You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@maven.apache.org by "Mark R. Diggory" <md...@latte.harvard.edu> on 2004/02/11 22:33:19 UTC
Re: MD5 and Mirrors ( was Re: MD5 Hash )
Well, after my own little survey, I've determined the following:
md5 on BSD (Apache Minotaur):
mdiggory@minotaur:/home/mdiggory> md5 foo.bar
MD5 (foo.bar) = 7f5e787ff3b930d906d01243ccf7c237
md5 has no built in option to compare the file to the checksum and
return true/false.
Output of md5sum (GNU textutils) on Redhat:
mdiggory@osprey:/home/mdiggory> md5sum foo.bar
7f5e787ff3b930d906d01243ccf7c237 foo.bar
md5sum has a built in option which compares the md5 from the signature
against the original file.
[mdiggory@osprey mdiggory]$ md5sum -c foo.bar.md5
foo.bar: OK
Output of Maven when publishing to repository is the md5 string minus
the filename and is dependent on GNU md5sum.
*example snippet of the command as its run in jelly*
<repository:exec>
cd ${directory};
md5sum ${artifactName} | sed 's/ .*$//' | tee ${artifactName}.md5;
chgrp ${maven.repository.group} *;
chmod g+w,a+r *;
</repository:exec>
results in the string with no filename on ibiblio, and actually fails on
minotaur as its BSD and the executable is not present.
What is the right/wrong way is not really a reasonable question to ask.
How to appropriately deal with the variants in both md5/md5sum ...
generation and file structure specifically in relation to the repository
are the important questions to throw around.
My opinions are the following:
Server side OS dependent tools are usually accessed in scripts (say, in
a cron script which does checking and reports errors). These scripts
will always be unique to an OS, It'll often be the case that they are
custom for that particular need. the author usually writes their own
string parsing routines (ie: md5sum foo.bar | sed 's/ .*$//').
A client side tool needs a simple and standard means of validating the
content they are about to download or upload onto a server. If the
repository structure already enforces the name of the md5 sum in
relation to the file name, any internal naming done inside the md5 file
is redundant. It would be good to just have the file contain the
checksum which reduces parsing requirements on both the server and the
client..
Client tools should be robust enough (or extensible enough) to generate
the appropriate md5 sum for a particular artifact and to easily find and
read/compare it to the content on the server.
-Mark
Markus M. May wrote:
> Hello Mark,
>
> this is probably my fault. I checked this whole stuff with a very old
> maven.md5-file. The format is now equal between the two projects.
>
> Sorry for the confusion.
>
> Markus
>
>
--
Mark Diggory
Software Developer
Harvard MIT Data Center
http://www.hmdc.harvard.edu
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
For additional commands, e-mail: users-help@maven.apache.org