Adam Jensen wrote on Sat, 22 Sep 2018 09:39 -0400: > Given the current situation, can anyone think of a shell script blurb to > download the files then verify with the hash?
wget .../subversion-1.10.2.tar.bz2 wget https://www.apache.org/dist/subversion/subversion-1.10.2.tar.bz2.sha512 sha512sum subversion-1.10.2.tar.bz2 | grep -x -- "$(cat < subversion-1.10.2.tar.bz2.sha512)" > Normally, I would do it with something like this: > > #!/usr/bin/env bash > FILE=subversion-1.10.2.tar.bz2 > if [ ! -f $FILE ]; then > echo "Fetching $FILE" > wget http://www-eu.apache.org/dist/subversion/subversion-1.10.2.tar.bz2 Please don't download the artifacts from www*.apache.org but from a mirror. I think there is a redirector CGI somewhere that automatically redirects you to a mirror close to you, but I can't find it :( (The checksum files, in contrast, are intentionally available *only* from www*.apache.org.) > sha512sum --check subversion-1.10.2.tar.bz2.sha512 || exit 1 One reason for not creating the file in the form "${hash}${two_spaces}${filename}" is that not everyone uses sha512sum from GNU coreutils. If there were additional information in the file besides the hash value, people not on linux would have had to sed it out. Cheers, Daniel
