Class SummaryFileTrustedChecksumsSource

All Implemented Interfaces:

@Singleton @Named("summaryFile") public final class SummaryFileTrustedChecksumsSource extends Object
Compact file FileTrustedChecksumsSourceSupport implementation that use specified directory as base directory, where it expects a "summary" file named as "checksums.${checksumExt}" for each checksum algorithm. File format is GNU Coreutils compatible: each line holds checksum followed by two spaces and artifact relative path (from local repository root, without leading "./"). This means that trusted checksums summary file can be used to validate artifacts or generate it using standard GNU tools like GNU sha1sum is (for BSD derivatives same file can be used with -r switch).

The format supports comments "#" (hash) and empty lines for easier structuring the file content, and both are ignored. Also, their presence makes the summary file incompatible with GNU Coreutils format. On save of the summary file, the comments and empty lines are lost, and file is sorted by path names for easier diffing (2nd column in file).

The source by default is "origin aware", and it will factor in origin repository ID as well into summary file name, for example "checksums-central.sha256".

Example commands for managing summary file (in examples will use repository ID "central"):

  • To create summary file: find * -not -name "checksums-central.sha256" -type f -print0 | xargs -0 sha256sum | sort -k 2 > checksums-central.sha256
  • To verify artifacts using summary file: sha256sum --quiet -c checksums-central.sha256

The checksums summary file is lazily loaded and remains cached during lifetime of the component, so file changes during lifecycle of the component are not picked up. This implementation can be simultaneously used to lookup and also record checksums. The recorded checksums will become visible for every session, and will be flushed at repository system shutdown, merged with existing ones on disk.

The name of this implementation is "summaryFile".

See Also: