The script was patched with a line like this: echo " subversion-1.10.2.tar.bz2" >> subversion-1.10.2.tar.bz2.sha512
On 09/22/2018 09:39 AM, Adam Jensen wrote: >>From the recommended release page: > https://subversion.apache.org/download.cgi#recommended-release > > The Checksum (SHA512) file: > https://www.apache.org/dist/subversion/subversion-1.10.2.tar.bz2.sha512 > > Contains: > ccbe860ec93a198745e40620cb7e005a85797e344a99ddbc0e24c32ad846976eae35cf5b3d62ba5751b998f0d40bbebbba72f484d92c92693bbb2112c989b129 > > In order to check the hash of the file using a command like this: > sha512sum --check subversion-1.10.2.tar.bz2.sha512 > > Shouldn't the format of that file (subversion-1.10.2.tar.bz2.sha512) be > something like this: > ccbe860ec93a198745e40620cb7e005a85797e344a99ddbc0e24c32ad846976eae35cf5b3d62ba5751b998f0d40bbebbba72f484d92c92693bbb2112c989b129 > subversion-1.10.2.tar.bz2 > > That is, it should contain the hash AND the file name. > > Given the current situation, can anyone think of a shell script blurb to > download the files then verify with the hash? Normally, I would do it > with something like this: > > #!/usr/bin/env bash > FILE=subversion-1.10.2.tar.bz2 > if [ ! -f $FILE ]; then > echo "Fetching $FILE" > wget http://www-eu.apache.org/dist/subversion/subversion-1.10.2.tar.bz2 > fi > FILE=subversion-1.10.2.tar.bz2.sha512 > if [ ! -f $FILE ]; then > echo "Fetching $FILE" > wget > https://www.apache.org/dist/subversion/subversion-1.10.2.tar.bz2.sha512 > fi > sha512sum --check subversion-1.10.2.tar.bz2.sha512 || exit 1 > # and the script continues... > >
