You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ofbiz.apache.org by mb...@apache.org on 2017/06/21 12:55:02 UTC
svn commit: r1799436 - /ofbiz/tools/verify-ofbiz-release.sh
Author: mbrohl
Date: Wed Jun 21 12:55:02 2017
New Revision: 1799436
URL: http://svn.apache.org/viewvc?rev=1799436&view=rev
Log:
Improved: Added a bash script to verify the release file, checking md5/sha checksums and the signature.
Added:
ofbiz/tools/verify-ofbiz-release.sh (with props)
Added: ofbiz/tools/verify-ofbiz-release.sh
URL: http://svn.apache.org/viewvc/ofbiz/tools/verify-ofbiz-release.sh?rev=1799436&view=auto
==============================================================================
--- ofbiz/tools/verify-ofbiz-release.sh (added)
+++ ofbiz/tools/verify-ofbiz-release.sh Wed Jun 21 12:55:02 2017
@@ -0,0 +1,79 @@
+#!/bin/bash
+
+# verify-ofbiz-release.sh
+# checks the given release zip file for correct md5/SHA checksums and signing certificate
+# see https://www.apache.org/dev/release-signing.html
+
+# color definitions for output
+RED='\033[0;31m'
+GRN='\033[0;32m'
+NC='\033[0m' # No Color
+
+if [[ $# -eq 0 ]] ; then
+ echo "Usage: $0 [apache-ofbiz-xx.xx.xx.zip]"
+ exit 1
+fi
+
+checkMD5() {
+ file1=`gpg --print-md MD5 $1`
+ file2=`cut -d* -f1 $1.md5`
+
+ echo "md5 check of file: $1"
+ echo "Using md5 file: $1.md5"
+ echo $file1
+ echo $file2
+
+ if [ "$file1" != "$file2" ]
+ then
+ echo -e "${RED}md5 sums mismatch!${NC}"
+ else
+ echo -e "${GRN}md5 checksum OK${NC}"
+ fi
+
+ echo ""
+
+ return 0
+}
+
+checkSHA () {
+ file1=`gpg --print-md SHA512 $1`
+ file2=`cut -d* -f1 $1.sha`
+
+ echo "sha check of file: $1"
+ echo "Using sha file: $1.sha"
+ echo $file1
+ echo $file2
+
+ if [ "$file1" != "$file2" ]
+ then
+ echo -e "${RED}sha sums mismatch!${NC}"
+ else
+ echo -e "${GRN}sha checksum OK${NC}"
+ fi
+
+ echo ""
+
+ return 0
+}
+
+if [ ! -f $1.md5 ];
+then
+ echo -e "${RED}skipping md5 check!${NC} (md5 checksum file $1.md5 not found)\n"
+else
+ checkMD5 $1
+fi
+
+if [ ! -f $1.sha ];
+then
+ echo -e "${RED}skipping sha check!${NC} (sha checksum file $1.sha not found)\n"
+else
+ checkSHA $1
+fi
+
+if [ ! -f $1.asc ];
+then
+ echo -e "${RED}skipping signature check!${NC} (signature file $1.asc not found)"
+else
+ echo "GPG verification output"
+ gpg --verify $1.asc $1
+fi
Propchange: ofbiz/tools/verify-ofbiz-release.sh
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: ofbiz/tools/verify-ofbiz-release.sh
------------------------------------------------------------------------------
svn:executable = *
Propchange: ofbiz/tools/verify-ofbiz-release.sh
------------------------------------------------------------------------------
svn:keywords = Date Rev Author URL Id
Propchange: ofbiz/tools/verify-ofbiz-release.sh
------------------------------------------------------------------------------
svn:mime-type = text/plain
Re: Release file check script Re: svn commit: r1799436 - /ofbiz/tools/verify-ofbiz-release.sh
Posted by Jacopo Cappellato <ja...@hotwaxsystems.com>.
Thank you Michael,
I have created the new release files and started the second vote so now we
will all have a chance to use your script!
Jacopo
On Wed, Jun 21, 2017 at 3:00 PM, Michael Brohl <mi...@ecomify.de>
wrote:
> Hi everyone,
>
> I've added a convenience bash script to check the release files checksums
> and gpg signature to the tools repository.
