[CMake] How URL_MD5 is computed in ExternalProject_Add?
Cedric Doucet
cedric.doucet at inria.fr
Tue May 19 09:39:32 EDT 2015
... And thank you very much for your help Marc! :)
----- Mail original -----
> De: "Cedric Doucet" <cedric.doucet at inria.fr>
> À: "David Cole" <DLRdave at aol.com>
> Cc: cmake at cmake.org
> Envoyé: Mardi 19 Mai 2015 15:38:49
> Objet: Re: [CMake] How URL_MD5 is computed in ExternalProject_Add?
>
>
> Hello David,
>
> I understand exactly what you mean but the misunderstanding comes from your
> sentence:
>
> >> > The point is to double check that it downloaded correctly and as
> >> > expected.
>
> That's NOT why I use the URL_MD5 variable in ExternalProject_Add.
> I use it to avoid downloading again libraries after typing 'make clean'.
>
> So, my feeling is that I shouldn't use the URL_MD5 variable to perform this
> checking.
> Furthermore, I should check other steps (updating, configuration, building,
> installation).
>
> Do you agree with this?
> What is the correct way to do this with CMake?
>
> Cédric
>
>
> ----- Mail original -----
> > De: "David Cole" <DLRdave at aol.com>
> > À: "Marc CHEVRIER" <marc.chevrier at sap.com>
> > Cc: "Cedric Doucet" <cedric.doucet at inria.fr>, cmake at cmake.org
> > Envoyé: Mardi 19 Mai 2015 15:04:58
> > Objet: Re: [CMake] How URL_MD5 is computed in ExternalProject_Add?
> >
> > The point of specifying URL_MD5 in ExternalProject_Add is so that it
> > can check to see if it downloaded the file properly. If you don't tell
> > it what the md5 sum should be, then what good is computing it after
> > downloading it?
> >
> > The point is to double check that it downloaded correctly and as
> > expected. If you don't tell it what to expect, it's impossible. So...
> > you can't download arbitrary content from the internet unless you can
> > also download it's corresponding md5 sum reliably.
> >
> > But... you can't even do that: because if somebody is trying to spoof
> > it and hacks the file on the internet, they can just as easily hack
> > the md5 you'd get from the internet and fool you into using a hacked
> > file.
> >
> > So: it's up to you to verify that a package retrieved from the
> > internet is use-able and un-hacked, and then computes its md5 sum (or
> > even better, SHA-1 sum), and pass it to ExternalProject_Add so it can
> > *fail* if the sum of the downloaded file does not match the expected
> > sum.
> >
> > Does this make sense?
> >
> >
> >
> > On Tue, May 19, 2015 at 7:29 AM, CHEVRIER, Marc <marc.chevrier at sap.com>
> > wrote:
> > >
> > > You can use FILE (MD5 <file> <variable>) command to compute MD5 value.
> > >
> > > From: CMake on behalf of Cedric Doucet
> > > Date: Tuesday 19 May 2015 13:14
> > > To: "cmake at cmake.org"
> > > Subject: Re: [CMake] How URL_MD5 is computed in ExternalProject_Add?
> > >
> > >
> > > I managed to obtain the same MD5 code by running the md5sum command on
> > > the
> > > downloaded file.
> > > However, I would like to write an automatic way of downloading
> > > third-party
> > > libraries.
> > > Is it possible to let CMake compute the MD5 of the downloaded file?
> > >
> > > Cédric
> > >
> > >
> > >
> > > ________________________________
> > >
> > > De: "Cedric Doucet" <cedric.doucet at inria.fr>
> > > À: cmake at cmake.org
> > > Envoyé: Mardi 19 Mai 2015 12:37:03
> > > Objet: [CMake] How URL_MD5 is computed in ExternalProject_Add?
> > >
> > > Hello,
> > >
> > > I use the URL_MD5 variable to avoid downloading more than once a library
> > > with the ExternalProject_Add command.
> > > However, I don't manage to get the same MD5 code as CMake when I try to
> > > get
> > > one with generators available on the internet.
> > >
> > > How could I get the same one for an URL written in the form
> > > http://www.mywebsite.myext/mypath/myfile?
> > > I have already tried the MD5 of the URL and of myfile but I don't get the
> > > same MD5 as CMake.
> > >
> > > Thanks!
> > >
> > > Cédric
> > >
> > > --
> > >
> > > Powered by www.kitware.com
> > >
> > > Please keep messages on-topic and check the CMake FAQ at:
> > > http://www.cmake.org/Wiki/CMake_FAQ
> > >
> > > Kitware offers various services to support the CMake community. For more
> > > information on each offering, please visit:
> > >
> > > CMake Support: http://cmake.org/cmake/help/support.html
> > > CMake Consulting: http://cmake.org/cmake/help/consulting.html
> > > CMake Training Courses: http://cmake.org/cmake/help/training.html
> > >
> > > Visit other Kitware open-source projects at
> > > http://www.kitware.com/opensource/opensource.html
> > >
> > > Follow this link to subscribe/unsubscribe:
> > > http://public.kitware.com/mailman/listinfo/cmake
> > >
> > >
> > >
> > > --
> > >
> > > Powered by www.kitware.com
> > >
> > > Please keep messages on-topic and check the CMake FAQ at:
> > > http://www.cmake.org/Wiki/CMake_FAQ
> > >
> > > Kitware offers various services to support the CMake community. For more
> > > information on each offering, please visit:
> > >
> > > CMake Support: http://cmake.org/cmake/help/support.html
> > > CMake Consulting: http://cmake.org/cmake/help/consulting.html
> > > CMake Training Courses: http://cmake.org/cmake/help/training.html
> > >
> > > Visit other Kitware open-source projects at
> > > http://www.kitware.com/opensource/opensource.html
> > >
> > > Follow this link to subscribe/unsubscribe:
> > > http://public.kitware.com/mailman/listinfo/cmake
> >
> --
>
> Powered by www.kitware.com
>
> Please keep messages on-topic and check the CMake FAQ at:
> http://www.cmake.org/Wiki/CMake_FAQ
>
> Kitware offers various services to support the CMake community. For more
> information on each offering, please visit:
>
> CMake Support: http://cmake.org/cmake/help/support.html
> CMake Consulting: http://cmake.org/cmake/help/consulting.html
> CMake Training Courses: http://cmake.org/cmake/help/training.html
>
> Visit other Kitware open-source projects at
> http://www.kitware.com/opensource/opensource.html
>
> Follow this link to subscribe/unsubscribe:
> http://public.kitware.com/mailman/listinfo/cmake
>
More information about the CMake
mailing list