Release file check script Re: svn commit: r1799436 - /ofbiz/tools/verify-ofbiz-release.sh

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Release file check script Re: svn commit: r1799436 - /ofbiz/tools/verify-ofbiz-release.sh

Michael Brohl-3
Hi everyone,

I've added a convenience bash script to check the release files
checksums and gpg signature to the tools repository.

Hope this makes life easier :-)

Best regards,

Michael Brohl
ecomify GmbH
www.ecomify.de


Am 21.06.17 um 14:55 schrieb [hidden email]:

> Author: mbrohl
> Date: Wed Jun 21 12:55:02 2017
> New Revision: 1799436
>
> URL: http://svn.apache.org/viewvc?rev=1799436&view=rev
> Log:
> Improved: Added a bash script to verify the release file, checking md5/sha checksums and the signature.
>
> Added:
>      ofbiz/tools/verify-ofbiz-release.sh   (with props)
>
> Added: ofbiz/tools/verify-ofbiz-release.sh
> URL: http://svn.apache.org/viewvc/ofbiz/tools/verify-ofbiz-release.sh?rev=1799436&view=auto
> ==============================================================================
> --- ofbiz/tools/verify-ofbiz-release.sh (added)
> +++ ofbiz/tools/verify-ofbiz-release.sh Wed Jun 21 12:55:02 2017
> @@ -0,0 +1,79 @@
> +#!/bin/bash
> +
> +# verify-ofbiz-release.sh
> +# checks the given release zip file for correct md5/SHA checksums and signing certificate
> +# see https://www.apache.org/dev/release-signing.html
> +
> +# color definitions for output
> +RED='\033[0;31m'
> +GRN='\033[0;32m'
> +NC='\033[0m' # No Color
> +
> +if [[ $# -eq 0 ]] ; then
> +    echo "Usage: $0 [apache-ofbiz-xx.xx.xx.zip]"
> +    exit 1
> +fi
> +
> +checkMD5() {
> +    file1=`gpg --print-md MD5 $1`
> +    file2=`cut -d* -f1 $1.md5`
> +
> +    echo "md5 check of file: $1"
> +    echo "Using md5 file: $1.md5"
> +    echo $file1
> +    echo $file2
> +
> +    if [ "$file1" != "$file2" ]
> +    then
> +        echo -e "${RED}md5 sums mismatch!${NC}"
> +    else
> +        echo -e "${GRN}md5 checksum OK${NC}"
> +    fi
> +
> +    echo ""
> +
> +    return 0
> +}
> +
> +checkSHA () {
> +    file1=`gpg --print-md SHA512 $1`
> +    file2=`cut -d* -f1 $1.sha`
> +
> +    echo "sha check of file: $1"
> +    echo "Using sha file: $1.sha"
> +    echo $file1
> +    echo $file2
> +
> +    if [ "$file1" != "$file2" ]
> +    then
> +        echo -e "${RED}sha sums mismatch!${NC}"
> +    else
> +        echo -e "${GRN}sha checksum OK${NC}"
> +    fi
> +
> +    echo ""
> +
> +    return 0
> +}
> +
> +if [ ! -f $1.md5 ];
> +then
> +    echo -e "${RED}skipping md5 check!${NC} (md5 checksum file $1.md5 not found)\n"
> +else
> +    checkMD5 $1
> +fi
> +
> +if [ ! -f $1.sha ];
> +then
> +    echo -e "${RED}skipping sha check!${NC} (sha checksum file $1.sha not found)\n"
> +else
> +    checkSHA $1
> +fi
> +
> +if [ ! -f $1.asc ];
> +then
> +    echo -e "${RED}skipping signature check!${NC} (signature file $1.asc not found)"
> +else
> +    echo "GPG verification output"
> +    gpg --verify $1.asc $1
> +fi
>
> Propchange: ofbiz/tools/verify-ofbiz-release.sh
> ------------------------------------------------------------------------------
>      svn:eol-style = native
>
> Propchange: ofbiz/tools/verify-ofbiz-release.sh
> ------------------------------------------------------------------------------
>      svn:executable = *
>
> Propchange: ofbiz/tools/verify-ofbiz-release.sh
> ------------------------------------------------------------------------------
>      svn:keywords = Date Rev Author URL Id
>
> Propchange: ofbiz/tools/verify-ofbiz-release.sh
> ------------------------------------------------------------------------------
>      svn:mime-type = text/plain
>
>


smime.p7s (5K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Release file check script Re: svn commit: r1799436 - /ofbiz/tools/verify-ofbiz-release.sh

Jacopo Cappellato-5
Thank you Michael,

I have created the new release files and started the second vote so now we
will all have a chance to use your script!

