Implement checksum checks when downloading dependencies that are used to build Tomcat.
git-svn-id: https://svn.apache.org/repos/asf/tomcat/tc8.0.x/trunk@1834562 13f79535-47bb-0310-9956-ffa450edef68
diff --git a/build.properties.default b/build.properties.default
index 5896229..678f463 100644
--- a/build.properties.default
+++ b/build.properties.default
@@ -109,6 +109,9 @@
# - logkit
# - servletapi
commons-logging.version=1.1.3
+commons-logging-src.checksum.enabled=true
+commons-logging-src.checksum.algorithm=MD5|SHA-1
+commons-logging-src.checksum.value=e8e197d628436490886d17cffa108fe3|95f0805de0be927c42f5f6eb14b643cb37e7caad
commons-logging.home=${base.path}/commons-logging-${commons-logging.version}
commons-logging-src.loc.1=${base-commons.loc.1}/logging/source/commons-logging-${commons-logging.version}-src.tar.gz
commons-logging-src.loc.2=${base-commons.loc.2}/logging/source/commons-logging-${commons-logging.version}-src.tar.gz
@@ -116,44 +119,70 @@
# ----- Avalon Framework (required by commons logging) -----
avalon-framework.version=4.1.5
+avalon-framework.checksum.enabled=true
+avalon-framework.checksum.algorithm=MD5|SHA-1
+avalon-framework.checksum.value=71a0db38cac8809aeea73645064bae1a|3532aaf90b552ed1e1e1e29392b77b3b1980d8a8
avalon-framework.home=${base.path}/avalon-framework-${avalon-framework.version}
avalon-framework.loc=${base-maven.loc}/avalon-framework/avalon-framework/${avalon-framework.version}/avalon-framework-${avalon-framework.version}.jar
avalon-framework.jar=${avalon-framework.home}/avalon-framework-${avalon-framework.version}.jar
# ----- log4j (required by commons logging) -----
log4j.version=1.2.17
+log4j.checksum.enabled=true
+log4j.checksum.algorithm=MD5|SHA-1
+log4j.checksum.value=04a41f0a068986f0f73485cf507c0f40|5af35056b4d257e4b64b9e8069c0746e8b08629f
log4j.home=${base.path}/log4j-${log4j.version}
log4j.loc=${base-maven.loc}/log4j/log4j/${log4j.version}/log4j-${log4j.version}.jar
log4j.jar=${log4j.home}/log4j-${log4j.version}.jar
# ----- logkit (required by commons logging) -----
logkit.version=1.0.1
+logkit.checksum.enabled=true
+logkit.checksum.algorithm=MD5|SHA-1
+logkit.checksum.value=32240100a5c15d53f00392fae4b0aab7|aaf5649b523c5ffc925e746074979150bb74bfdc
logkit.home=${base.path}/logkit-${logkit.version}
logkit.loc=${base-maven.loc}/logkit/logkit/${logkit.version}/logkit-${logkit.version}.jar
logkit.jar=${logkit.home}/logkit-${logkit.version}.jar
# ----- servletapi (required by commons logging) -----
servletapi.version=2.3
+servletapi.checksum.enabled=true
+servletapi.checksum.algorithm=MD5|SHA-1
+servletapi.checksum.value=c097f777c6fd453277c6891b3bb4dc09|0137a24e9f62973f01f16dd23fc1b5a9964fd9ef
servletapi.home=${base.path}/servletapi-${servletapi.version}
servletapi.loc=${base-maven.loc}/servletapi/servletapi/${servletapi.version}/servletapi-${servletapi.version}.jar
servletapi.jar=${servletapi.home}/servletapi-${servletapi.version}.jar
# ----- Webservices - JAX RPC -----
jaxrpc-lib.version=1.1-rc4
+jaxrpc-lib.checksum.enabled=true
+jaxrpc-lib.checksum.algorithm=MD5|SHA-1
+jaxrpc-lib.checksum.value=4bebba22a4cdb9f68e16c45129770333|fe9371d33dc3e1646d4d13bde19614283eb998b1
jaxrpc-lib.home=${base.path}/jaxrpc-${jaxrpc-lib.version}
jaxrpc-lib.loc=${base-maven.loc}/geronimo-spec/geronimo-spec-jaxrpc/${jaxrpc-lib.version}/geronimo-spec-jaxrpc-${jaxrpc-lib.version}.jar
jaxrpc-lib.jar=${jaxrpc-lib.home}/geronimo-spec-jaxrpc-${jaxrpc-lib.version}.jar
# ----- Webservices - WSDL4J -----
wsdl4j-lib.version=1.6.2
