Question about Checksum for Maven 3.8.6

[Nathan Sit <ns...@gmail.com>]

Hi,

I’m new to this (basically googled how to do checksum), but the checksum doesn’t seem to match for the file: 
> apache-maven-3.8.6-bin.tar.gz

I got both the checksum and the file from the Download page:
> https://maven.apache.org/download.cgi

I ran this on iTerm (M1 Mac if that matters, Monterey 12.4)
> openssl sha512 apache-maven-3.8.6-bin.tar

The outputted checksum was:
> SHA512(apache-maven-3.8.6-bin.tar)= 1369abc75cb3e74ca51ae5685e0a940528e390da5e83cd69f62644a107399c6dc84c68e23f09267331fc1ee90903ad69a3f73469064ce0c531fcce4574d2dada

This doesn’t match with the checksum from apache-haven-3.8.6-bin.tar.gz.sha512 which has this instead:
f790857f3b1f90ae8d16281f902c689e4f136ebe584aba45e4b1fa66c80cba826d3e0e52fdd04ed44b4c66f6d3fe3584a057c26dfcac544a60b301e6d0f91c26
Am I missing something here? I plan to use the file anyways but wanted ask to be sure I’m not using the wrong command for checksum in the future. Perhaps I should have checked the signature instead? Totally unsure. At the very least, hopefully you guys are the right ones to message about this. If not, sorry for the trouble.

Best,
Nathan

Re: Question about Checksum for Maven 3.8.6

[Michael Osipov <mi...@apache.org>]

Am 2022-07-09 um 02:00 schrieb Nathan Sit:
> Hi,
> 
> I’m new to this (basically googled how to do checksum), but the checksum doesn’t seem to match for the file:
>> apache-maven-3.8.6-bin.tar.gz
> 
> I got both the checksum and the file from the Download page:
>> https://maven.apache.org/download.cgi
> 
> I ran this on iTerm (M1 Mac if that matters, Monterey 12.4)
>> openssl sha512 apache-maven-3.8.6-bin.tar
> 
> The outputted checksum was:
>> SHA512(apache-maven-3.8.6-bin.tar)= 1369abc75cb3e74ca51ae5685e0a940528e390da5e83cd69f62644a107399c6dc84c68e23f09267331fc1ee90903ad69a3f73469064ce0c531fcce4574d2dada
> 
> This doesn’t match with the checksum from apache-haven-3.8.6-bin.tar.gz.sha512 which has this instead:
> f790857f3b1f90ae8d16281f902c689e4f136ebe584aba45e4b1fa66c80cba826d3e0e52fdd04ed44b4c66f6d3fe3584a057c26dfcac544a60b301e6d0f91c26
> Am I missing something here? I plan to use the file anyways but wanted ask to be sure I’m not using the wrong command for checksum in the future. Perhaps I should have checked the signature instead? Totally unsure. At the very least, hopefully you guys are the right ones to message about this. If not, sorry for the trouble.


WFM:
$ curl -sq 
https://dlcdn.apache.org/maven/maven-3/3.8.6/binaries/apache-maven-3.8.6-bin.tar.gz 
| sha512sum.exe
f790857f3b1f90ae8d16281f902c689e4f136ebe584aba45e4b1fa66c80cba826d3e0e52fdd04ed44b4c66f6d3fe3584a057c26dfcac544a60b301e6d0f91c26 
*-
$ curl -sq 
https://downloads.apache.org/maven/maven-3/3.8.6/binaries/apache-maven-3.8.6-bin.tar.gz.sha512
f790857f3b1f90ae8d16281f902c689e4f136ebe584aba45e4b1fa66c80cba826d3e0e52fdd04ed44b4c66f6d3fe3584a057c26dfcac544a60b301e6d0f91c26

Wrong mailing list, wrong file used with OpenSSL.

M


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org

Re: Question about Checksum for Maven 3.8.6

[András Péteri <ap...@b2international.com>]

Hi Nathan,

I think macOS/Safari unpacks archives on successful download automatically,
and it looks like you were trying to compute the checksum for the
un-gzipped .tar version of the archive instead of the .tar.gz version,
hence the mismatch. (I also think this is what Michael referred to as
"wrong file used with OpenSSL".)

