileged information legally protected
from disclosure. If you are not the intended recipient of this
communication, or if you received this communication by mistake, please
notify the sender immediately and delete this message and any attachments.
If you are not the intended recipient, you are hereby notified that any
use, retransmission, dissemination, copying or storage of this message or
its attachments is strictly prohibited.