+wsdl4j-lib.checksum.enabled=true
+wsdl4j-lib.checksum.algorithm=MD5|SHA-1
+wsdl4j-lib.checksum.value=2608a8ea3f07b0c08de8a7d3d0d3fc09|dec1669fb6801b7328e01ad72fc9e10b69ea06c1
wsdl4j-lib.home=${base.path}/wsdl4j-${wsdl4j-lib.version}
wsdl4j-lib.loc=${base-maven.loc}/wsdl4j/wsdl4j/${wsdl4j-lib.version}/wsdl4j-${wsdl4j-lib.version}.jar
wsdl4j-lib.jar=${wsdl4j-lib.home}/wsdl4j-${wsdl4j-lib.version}.jar
# ----- Eclipse JDT, version 4.5 or later -----#
# See https://wiki.apache.org/tomcat/JDTCoreBatchCompiler before updating
+#
+# Checksum is from "SHA512 Checksums for 4.6.3" link at
+# http://archive.eclipse.org/eclipse/downloads/drops4/R-4.6.3-201703010400/
+# http://archive.eclipse.org/eclipse/downloads/drops4/R-4.6.3-201703010400/checksum/eclipse-4.6.3-SUMSSHA512
+#
jdt.version=4.6.3
jdt.release=R-4.6.3-201703010400
+jdt.checksum.enabled=true
+jdt.checksum.algorithm=SHA-512
+jdt.checksum.value=372da97d5f37095a3616c730170dc541b93acb8f50370cd9b0d81fba4583e865f0c933dc012155f26638306b82a402eaab209123cd0a979fa7c86313c0fca477
jdt.home=${base.path}/ecj-${jdt.version}
jdt.jar=${jdt.home}/ecj-${jdt.version}.jar
# The download will be moved to the archive area eventually. We are taking care of that in advance.
@@ -162,6 +191,12 @@
# ----- Tomcat native library -----
tomcat-native.version=1.2.17
+tomcat-native.src.checksum.enabled=true
+tomcat-native.src.checksum.algorithm=SHA-512
+tomcat-native.src.checksum.value=8fa946855fd14525ec0abe7b09975bbd34d6127352e90730a8afb77e16cd91715417e812a40017fee65939a9ce95faf39a9193222f441cda0ad2eb7f690e77b9
+tomcat-native.win.checksum.enabled=true
+tomcat-native.win.checksum.algorithm=SHA-512
+tomcat-native.win.checksum.value=2955209b39707949b080f13c09edcad08a13faf5545f7890e2ac493ccbc66d09e152a39b4fa6ac40fe3de6b209b305608db3db8dcf24dda94567b417f55a5f49
tomcat-native.home=${base.path}/tomcat-native-${tomcat-native.version}
tomcat-native.tar.gz=${tomcat-native.home}/tomcat-native.tar.gz
tomcat-native.loc.1=${base-tomcat.loc.1}/tomcat-connectors/native/${tomcat-native.version}/source/tomcat-native-${tomcat-native.version}-src.tar.gz
@@ -171,6 +206,9 @@
# ----- NSIS, version 3.0 or later -----
nsis.version=3.03
+nsis.checksum.enabled=true
+nsis.checksum.algorithm=MD5|SHA-1
+nsis.checksum.value=d4919dc089ec256a7264e97ada299b64|ea69aa8d538916c9e8630dfd0106b063f7bb5d46
nsis.home=${base.path}/nsis-${nsis.version}
nsis.exe=${nsis.home}/makensis.exe
nsis.arch.dir=x86-unicode/
@@ -183,6 +221,20 @@
# ----- Commons Daemon, version 1.1.0 or later -----
commons-daemon.version=1.1.0
+
+# checksum for commons-daemon-1.1.0-bin.tar.gz
+commons-daemon.bin.checksum.enabled=true
+commons-daemon.bin.checksum.algorithm=SHA-512
+commons-daemon.bin.checksum.value=43c33e52e0be11e73370083500592ee9df0431c3166dbc7ed95794cabb462ac2a140e3eb4bbe2a0b99882bb93d9244ff534f13e4933c13e7a31a37e58e0c8e1d
+
+# checksums for commons-daemon-1.1.0-native-src.tar.gz, commons-daemon-1.1.0-bin-windows.zip
+commons-daemon.native.src.checksum.enabled=true
+commons-daemon.native.src.checksum.algorithm=SHA-512
+commons-daemon.native.src.checksum.value=3443f1c95a4b267c4387a9ac7c79315422a51e896c0bcea48fbe959bc301094770aa8065b2388a84760a3e07e5d1753c2b351336fb2d3a8c996ee14d32088f6e
+commons-daemon.native.win.checksum.enabled=true
+commons-daemon.native.win.checksum.algorithm=SHA-512
+commons-daemon.native.win.checksum.value=10cda04d9a44286cb67107fdb9d20958013f075cad4accba048801f3677765c334dc16f6901e1d2e4a9df5a2c702797370de63393568df6fceb9e7902421f9ea
+
commons-daemon.home=${base.path}/commons-daemon-${commons-daemon.version}