On Sat, Jul 9, 2022 at 1:13 PM Slawomir Jaranowski <s....@gmail.com>
wrote:

> Hi,
>
> My test
>
> System Version: macOS 12.3.1 (21E258)
>
> curl -sq
>
> https://dlcdn.apache.org/maven/maven-3/3.8.6/binaries/apache-maven-3.8.6-bin.tar.gz
> | openssl sha512
>
> f790857f3b1f90ae8d16281f902c689e4f136ebe584aba45e4b1fa66c80cba826d3e0e52fdd04ed44b4c66f6d3fe3584a057c26dfcac544a60b301e6d0f91c26
>
> So it looks ok.
>
>
>
> sob., 9 lip 2022 o 09:11 Nathan Sit <ns...@gmail.com> napisał(a):
>
> > Hi,
> >
> > I’m new to this (basically googled how to do checksum), but the checksum
> > doesn’t seem to match for the file:
> > > apache-maven-3.8.6-bin.tar.gz
> >
> > I got both the checksum and the file from the Download page:
> > > https://maven.apache.org/download.cgi
> >
> > I ran this on iTerm (M1 Mac if that matters, Monterey 12.4)
> > > openssl sha512 apache-maven-3.8.6-bin.tar
> >
> > The outputted checksum was:
> > > SHA512(apache-maven-3.8.6-bin.tar)=
> >
> 1369abc75cb3e74ca51ae5685e0a940528e390da5e83cd69f62644a107399c6dc84c68e23f09267331fc1ee90903ad69a3f73469064ce0c531fcce4574d2dada
> >
> > This doesn’t match with the checksum from
> > apache-haven-3.8.6-bin.tar.gz.sha512 which has this instead:
> >
> >
> f790857f3b1f90ae8d16281f902c689e4f136ebe584aba45e4b1fa66c80cba826d3e0e52fdd04ed44b4c66f6d3fe3584a057c26dfcac544a60b301e6d0f91c26
> > Am I missing something here? I plan to use the file anyways but wanted
> ask
> > to be sure I’m not using the wrong command for checksum in the future.
> > Perhaps I should have checked the signature instead? Totally unsure. At
> the
> > very least, hopefully you guys are the right ones to message about this.
> If
> > not, sorry for the trouble.
> >
> > Best,
> > Nathan
>
>
>
> --
> Sławomir Jaranowski
>


Regards,
András

Re: Question about Checksum for Maven 3.8.6

[Slawomir Jaranowski <s....@gmail.com>]

Hi,

My test

System Version: macOS 12.3.1 (21E258)

curl -sq
https://dlcdn.apache.org/maven/maven-3/3.8.6/binaries/apache-maven-3.8.6-bin.tar.gz
| openssl sha512
f790857f3b1f90ae8d16281f902c689e4f136ebe584aba45e4b1fa66c80cba826d3e0e52fdd04ed44b4c66f6d3fe3584a057c26dfcac544a60b301e6d0f91c26

So it looks ok.



sob., 9 lip 2022 o 09:11 Nathan Sit <ns...@gmail.com> napisał(a):

> Hi,
>
> I’m new to this (basically googled how to do checksum), but the checksum
> doesn’t seem to match for the file:
> > apache-maven-3.8.6-bin.tar.gz
>
> I got both the checksum and the file from the Download page:
> > https://maven.apache.org/download.cgi
>
> I ran this on iTerm (M1 Mac if that matters, Monterey 12.4)
> > openssl sha512 apache-maven-3.8.6-bin.tar
>
> The outputted checksum was:
> > SHA512(apache-maven-3.8.6-bin.tar)=
> 1369abc75cb3e74ca51ae5685e0a940528e390da5e83cd69f62644a107399c6dc84c68e23f09267331fc1ee90903ad69a3f73469064ce0c531fcce4574d2dada
>
> This doesn’t match with the checksum from
> apache-haven-3.8.6-bin.tar.gz.sha512 which has this instead:
>
> f790857f3b1f90ae8d16281f902c689e4f136ebe584aba45e4b1fa66c80cba826d3e0e52fdd04ed44b4c66f6d3fe3584a057c26dfcac544a60b301e6d0f91c26
> Am I missing something here? I plan to use the file anyways but wanted ask
> to be sure I’m not using the wrong command for checksum in the future.
> Perhaps I should have checked the signature instead? Totally unsure. At the
> very least, hopefully you guys are the right ones to message about this. If
> not, sorry for the trouble.
>
> Best,
> Nathan



-- 
Sławomir Jaranowski