[CMake] How URL_MD5 is computed in ExternalProject_Add?
David Cole
DLRdave at aol.com
Tue May 19 09:04:58 EDT 2015
The point of specifying URL_MD5 in ExternalProject_Add is so that it
can check to see if it downloaded the file properly. If you don't tell
it what the md5 sum should be, then what good is computing it after
downloading it?
The point is to double check that it downloaded correctly and as
expected. If you don't tell it what to expect, it's impossible. So...
you can't download arbitrary content from the internet unless you can
also download it's corresponding md5 sum reliably.
But... you can't even do that: because if somebody is trying to spoof
it and hacks the file on the internet, they can just as easily hack
the md5 you'd get from the internet and fool you into using a hacked
file.
So: it's up to you to verify that a package retrieved from the
internet is use-able and un-hacked, and then computes its md5 sum (or
even better, SHA-1 sum), and pass it to ExternalProject_Add so it can
*fail* if the sum of the downloaded file does not match the expected
sum.
Does this make sense?
On Tue, May 19, 2015 at 7:29 AM, CHEVRIER, Marc <marc.chevrier at sap.com> wrote:
>
> You can use FILE (MD5 <file> <variable>) command to compute MD5 value.
>
> From: CMake on behalf of Cedric Doucet
> Date: Tuesday 19 May 2015 13:14
> To: "cmake at cmake.org"
> Subject: Re: [CMake] How URL_MD5 is computed in ExternalProject_Add?
>
>
> I managed to obtain the same MD5 code by running the md5sum command on the
> downloaded file.
> However, I would like to write an automatic way of downloading third-party
> libraries.
> Is it possible to let CMake compute the MD5 of the downloaded file?
>
> Cédric
>
>
>
> ________________________________
>
> De: "Cedric Doucet" <cedric.doucet at inria.fr>
> À: cmake at cmake.org
> Envoyé: Mardi 19 Mai 2015 12:37:03
> Objet: [CMake] How URL_MD5 is computed in ExternalProject_Add?
>
> Hello,
>
> I use the URL_MD5 variable to avoid downloading more than once a library
> with the ExternalProject_Add command.
> However, I don't manage to get the same MD5 code as CMake when I try to get
> one with generators available on the internet.
>
> How could I get the same one for an URL written in the form
> http://www.mywebsite.myext/mypath/myfile?
> I have already tried the MD5 of the URL and of myfile but I don't get the
> same MD5 as CMake.
>
> Thanks!
>
> Cédric
>
> --
>
> Powered by www.kitware.com
>
> Please keep messages on-topic and check the CMake FAQ at:
> http://www.cmake.org/Wiki/CMake_FAQ
>
> Kitware offers various services to support the CMake community. For more
> information on each offering, please visit:
>
> CMake Support: http://cmake.org/cmake/help/support.html
> CMake Consulting: http://cmake.org/cmake/help/consulting.html
> CMake Training Courses: http://cmake.org/cmake/help/training.html
>
> Visit other Kitware open-source projects at
> http://www.kitware.com/opensource/opensource.html
>
> Follow this link to subscribe/unsubscribe:
> http://public.kitware.com/mailman/listinfo/cmake
>
>
>
> --
>
> Powered by www.kitware.com
>
> Please keep messages on-topic and check the CMake FAQ at:
> http://www.cmake.org/Wiki/CMake_FAQ
>
> Kitware offers various services to support the CMake community. For more
> information on each offering, please visit:
>
> CMake Support: http://cmake.org/cmake/help/support.html
> CMake Consulting: http://cmake.org/cmake/help/consulting.html
> CMake Training Courses: http://cmake.org/cmake/help/training.html
>
> Visit other Kitware open-source projects at
> http://www.kitware.com/opensource/opensource.html
>
> Follow this link to subscribe/unsubscribe:
> http://public.kitware.com/mailman/listinfo/cmake
More information about the CMake
mailing list