commons-daemon.jar=${commons-daemon.home}/commons-daemon-${commons-daemon.version}.jar
commons-daemon.native.win.home=${commons-daemon.home}/windows
@@ -198,36 +250,55 @@
# ----- JUnit Unit Test Suite, version 4.11 or later -----
junit.version=4.11
+junit.checksum.enabled=true
+junit.checksum.algorithm=MD5|SHA-1
+junit.checksum.value=3c42be5ea7cbf3635716abbb429cb90d|4e031bb61df09069aeb2bffb4019e7a5034a4ee0
junit.home=${base.path}/junit-${junit.version}
junit.jar=${junit.home}/junit-${junit.version}.jar
junit.loc=${base-maven.loc}/junit/junit/${junit.version}/junit-${junit.version}.jar
# ----- Hamcrest Library, used by JUnit, version 1.3 or later ----
hamcrest.version=1.3
+hamcrest.checksum.enabled=true
+hamcrest.checksum.algorithm=MD5|SHA-1
+hamcrest.checksum.value=6393363b47ddcbba82321110c3e07519|42a25dc3219429f0e5d060061f71acb49bf010a0
hamcrest.home=${base.path}/hamcrest-${hamcrest.version}
hamcrest.jar=${hamcrest.home}/hamcrest-core-${hamcrest.version}.jar
hamcrest.loc=${base-maven.loc}/org/hamcrest/hamcrest-core/${hamcrest.version}/hamcrest-core-${hamcrest.version}.jar
# ----- EasyMock, version 3.2 or later -----
easymock.version=3.2
+easymock.checksum.enabled=true
+easymock.checksum.algorithm=MD5|SHA-1
+easymock.checksum.value=2d914151580d6749ba0921be7eda705a|9794114433b4788b5d6498164311ecb3a25ff262
easymock.home=${base.path}/easymock-${easymock.version}
easymock.loc=${base-sf.loc}/easymock/easymock-${easymock.version}.zip
easymock.jar=${easymock.home}/easymock-${easymock.version}.jar
# ----- cglib, used by EasyMock, version 2.2 or later -----
cglib.version=2.2.3
+cglib.checksum.enabled=true
+cglib.checksum.algorithm=MD5|SHA-1
+cglib.checksum.value=694815351007f966c14ea093ec838323|6a4af5d9112066a5baf235fd55d5876969bc813c
cglib.home=${base.path}/cglib-${cglib.version}
cglib.loc=${base-sf.loc}/cglib/cglib-nodep-${cglib.version}.jar
cglib.jar=${cglib.home}/cglib-nodep-${cglib.version}.jar
# ----- objenesis, used by EasyMock, version 1.2 or later -----
objenesis.version=1.2
+objenesis.checksum.enabled=true
+objenesis.checksum.algorithm=SHA-1
+objenesis.checksum.value=2359e04aca6f4f171f92ff77489d1669043dd536
objenesis.home=${base.path}/objenesis-${objenesis.version}
objenesis.loc=https://bintray.com/easymock/distributions/download_file?file_path=objenesis-${objenesis.version}-bin.zip
objenesis.jar=${objenesis.home}/objenesis-${objenesis.version}.jar
# ----- Checkstyle, version 6.16 or later -----
+# Checksums are available at https://sourceforge.net/projects/checkstyle/files/OldFiles/6.17/
checkstyle.version=6.17
+checkstyle.checksum.enabled=true
+checkstyle.checksum.algorithm=MD5|SHA-1
+checkstyle.checksum.value=9180ab8b8219b262bfe88f26fd95d26d|11a02d7b0374f8a82fbd76361a69756faa6aefa0
checkstyle.home=${base.path}/checkstyle-${checkstyle.version}
checkstyle.loc=${base-sf.loc}/checkstyle/checkstyle/${checkstyle.version}/checkstyle-${checkstyle.version}-all.jar
checkstyle.jar=${checkstyle.home}/checkstyle-${checkstyle.version}-all.jar
@@ -244,6 +315,9 @@
# ----- Cobertura code coverage tool -----
cobertura.version=2.1.1
+cobertura.checksum.enabled=true
+cobertura.checksum.algorithm=MD5|SHA-1
+cobertura.checksum.value=4f46638aa8e4d89565c038092398ea06|99cb44d36555feedcedc46263c23c2f5394ef342
cobertura.home=${base.path}/cobertura-${cobertura.version}
cobertura.jar=${cobertura.home}/cobertura-${cobertura.version}.jar
cobertura.lib=${cobertura.home}/lib
@@ -251,6 +325,9 @@
# ----- Findbugs -----
findbugs.version=3.0.1
