ofbiz-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michael Brohl <michael.br...@ecomify.de>
Subject Release file check script Re: svn commit: r1799436 - /ofbiz/tools/verify-ofbiz-release.sh
Date Wed, 21 Jun 2017 13:00:24 GMT
Hi everyone,

I've added a convenience bash script to check the release files 
checksums and gpg signature to the tools repository.

Hope this makes life easier :-)

Best regards,

Michael Brohl
ecomify GmbH
www.ecomify.de


Am 21.06.17 um 14:55 schrieb mbrohl@apache.org:
> Author: mbrohl
> Date: Wed Jun 21 12:55:02 2017
> New Revision: 1799436
>
> URL: http://svn.apache.org/viewvc?rev=1799436&view=rev
> Log:
> Improved: Added a bash script to verify the release file, checking md5/sha checksums
and the signature.
>
> Added:
>      ofbiz/tools/verify-ofbiz-release.sh   (with props)
>
> Added: ofbiz/tools/verify-ofbiz-release.sh
> URL: http://svn.apache.org/viewvc/ofbiz/tools/verify-ofbiz-release.sh?rev=1799436&view=auto
> ==============================================================================
> --- ofbiz/tools/verify-ofbiz-release.sh (added)
> +++ ofbiz/tools/verify-ofbiz-release.sh Wed Jun 21 12:55:02 2017
> @@ -0,0 +1,79 @@
> +#!/bin/bash
> +
> +# verify-ofbiz-release.sh
> +# checks the given release zip file for correct md5/SHA checksums and signing certificate
> +# see https://www.apache.org/dev/release-signing.html
> +
> +# color definitions for output
> +RED='\033[0;31m'
> +GRN='\033[0;32m'
> +NC='\033[0m' # No Color
> +
> +if [[ $# -eq 0 ]] ; then
> +    echo "Usage: $0 [apache-ofbiz-xx.xx.xx.zip]"
> +    exit 1
> +fi
> +
> +checkMD5() {
> +    file1=`gpg --print-md MD5 $1`
> +    file2=`cut -d* -f1 $1.md5`
> +
> +    echo "md5 check of file: $1"
> +    echo "Using md5 file: $1.md5"
> +    echo $file1
> +    echo $file2
> +
> +    if [ "$file1" != "$file2" ]
> +    then
> +        echo -e "${RED}md5 sums mismatch!${NC}"
> +    else
> +        echo -e "${GRN}md5 checksum OK${NC}"
> +    fi
> +
> +    echo ""
> +
> +    return 0
> +}
> +
> +checkSHA () {
> +    file1=`gpg --print-md SHA512 $1`
> +    file2=`cut -d* -f1 $1.sha`
> +
> +    echo "sha check of file: $1"
> +    echo "Using sha file: $1.sha"
> +    echo $file1
> +    echo $file2
> +
> +    if [ "$file1" != "$file2" ]
> +    then
> +        echo -e "${RED}sha sums mismatch!${NC}"
> +    else
> +        echo -e "${GRN}sha checksum OK${NC}"
> +    fi
> +
> +    echo ""
> +
> +    return 0
> +}
> +
> +if [ ! -f $1.md5 ];
> +then
> +    echo -e "${RED}skipping md5 check!${NC} (md5 checksum file $1.md5 not found)\n"
> +else
> +    checkMD5 $1
> +fi
> +
> +if [ ! -f $1.sha ];
> +then
> +    echo -e "${RED}skipping sha check!${NC} (sha checksum file $1.sha not found)\n"
> +else
> +    checkSHA $1
> +fi
> +
> +if [ ! -f $1.asc ];
> +then
> +    echo -e "${RED}skipping signature check!${NC} (signature file $1.asc not found)"
> +else
> +    echo "GPG verification output"
> +    gpg --verify $1.asc $1
> +fi
>
> Propchange: ofbiz/tools/verify-ofbiz-release.sh
> ------------------------------------------------------------------------------
>      svn:eol-style = native
>
> Propchange: ofbiz/tools/verify-ofbiz-release.sh
> ------------------------------------------------------------------------------
>      svn:executable = *
>
> Propchange: ofbiz/tools/verify-ofbiz-release.sh
> ------------------------------------------------------------------------------
>      svn:keywords = Date Rev Author URL Id
>
> Propchange: ofbiz/tools/verify-ofbiz-release.sh
> ------------------------------------------------------------------------------
>      svn:mime-type = text/plain
>
>



Mime
View raw message