com.eldrix.trud.impl.check
Check provides support for validating downloaded TRUD files.
There are four mechanisms for checking the integrity of downloaded files.
- SHA256 hash provided in release metadata
- Checksum file containing a hash (legacy; using FCIV)
- Signature file (GPG)
- The use of https to download the files.
It appears as if the legacy checksums are generated using a Windows command line tool called FCIV (https://docs.microsoft.com/en-us/troubleshoot/windows-server/windows-security/fciv-availability-and-description).
<?XML version="1.0" encoding="utf-8"?>
<FCIV> <FILE_ENTRY> <name>ntdll.dll</name> <MD5>bL/ZGbqnyeA8hHGuTY+LsA==</MD5> </FILE_ENTRY> </FCIV>
It appears that FCIV generates only MD5 and SHA1 hashes.
TRUD has been updated (see https://isd.digital.nhs.uk/trud/users/guest/filters/0/releases-help/sha256) and now recommends using the SHA256 hash provided in the release metadata, and so we can now avoid using the FCIV based hash system entirely in favour of simply checking the SHA256 hash.
Check provides support for validating downloaded TRUD files.
There are four mechanisms for checking the integrity of downloaded files.
1. SHA256 hash provided in release metadata
2. Checksum file containing a hash (legacy; using FCIV)
3. Signature file (GPG)
4. The use of https to download the files.
It appears as if the legacy checksums are generated using a Windows command
line tool called FCIV (https://docs.microsoft.com/en-us/troubleshoot/windows-server/windows-security/fciv-availability-and-description).
<?XML version="1.0" encoding="utf-8"?>
<FCIV>
<FILE_ENTRY>
<name>ntdll.dll</name> <MD5>bL/ZGbqnyeA8hHGuTY+LsA==</MD5>
</FILE_ENTRY>
</FCIV>
It appears that FCIV generates only MD5 and SHA1 hashes.
TRUD has been updated (see https://isd.digital.nhs.uk/trud/users/guest/filters/0/releases-help/sha256)
and now recommends using the SHA256 hash provided in the release metadata,
and so we can now avoid using the FCIV based hash system entirely in favour
of simply checking the SHA256 hash.check-integrityclj
(check-integrity {:keys [archiveFileSha256 archiveFileSizeBytes] :as _release}
downloaded-file)Checks integrity of a downloaded release file. Parameters:
- release - release metadata
- downloaded-file - anything coercible using [[clojure.java.io/as-file]]. Returns a map containing :status - :valid, :invalid, or :not-checked if checksum could not be checked. :reason - a keyword if invalid (e.g. :size, :digest, :not-found) :message - human-readable message
Checks integrity of a downloaded release file. Parameters: - release - release metadata - downloaded-file - anything coercible using [[clojure.java.io/as-file]]. Returns a map containing :status - :valid, :invalid, or :not-checked if checksum could not be checked. :reason - a keyword if invalid (e.g. :size, :digest, :not-found) :message - human-readable message
sha256sumclj
(sha256sum f)Return the SHA256 message digest for a file. Returns a string encoding the digest as hexadecimal. Equivalent to the command-line 'sha256sum' on BSD/Linux systems.
Return the SHA256 message digest for a file. Returns a string encoding the digest as hexadecimal. Equivalent to the command-line 'sha256sum' on BSD/Linux systems.
cljdoc is a website building & hosting documentation for Clojure/Script libraries
× close