+findbugs.checksum.enabled=true
+findbugs.checksum.algorithm=MD5|SHA-1
+findbugs.checksum.value=dec8828de8657910fcb258ce5383c168|59a24064ca6869e483ce9a04d3c50d14a227d5e6
findbugs.home=${base.path}/findbugs-${findbugs.version}
findbugs.lib=${findbugs.home}/lib
findbugs.jar=${findbugs.lib}/findbugs-ant.jar
diff --git a/build.xml b/build.xml
index cf6d6ea..5ee1d86 100644
--- a/build.xml
+++ b/build.xml
@@ -15,7 +15,8 @@
See the License for the specific language governing permissions and
limitations under the License.
-->
-<project name="Tomcat 8.0" default="deploy" basedir=".">
+<project name="Tomcat 8.0" default="deploy" basedir="."
+ xmlns:if="ant:if" xmlns:unless="ant:unless">
<!-- ===================== Initialize Property Values ==================== -->
@@ -1627,30 +1628,45 @@
<param name="sourcefile.2" value="${commons-logging-src.loc.2}"/>
<param name="destfile" value="${commons-logging-src.tar.gz}"/>
<param name="destdir" value="${commons-logging.home}"/>
+ <param name="checksum.enabled" value="${commons-logging-src.checksum.enabled}"/>
+ <param name="checksum.algorithm" value="${commons-logging-src.checksum.algorithm}"/>
+ <param name="checksum.value" value="${commons-logging-src.checksum.value}"/>
</antcall>
<antcall target="downloadfile">
<param name="sourcefile" value="${avalon-framework.loc}"/>
<param name="destfile" value="${avalon-framework.jar}"/>
<param name="destdir" value="${avalon-framework.home}"/>
+ <param name="checksum.enabled" value="${avalon-framework.checksum.enabled}"/>
+ <param name="checksum.algorithm" value="${avalon-framework.checksum.algorithm}"/>
+ <param name="checksum.value" value="${avalon-framework.checksum.value}"/>
</antcall>
<antcall target="downloadfile">
<param name="sourcefile" value="${log4j.loc}"/>
<param name="destfile" value="${log4j.jar}"/>
<param name="destdir" value="${log4j.home}"/>
+ <param name="checksum.enabled" value="${log4j.checksum.enabled}"/>
+ <param name="checksum.algorithm" value="${log4j.checksum.algorithm}"/>
+ <param name="checksum.value" value="${log4j.checksum.value}"/>
</antcall>
<antcall target="downloadfile">
<param name="sourcefile" value="${logkit.loc}"/>
<param name="destfile" value="${logkit.jar}"/>
<param name="destdir" value="${logkit.home}"/>
+ <param name="checksum.enabled" value="${logkit.checksum.enabled}"/>
+ <param name="checksum.algorithm" value="${logkit.checksum.algorithm}"/>
+ <param name="checksum.value" value="${logkit.checksum.value}"/>
</antcall>
<antcall target="downloadfile">
<param name="sourcefile" value="${servletapi.loc}"/>
<param name="destfile" value="${servletapi.jar}"/>
<param name="destdir" value="${servletapi.home}"/>
+ <param name="checksum.enabled" value="${servletapi.checksum.enabled}"/>
+ <param name="checksum.algorithm" value="${servletapi.checksum.algorithm}"/>
+ <param name="checksum.value" value="${servletapi.checksum.value}"/>
</antcall>
</target>
@@ -1765,12 +1781,18 @@
<param name="sourcefile" value="${jaxrpc-lib.loc}"/>
<param name="destfile" value="${jaxrpc-lib.jar}"/>
<param name="destdir" value="${jaxrpc-lib.home}"/>
+ <param name="checksum.enabled" value="${jaxrpc-lib.checksum.enabled}"/>
+ <param name="checksum.algorithm" value="${jaxrpc-lib.checksum.algorithm}"/>
+ <param name="checksum.value" value="${jaxrpc-lib.checksum.value}"/>
</antcall>
<antcall target="downloadfile">
<param name="sourcefile" value="${wsdl4j-lib.loc}"/>
<param name="destfile" value="${wsdl4j-lib.jar}"/>
<param name="destdir" value="${wsdl4j-lib.home}"/>