>
> Hope this makes life easier :-)
>
> Best regards,
>
> Michael Brohl
> ecomify GmbH
> www.ecomify.de
>
>
> Am 21.06.17 um 14:55 schrieb mbrohl@apache.org:
>
>> Author: mbrohl
>> Date: Wed Jun 21 12:55:02 2017
>> New Revision: 1799436
>>
>> URL: http://svn.apache.org/viewvc?rev=1799436&view=rev
>> Log:
>> Improved: Added a bash script to verify the release file, checking
>> md5/sha checksums and the signature.
>>
>> Added:
>> ofbiz/tools/verify-ofbiz-release.sh (with props)
>>
>> Added: ofbiz/tools/verify-ofbiz-release.sh
>> URL: http://svn.apache.org/viewvc/ofbiz/tools/verify-ofbiz-releas
>> e.sh?rev=1799436&view=auto
>> ============================================================
>> ==================
>> --- ofbiz/tools/verify-ofbiz-release.sh (added)
>> +++ ofbiz/tools/verify-ofbiz-release.sh Wed Jun 21 12:55:02 2017
>> @@ -0,0 +1,79 @@
>> +#!/bin/bash
>> +
>> +# verify-ofbiz-release.sh
>> +# checks the given release zip file for correct md5/SHA checksums and
>> signing certificate
>> +# see https://www.apache.org/dev/release-signing.html
>> +
>> +# color definitions for output
>> +RED='\033[0;31m'
>> +GRN='\033[0;32m'
>> +NC='\033[0m' # No Color
>> +
>> +if [[ $# -eq 0 ]] ; then
>> + echo "Usage: $0 [apache-ofbiz-xx.xx.xx.zip]"
>> + exit 1
>> +fi
>> +
>> +checkMD5() {
>> + file1=`gpg --print-md MD5 $1`
>> + file2=`cut -d* -f1 $1.md5`
>> +
>> + echo "md5 check of file: $1"
>> + echo "Using md5 file: $1.md5"
>> + echo $file1
>> + echo $file2
>> +
>> + if [ "$file1" != "$file2" ]
>> + then
>> + echo -e "${RED}md5 sums mismatch!${NC}"
>> + else
>> + echo -e "${GRN}md5 checksum OK${NC}"
>> + fi
>> +
>> + echo ""
>> +
>> + return 0
>> +}
>> +
>> +checkSHA () {
>> + file1=`gpg --print-md SHA512 $1`
>> + file2=`cut -d* -f1 $1.sha`
>> +
>> + echo "sha check of file: $1"
>> + echo "Using sha file: $1.sha"
>> + echo $file1
>> + echo $file2
>> +
>> + if [ "$file1" != "$file2" ]
>> + then
>> + echo -e "${RED}sha sums mismatch!${NC}"
>> + else
>> + echo -e "${GRN}sha checksum OK${NC}"
>> + fi
>> +
>> + echo ""
>> +
>> + return 0
>> +}
>> +
>> +if [ ! -f $1.md5 ];
>> +then
>> + echo -e "${RED}skipping md5 check!${NC} (md5 checksum file $1.md5
>> not found)\n"
>> +else
>> + checkMD5 $1
>> +fi
>> +
>> +if [ ! -f $1.sha ];
>> +then
>> + echo -e "${RED}skipping sha check!${NC} (sha checksum file $1.sha
>> not found)\n"
>> +else
>> + checkSHA $1
>> +fi
>> +
>> +if [ ! -f $1.asc ];
>> +then
>> + echo -e "${RED}skipping signature check!${NC} (signature file $1.asc
>> not found)"
>> +else
>> + echo "GPG verification output"
>> + gpg --verify $1.asc $1
>> +fi
>>
>> Propchange: ofbiz/tools/verify-ofbiz-release.sh
>> ------------------------------------------------------------
>> ------------------
>> svn:eol-style = native
>>
>> Propchange: ofbiz/tools/verify-ofbiz-release.sh
>> ------------------------------------------------------------
>> ------------------
>> svn:executable = *
>>
>> Propchange: ofbiz/tools/verify-ofbiz-release.sh
>> ------------------------------------------------------------
>> ------------------
>> svn:keywords = Date Rev Author URL Id
>>
>> Propchange: ofbiz/tools/verify-ofbiz-release.sh
>> ------------------------------------------------------------
>> ------------------
>> svn:mime-type = text/plain
>>
>>
>>
>
>
Release file check script Re: svn commit: r1799436 -
/ofbiz/tools/verify-ofbiz-release.sh
Posted by Michael Brohl <mi...@ecomify.de>.
