www-repository mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Carlos Sanchez <car...@apache.org>
Subject Re: format .md5 files
Date Mon, 26 Dec 2005 15:55:07 GMT
On 12/26/05, Phil Steitz <phil@steitz.com> wrote:
> The output above is not consistent with what maven 1 produces when jars
> are deployed using maven 1's jar goal, nor is it consistent with what
> md5sum -b produces or expects when used to verify.
> This was recently discussed on commons-dev
> <http://marc.theaimsgroup.com/?t=113487309500001&r=1&w=2>, where the
> consensus appeared to be to use the format produced by md5sum -b for
> .md5 files included in releases:
> <hash> *<file_name>
>  From Carlos' reply, I assume maven (2?) can "eat" the format above when
> verifying jars.  Whatever we agree on, maven should be able to produce
> it as part of jar deployment as well, and we should probably use the
> same format for md5's attached to zips and tarballs.  My preference
> would be to use a "standard" format if such a thing exists.  Apologies
> if the format above is a standard and I am just ignorant of it.
> Phil

Maven 2 uses by default sha1 checksums, falling back to md5 if sha1 is
not present. When deploying it generates both checksum files,
containing only the hash, not the filename.

For files I deploy manually to java-repository I use md5 and sha1,
because md5sum and sha1sum are not available at people.apache.org, and
they generate
MD5 (filename) = hash
SHA1 (filename) = hash

Maven 1 doesn't check the checksums, while maven 2 recognises all the formats.


View raw message