+ <param name="checksum.enabled" value="${wsdl4j-lib.checksum.enabled}"/>
+ <param name="checksum.algorithm" value="${wsdl4j-lib.checksum.algorithm}"/>
+ <param name="checksum.value" value="${wsdl4j-lib.checksum.value}"/>
</antcall>
<copy file="${jaxrpc-lib.jar}"
@@ -2791,6 +2813,9 @@
<param name="sourcefile" value="${checkstyle.loc}"/>
<param name="destfile" value="${checkstyle.jar}"/>
<param name="destdir" value="${base.path}"/>
+ <param name="checksum.enabled" value="${checkstyle.checksum.enabled}"/>
+ <param name="checksum.algorithm" value="${checkstyle.checksum.algorithm}"/>
+ <param name="checksum.value" value="${checkstyle.checksum.value}"/>
</antcall>
</target>
@@ -2803,6 +2828,9 @@
<param name="sourcefile.1" value="${commons-daemon.bin.loc.1}"/>
<param name="sourcefile.2" value="${commons-daemon.bin.loc.2}"/>
<param name="destfile" value="${commons-daemon.jar}"/>
+ <param name="checksum.enabled" value="${commons-daemon.bin.checksum.enabled}"/>
+ <param name="checksum.algorithm" value="${commons-daemon.bin.checksum.algorithm}"/>
+ <param name="checksum.value" value="${commons-daemon.bin.checksum.value}"/>
</antcall>
<!-- Download JDT (Eclipse compiler) -->
@@ -2811,6 +2839,9 @@
<param name="sourcefile.2" value="${jdt.loc.2}"/>
<param name="destfile" value="${jdt.jar}"/>
<param name="destdir" value="${jdt.home}"/>
+ <param name="checksum.enabled" value="${jdt.checksum.enabled}"/>
+ <param name="checksum.algorithm" value="${jdt.checksum.algorithm}"/>
+ <param name="checksum.value" value="${jdt.checksum.value}"/>
</antcall>
</target>
@@ -2822,30 +2853,45 @@
<param name="sourcefile" value="${junit.loc}"/>
<param name="destfile" value="${junit.jar}"/>
<param name="destdir" value="${junit.home}"/>
+ <param name="checksum.enabled" value="${junit.checksum.enabled}"/>
+ <param name="checksum.algorithm" value="${junit.checksum.algorithm}"/>
+ <param name="checksum.value" value="${junit.checksum.value}"/>
</antcall>
<antcall target="downloadfile">
<param name="sourcefile" value="${hamcrest.loc}"/>
<param name="destfile" value="${hamcrest.jar}"/>
<param name="destdir" value="${hamcrest.home}"/>
+ <param name="checksum.enabled" value="${hamcrest.checksum.enabled}"/>
+ <param name="checksum.algorithm" value="${hamcrest.checksum.algorithm}"/>
+ <param name="checksum.value" value="${hamcrest.checksum.value}"/>
</antcall>
<antcall target="downloadzip">
<param name="sourcefile" value="${easymock.loc}"/>
<param name="destfile" value="${easymock.jar}"/>
<param name="destdir" value="${base.path}"/>
+ <param name="checksum.enabled" value="${easymock.checksum.enabled}"/>
+ <param name="checksum.algorithm" value="${easymock.checksum.algorithm}"/>
+ <param name="checksum.value" value="${easymock.checksum.value}"/>
</antcall>
<antcall target="downloadfile">
<param name="sourcefile" value="${cglib.loc}"/>
<param name="destfile" value="${cglib.jar}"/>
<param name="destdir" value="${cglib.home}"/>
+ <param name="checksum.enabled" value="${cglib.checksum.enabled}"/>
+ <param name="checksum.algorithm" value="${cglib.checksum.algorithm}"/>
+ <param name="checksum.value" value="${cglib.checksum.value}"/>
</antcall>
<antcall target="downloadzip">
<param name="sourcefile" value="${objenesis.loc}"/>
<param name="destfile" value="${objenesis.jar}"/>
<param name="destdir" value="${base.path}"/>
+ <param name="checksum.enabled" value="${objenesis.checksum.enabled}"/>
+ <param name="checksum.algorithm" value="${objenesis.checksum.algorithm}"/>
+ <param name="checksum.value" value="${objenesis.checksum.value}"/>