Hi everyone,
I've added a convenience bash script to check the release files
checksums and gpg signature to the tools repository.
Hope this makes life easier :-)
Best regards,
Michael Brohl
ecomify GmbH
www.ecomify.de
Am 21.06.17 um 14:55 schrieb mbrohl@apache.org:
> Author: mbrohl
> Date: Wed Jun 21 12:55:02 2017
> New Revision: 1799436
>
> URL: http://svn.apache.org/viewvc?rev=1799436&view=rev
> Log:
> Improved: Added a bash script to verify the release file, checking md5/sha checksums and the signature.
>
> Added:
> ofbiz/tools/verify-ofbiz-release.sh (with props)
>
> Added: ofbiz/tools/verify-ofbiz-release.sh
> URL: http://svn.apache.org/viewvc/ofbiz/tools/verify-ofbiz-release.sh?rev=1799436&view=auto
> ==============================================================================
> --- ofbiz/tools/verify-ofbiz-release.sh (added)
> +++ ofbiz/tools/verify-ofbiz-release.sh Wed Jun 21 12:55:02 2017
> @@ -0,0 +1,79 @@
> +#!/bin/bash
> +
> +# verify-ofbiz-release.sh
> +# checks the given release zip file for correct md5/SHA checksums and signing certificate
> +# see https://www.apache.org/dev/release-signing.html
> +
> +# color definitions for output
> +RED='\033[0;31m'
> +GRN='\033[0;32m'
> +NC='\033[0m' # No Color
> +
> +if [[ $# -eq 0 ]] ; then
> + echo "Usage: $0 [apache-ofbiz-xx.xx.xx.zip]"
> + exit 1
> +fi
> +
> +checkMD5() {
> + file1=`gpg --print-md MD5 $1`
> + file2=`cut -d* -f1 $1.md5`
> +
> + echo "md5 check of file: $1"
> + echo "Using md5 file: $1.md5"
> + echo $file1
> + echo $file2
> +
> + if [ "$file1" != "$file2" ]
> + then
> + echo -e "${RED}md5 sums mismatch!${NC}"
> + else
> + echo -e "${GRN}md5 checksum OK${NC}"
> + fi
> +
> + echo ""
> +
> + return 0
> +}
> +
> +checkSHA () {
> + file1=`gpg --print-md SHA512 $1`
> + file2=`cut -d* -f1 $1.sha`
> +
> + echo "sha check of file: $1"
> + echo "Using sha file: $1.sha"
> + echo $file1
> + echo $file2
> +
> + if [ "$file1" != "$file2" ]
> + then
> + echo -e "${RED}sha sums mismatch!${NC}"
> + else
> + echo -e "${GRN}sha checksum OK${NC}"
> + fi
> +
> + echo ""
> +
> + return 0
> +}
> +
> +if [ ! -f $1.md5 ];
> +then
> + echo -e "${RED}skipping md5 check!${NC} (md5 checksum file $1.md5 not found)\n"
> +else
> + checkMD5 $1
> +fi
> +
> +if [ ! -f $1.sha ];
> +then
> + echo -e "${RED}skipping sha check!${NC} (sha checksum file $1.sha not found)\n"
> +else
> + checkSHA $1
> +fi
> +
> +if [ ! -f $1.asc ];
> +then
> + echo -e "${RED}skipping signature check!${NC} (signature file $1.asc not found)"
> +else
> + echo "GPG verification output"
> + gpg --verify $1.asc $1
> +fi
>
> Propchange: ofbiz/tools/verify-ofbiz-release.sh
> ------------------------------------------------------------------------------
> svn:eol-style = native
>
> Propchange: ofbiz/tools/verify-ofbiz-release.sh
> ------------------------------------------------------------------------------
> svn:executable = *
>
> Propchange: ofbiz/tools/verify-ofbiz-release.sh
> ------------------------------------------------------------------------------
> svn:keywords = Date Rev Author URL Id
>
> Propchange: ofbiz/tools/verify-ofbiz-release.sh
> ------------------------------------------------------------------------------
> svn:mime-type = text/plain
>
>