AdamtheKiwi has asked for the wisdom of the Perl Monks concerning the following question:

Hi Perl Monks!

I've written a small perl script (which will run on Windows most of the time) to calculate the latest version in a Nexus repository (given some information about group id, artefact name and type) and download the artefact. I decided to put in a little belt-and-braces and check the SHA1 value on the remote site against the calculated SHA1 of the downloaded file.

Here's the rub: my perl-calculated value (using Digest::SHA1) is different from both the SHA1 on the remote site, and that calculated on the downloaded file using FCIV.

My subs for calculating and downloading SHA1 values:

sub computeSHA1 () {
    # Passed a file path, opens the file and calculates the SHA1 value
    my $srcfile = shift;
    print "DEBUG: computeSHA1: arrived\n" if ($debug);
    my $sha1post = Digest::SHA1->new;
    open my $filehandle, $srcfile or &usage("computeSHA: Failed to ope
+n " . $srcfile . ": " . $!, 2);
    $sha1post->addfile($filehandle);
    print "DEBUG: downloadSHA1: Calculating SHA1 for $srcfile\n" if ($
+debug);
    close $filehandle;
    return $sha1post->hexdigest;
}

sub downloadSHA1 () {
    # Passed a URL for a file, looks for the SHA1 file and returns the
+ value
    my $url = shift;
    print "DEBUG: downloadSHA1: arrived\n" if ($debug);
    my $SHAurl = $url . ".sha1";
    my $browser = LWP::UserAgent->new;
    # Get the SHA1 value from $SHAurl
    my $SHAcall = $browser->get($SHAurl);
    print "DEBUG: downloadSHA1: Getting SHA1 from $SHAurl\n" if ($debu
+g);
    &usage("downloadSHA1: Could not fetch SHA1 at " . $SHAurl, 5) unle
+ss $SHAcall->is_success;
     return $SHAcall->content;
}

[download]

Here's the command-line testing (the subroutine above returns the same value as the perl call below - the Nexus server stores the same value as the FCIV call below):

C:\TaskServer>c:\software\fciv\fciv -sha1 gbmiportal-4.0.0.791577-SNAP
+SHOT.ear
//
// File Checksum Integrity Verifier version 2.05.
//
0ad3530689d273b472d4b20835476b756c6361af gbmiportal-4.0.0.791577-snaps
+hot.ear

C:\TaskServer>perl -MDigest::SHA1=sha1_hex -le "print sha1_hex <>" gbm
+iportal-4.0.0.791577-SNAPSHOT.ear
8d829b7cdf254f01b1e217f3dfd28c2539891f8f

[download]

Thanks in advance for your assistance! I'm probably doing something really dumb... Adam...

Replies are listed 'Best First'.
Re: SHA1 calculations using Digest::SHA1 do not agree
by NetWallah (Canon) on Nov 17, 2015 at 18:33 UTC
    By default, the hexdigest will read the file in "OS Compatible" mode (as opposed to "portable" mode). This is made clear in the "--help" option of the "shasum" command, which is packaged with Digest::SHA1.

    In my tests on Windows7, the shasum command with the "-p" option produced the same results as the default call to the hexdigest() method.

    The "fciv" command, apparently reads the file in "binary" mode, which is also the default for the "shasum" command.

    In order to be compatible, you will need to add "binmode $filehandle;" prior to the addfile() call, as Corion(++) has independently suggested above. I have tested this, and it works.

            “The sources of quotes found on the internet are not always reliable.” — Abraham Lincoln.3; cf.

[reply]
Re: SHA1 calculations using Digest::SHA1 do not agree
by Corion (Patriarch) on Nov 17, 2015 at 17:39 UTC
[reply]

Back to Seekers of Perl Wisdom