</antcall>
</target>
@@ -2857,6 +2903,9 @@
<antcall target="downloadgz">
<param name="sourcefile" value="${cobertura.loc}"/>
<param name="destfile" value="${cobertura.jar}"/>
+ <param name="checksum.enabled" value="${cobertura.checksum.enabled}"/>
+ <param name="checksum.algorithm" value="${cobertura.checksum.algorithm}"/>
+ <param name="checksum.value" value="${cobertura.checksum.value}"/>
</antcall>
</target>
@@ -2868,6 +2917,9 @@
<antcall target="downloadgz">
<param name="sourcefile" value="${findbugs.loc}"/>
<param name="destfile" value="${findbugs.jar}"/>
+ <param name="checksum.enabled" value="${findbugs.checksum.enabled}"/>
+ <param name="checksum.algorithm" value="${findbugs.checksum.algorithm}"/>
+ <param name="checksum.value" value="${findbugs.checksum.value}"/>
</antcall>
</target>
@@ -2880,6 +2932,9 @@
<param name="sourcefile.2" value="${tomcat-native.loc.2}"/>
<param name="destfile" value="${tomcat-native.tar.gz}"/>
<param name="destdir" value="${tomcat-native.home}"/>
+ <param name="checksum.enabled" value="${tomcat-native.src.checksum.enabled}"/>
+ <param name="checksum.algorithm" value="${tomcat-native.src.checksum.algorithm}"/>
+ <param name="checksum.value" value="${tomcat-native.src.checksum.value}"/>
</antcall>
<antcall target="downloadzip-2">
@@ -2887,6 +2942,9 @@
<param name="sourcefile.2" value="${tomcat-native.win.2}"/>
<param name="destfile" value="${tomcat-native.home}/LICENSE"/>
<param name="destdir" value="${tomcat-native.home}"/>
+ <param name="checksum.enabled" value="${tomcat-native.win.checksum.enabled}"/>
+ <param name="checksum.algorithm" value="${tomcat-native.win.checksum.algorithm}"/>
+ <param name="checksum.value" value="${tomcat-native.win.checksum.value}"/>
</antcall>
<antcall target="downloadfile-2">
@@ -2894,6 +2952,9 @@
<param name="sourcefile.2" value="${commons-daemon.native.src.loc.2}"/>
<param name="destfile" value="${commons-daemon.native.src.tgz}"/>
<param name="destdir" value="${commons-daemon.home}"/>
+ <param name="checksum.enabled" value="${commons-daemon.native.src.checksum.enabled}"/>
+ <param name="checksum.algorithm" value="${commons-daemon.native.src.checksum.algorithm}"/>
+ <param name="checksum.value" value="${commons-daemon.native.src.checksum.value}"/>
</antcall>
<antcall target="downloadzip-2">
@@ -2901,12 +2962,18 @@
<param name="sourcefile.2" value="${commons-daemon.native.win.loc.2}"/>
<param name="destfile" value="${commons-daemon.native.win.mgr.exe}"/>
<param name="destdir" value="${commons-daemon.native.win.home}"/>
+ <param name="checksum.enabled" value="${commons-daemon.native.win.checksum.enabled}"/>
+ <param name="checksum.algorithm" value="${commons-daemon.native.win.checksum.algorithm}"/>
+ <param name="checksum.value" value="${commons-daemon.native.win.checksum.value}"/>
</antcall>
<antcall target="downloadzip">
<param name="sourcefile" value="${nsis.loc}"/>
<param name="destfile" value="${nsis.exe}"/>
<param name="destdir" value="${nsis.home}/.."/>
+ <param name="checksum.enabled" value="${nsis.checksum.enabled}"/>
+ <param name="checksum.algorithm" value="${nsis.checksum.algorithm}"/>
+ <param name="checksum.value" value="${nsis.checksum.value}"/>
</antcall>
</target>
@@ -2924,12 +2991,134 @@
<available file="${destfile}" property="exist"/>
</target>
+ <macrodef name="verifyChecksum">
+ <attribute name="file" />
+ <attribute name="name" default="@{file}"/>
+ <attribute name="enabled" />
+ <attribute name="algorithm" />
+ <attribute name="value" />
+ <sequential>