Jacopo

On Wed, Jun 21, 2017 at 3:00 PM, Michael Brohl <[hidden email]>
wrote:

> Hi everyone,
>
> I've added a convenience bash script to check the release files checksums
> and gpg signature to the tools repository.
>
> Hope this makes life easier :-)
>
> Best regards,
>
> Michael Brohl
> ecomify GmbH
> www.ecomify.de
>
>
> Am 21.06.17 um 14:55 schrieb [hidden email]:
>
>> Author: mbrohl
>> Date: Wed Jun 21 12:55:02 2017
>> New Revision: 1799436
>>
>> URL: http://svn.apache.org/viewvc?rev=1799436&view=rev
>> Log:
>> Improved: Added a bash script to verify the release file, checking
>> md5/sha checksums and the signature.
>>
>> Added:
>>      ofbiz/tools/verify-ofbiz-release.sh   (with props)
>>
>> Added: ofbiz/tools/verify-ofbiz-release.sh
>> URL: http://svn.apache.org/viewvc/ofbiz/tools/verify-ofbiz-releas
>> e.sh?rev=1799436&view=auto
>> ============================================================
>> ==================
>> --- ofbiz/tools/verify-ofbiz-release.sh (added)
>> +++ ofbiz/tools/verify-ofbiz-release.sh Wed Jun 21 12:55:02 2017
>> @@ -0,0 +1,79 @@
>> +#!/bin/bash
>> +
>> +# verify-ofbiz-release.sh
>> +# checks the given release zip file for correct md5/SHA checksums and
>> signing certificate
>> +# see https://www.apache.org/dev/release-signing.html
>> +
>> +# color definitions for output
>> +RED='\033[0;31m'
>> +GRN='\033[0;32m'
>> +NC='\033[0m' # No Color
>> +
>> +if [[ $# -eq 0 ]] ; then
>> +    echo "Usage: $0 [apache-ofbiz-xx.xx.xx.zip]"
>> +    exit 1
>> +fi
>> +
>> +checkMD5() {
>> +    file1=`gpg --print-md MD5 $1`
>> +    file2=`cut -d* -f1 $1.md5`
>> +
>> +    echo "md5 check of file: $1"
>> +    echo "Using md5 file: $1.md5"
>> +    echo $file1
>> +    echo $file2
>> +
>> +    if [ "$file1" != "$file2" ]
>> +    then
>> +        echo -e "${RED}md5 sums mismatch!${NC}"
>> +    else
>> +        echo -e "${GRN}md5 checksum OK${NC}"
>> +    fi
>> +
>> +    echo ""
>> +
>> +    return 0
>> +}
>> +
>> +checkSHA () {
>> +    file1=`gpg --print-md SHA512 $1`
>> +    file2=`cut -d* -f1 $1.sha`
>> +
>> +    echo "sha check of file: $1"
>> +    echo "Using sha file: $1.sha"
>> +    echo $file1
>> +    echo $file2
>> +
>> +    if [ "$file1" != "$file2" ]
>> +    then
>> +        echo -e "${RED}sha sums mismatch!${NC}"
>> +    else
>> +        echo -e "${GRN}sha checksum OK${NC}"
>> +    fi
>> +
>> +    echo ""
>> +
>> +    return 0
>> +}
>> +
>> +if [ ! -f $1.md5 ];
>> +then
>> +    echo -e "${RED}skipping md5 check!${NC} (md5 checksum file $1.md5
>> not found)\n"
>> +else
>> +    checkMD5 $1
>> +fi
>> +
>> +if [ ! -f $1.sha ];
>> +then
>> +    echo -e "${RED}skipping sha check!${NC} (sha checksum file $1.sha
>> not found)\n"
>> +else
>> +    checkSHA $1
>> +fi
>> +
>> +if [ ! -f $1.asc ];
>> +then
>> +    echo -e "${RED}skipping signature check!${NC} (signature file $1.asc
>> not found)"
>> +else
>> +    echo "GPG verification output"
>> +    gpg --verify $1.asc $1
>> +fi
>>
>> Propchange: ofbiz/tools/verify-ofbiz-release.sh
>> ------------------------------------------------------------
>> ------------------
>>      svn:eol-style = native
>>
>> Propchange: ofbiz/tools/verify-ofbiz-release.sh
>> ------------------------------------------------------------
>> ------------------
>>      svn:executable = *
>>
>> Propchange: ofbiz/tools/verify-ofbiz-release.sh
>> ------------------------------------------------------------
>> ------------------
>>      svn:keywords = Date Rev Author URL Id
>>
>> Propchange: ofbiz/tools/verify-ofbiz-release.sh
>> ------------------------------------------------------------
>> ------------------
>>      svn:mime-type = text/plain
>>
>>
>>
>
>