tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mark Claassen" <>
Subject MD5 checksums when building Tomcat from source
Date Wed, 06 Jun 2007 17:24:17 GMT
I am trying to build Tomcat from source and I am curious about something.
On the Tomcat download page it say the following:
> "You must verify the integrity of the downloaded files."

Yet, the Tomcat build blindly downloads all kinds of sources that are not
verified in any way.  ANT can do MD5 checksums.  Shouldn't the Tomcat
properties file contain the checksums for the files it uses so they can be
verified after they are downloaded?  

It seems to me that if file integrity is a concern, then all the files
should be check.

Here is a sample target:
<target name="-verify-checksum">
	<checksum file="${filetoverify}" algorithm="MD5" property="${md5}"
		<fail message= "MD5 on ${filetoverify} is not ${md5}">
				<istrue value="${isEqual}"/>

And here would be how you call it:
<antcall target="-verify-checksum" inheritall="false">
	<param name="filetoverify" value="${}"/>
	<param name="md5" value="${archive.md5}"/>


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message