+ <local name="name" />
+ <basename property="name" file="@{name}" />
+ <sequential if:true="@{enabled}">
+ <local name="check.md5" />
+ <local name="check.sha1" />
+ <local name="check.sha256" />
+ <local name="check.sha384" />
+ <local name="check.sha512" />
+ <local name="value.md5" />
+ <local name="value.sha1" />
+ <local name="value.sha256" />
+ <local name="value.sha384" />
+ <local name="value.sha512" />
+ <local name="check.success" />
+ <condition property="check.md5">
+ <or>
+ <equals arg1="@{algorithm}" arg2="MD5" />
+ <equals arg1="@{algorithm}" arg2="MD5|SHA-1" />
+ </or>
+ </condition>
+ <condition property="check.sha1">
+ <or>
+ <equals arg1="@{algorithm}" arg2="SHA-1" />
+ <equals arg1="@{algorithm}" arg2="MD5|SHA-1" />
+ </or>
+ </condition>
+ <condition property="check.sha256">
+ <equals arg1="@{algorithm}" arg2="SHA-256" />
+ </condition>
+ <condition property="check.sha384">
+ <equals arg1="@{algorithm}" arg2="SHA-384" />
+ </condition>
+ <condition property="check.sha512">
+ <equals arg1="@{algorithm}" arg2="SHA-512" />
+ </condition>
+ <!-- Check that any checksum algorithm is selected -->
+ <fail message="Unknown algorithm: @{algorithm}">
+ <condition>
+ <not>
+ <or>
+ <equals arg1="${check.md5}" arg2="true" />
+ <equals arg1="${check.sha1}" arg2="true" />
+ <equals arg1="${check.sha256}" arg2="true" />
+ <equals arg1="${check.sha384}" arg2="true" />
+ <equals arg1="${check.sha512}" arg2="true" />
+ </or>
+ </not>
+ </condition>
+ </fail>
+ <!-- Calculate requested checksums -->
+ <checksum file="@{file}" if:true="${check.md5}" property="value.md5" algorithm="MD5" />
+ <checksum file="@{file}" if:true="${check.sha1}" property="value.sha1" algorithm="SHA-1" />
+ <checksum file="@{file}" if:true="${check.sha256}" property="value.sha256" algorithm="SHA-256" />
+ <checksum file="@{file}" if:true="${check.sha384}" property="value.sha384" algorithm="SHA-384" />
+ <checksum file="@{file}" if:true="${check.sha512}" property="value.sha512" algorithm="SHA-512" />
+ <!-- Check actual checksum value -->
+ <condition property="check.success">
+ <or>
+ <and>
+ <equals arg1="@{algorithm}" arg2="MD5" />
+ <equals arg1="@{value}" arg2="${value.md5}" />
+ </and>
+ <and>
+ <equals arg1="@{algorithm}" arg2="SHA-1" />
+ <equals arg1="@{value}" arg2="${value.sha1}" />
+ </and>
+ <and>
+ <equals arg1="@{algorithm}" arg2="MD5|SHA-1" />
+ <equals arg1="@{value}" arg2="${value.md5}|${value.sha1}" />
+ </and>
+ <and>
+ <equals arg1="@{algorithm}" arg2="SHA-256" />
+ <equals arg1="@{value}" arg2="${value.sha256}" />
+ </and>
+ <and>
+ <equals arg1="@{algorithm}" arg2="SHA-384" />
+ <equals arg1="@{value}" arg2="${value.sha384}" />
+ </and>
+ <and>
+ <equals arg1="@{algorithm}" arg2="SHA-512" />
+ <equals arg1="@{value}" arg2="${value.sha512}" />
+ </and>
+ </or>
+ </condition>
+ <!-- Fail or display a success message -->
+ <sequential unless:true="${check.success}">
+ <!-- Generate checksums for an error message -->
+ <checksum file="@{file}" unless:set="value.md5" property="value.md5" algorithm="MD5" />
+ <checksum file="@{file}" unless:set="value.sha1" property="value.sha1" algorithm="SHA-1" />
+ <checksum file="@{file}" unless:set="value.sha256" property="value.sha256" algorithm="SHA-256" />
+ <checksum file="@{file}" unless:set="value.sha384" property="value.sha384" algorithm="SHA-384" />
+ <checksum file="@{file}" unless:set="value.sha512" property="value.sha512" algorithm="SHA-512" />
+ <fail>
+ Checksum check failure for ${name} (@{file}).
+ Algorithm: @{algorithm}
+ Expected value: @{value}
+ Actual values:
+ SHA-512: ${value.sha512}
+ SHA-384: ${value.sha384}
+ SHA-256: ${value.sha256}
+ SHA-1: ${value.sha1}
+ MD5: ${value.md5}
+ </fail>
+ </sequential>
+ <echo level="info" message="Checksum check for ${name}, algorithm @{algorithm}: OK" />
+ </sequential>
+ <echo unless:true="@{enabled}" message="WARNING: Checksum verification is disabled for ${name}"/>
+ </sequential>
+ </macrodef>
+
<target name="downloadgz" unless="exist" depends="testexist,setproxy">
<!-- Download and extract the package -->
<local name="temp.file"/>
<mkdir dir="${base.path}"/>
<tempfile property="temp.file" destdir="${base.path}" prefix="download-"/>
<get src="${sourcefile}" httpusecaches="${trydownload.httpusecaches}" dest="${temp.file}.tar.gz" />
+ <verifyChecksum
+ enabled="${checksum.enabled}"
+ algorithm="${checksum.algorithm}" value="${checksum.value}"
+ file="${temp.file}.tar.gz" name="${sourcefile}" />
+
<gunzip src="${temp.file}.tar.gz" dest="${temp.file}.tar"/>
<untar src="${temp.file}.tar" dest="${base.path}"/>
<delete file="${temp.file}.tar"/>
@@ -2949,6 +3138,12 @@
<param name="sourcefile" value="${sourcefile.2}" />
<param name="destfile" value="${temp.file}.tar.gz" />
</antcall>
+
+ <verifyChecksum
+ enabled="${checksum.enabled}"
+ algorithm="${checksum.algorithm}" value="${checksum.value}"
+ file="${temp.file}.tar.gz" name="${sourcefile.1}" />
+
<gunzip src="${temp.file}.tar.gz" dest="${temp.file}.tar"/>
<untar src="${temp.file}.tar" dest="${base.path}"/>
<delete file="${temp.file}.tar"/>
@@ -2961,6 +3156,11 @@
<mkdir dir="${base.path}"/>
<tempfile property="temp.file" destdir="${base.path}" prefix="download-" suffix=".zip"/>
<get src="${sourcefile}" httpusecaches="${trydownload.httpusecaches}" dest="${temp.file}"/>
+ <verifyChecksum
+ enabled="${checksum.enabled}"
+ algorithm="${checksum.algorithm}" value="${checksum.value}"
+ file="${temp.file}" name="${sourcefile}" />
+
<mkdir dir="${destdir}"/>
<unzip src="${temp.file}" dest="${destdir}"/>
<delete file="${temp.file}"/>
@@ -2979,6 +3179,12 @@
<param name="sourcefile" value="${sourcefile.2}" />
<param name="destfile" value="${temp.file}" />
</antcall>
+
+ <verifyChecksum
+ enabled="${checksum.enabled}"
+ algorithm="${checksum.algorithm}" value="${checksum.value}"
+ file="${temp.file}" name="${sourcefile.1}" />
+
<mkdir dir="${destdir}" />
<unzip src="${temp.file}" dest="${destdir}"/>
<delete file="${temp.file}"/>
@@ -2990,6 +3196,11 @@
<mkdir dir="${base.path}"/>
<tempfile property="temp.file" destdir="${base.path}" prefix="download-" suffix=".tmp"/>
<get src="${sourcefile}" httpusecaches="${trydownload.httpusecaches}" dest="${temp.file}"/>
+ <verifyChecksum
+ enabled="${checksum.enabled}"
+ algorithm="${checksum.algorithm}" value="${checksum.value}"
+ file="${temp.file}" name="${destfile}" />
+
<mkdir dir="${destdir}"/>
<move file="${temp.file}" tofile="${destfile}"/>
</target>
@@ -3013,6 +3224,11 @@
<available file="${temp.file}" property="exist"/>
<fail unless="exist" message="Failed to download [${destfile}]. All download sources are unavailable." />
+ <verifyChecksum
+ enabled="${checksum.enabled}"
+ algorithm="${checksum.algorithm}" value="${checksum.value}"
+ file="${temp.file}" name="${destfile}" />
+
<mkdir dir="${destdir}"/>
<move file="${temp.file}" tofile="${destfile}"/>
</target>
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 9903f04..ca3a9f2 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -264,6 +264,10 @@
Support building with Java 9+ while preserving the Java 7 compatibility
at runtime (requires Ant 1.9.8 or later). (ebourg)
</update>
+ <add>
+ Implement checksum checks when downloading dependencies that are used
+ to build Tomcat. (kkolinko)
+ </add>
</changelog>
</subsection>
</section>
