I would like to programmatically validate the sha512 checksum of a Kafka binary. First I download the binary and the sha512 sum text file:
curl -fsSL -O \
https://ftp.wayne.edu/apache/kafka/2.7.0/kafka_2.13-2.7.0.tgz
curl -fsSL -O \
https://downloads.apache.org/kafka/2.7.0/kafka_2.13-2.7.0.tgz.sha512
I know by manual inspection that the checksum is ok:
$ cat -ne kafka_2.13-2.7.0.tgz.sha512
1 kafka_2.13-2.7.0.tgz: F3DD1FD8 8766D915 0D3D395B 285BFA75 F5B89A83 58223814$
2 90C8428E 6E568889 054DDB5F ADA1EB63 613A6441 989151BC$
3 7C7D6CDE 16A871C6 674B909C 4EDD4E28$
$ sha512sum kafka_2.13-2.7.0.tgz
f3dd1fd88766d9150d3d395b285bfa75f5b89a835822381490c8428e6e568889054ddb5fada1eb63613a6441989151bc7c7d6cde16a871c6674b909c4edd4e28 kafka_2.13-2.7.0.tgz
But shasum
/sha512sum
don't seem to like the format of the .512
file to do programatic validation (0 exit code on success, 1 on failure).
$ sha512sum --check kafka_2.13-2.7.0.tgz.sha512
sha512sum: kafka_2.13-2.7.0.tgz.sha512: no properly formatted SHA512 checksum lines found
$ echo "$(cat kafka_2.13-2.7.0.tgz.sha512) kafka_2.13-2.7.0.tgz" \
| sha512sum --check
sha512sum: 'standard input': no properly formatted SHA512 checksum lines found
What do I have wrong here? Is kafka_2.13-2.7.0.tgz.sha512 in an unconventional format or am I missing a command line flag?
Seems like kafka is using gpg --print-md sha512
https://github.com/apache/kafka/blob/trunk/release.py#L616
Verification is done by diff
then
$ gpg --print-md SHA512 kafka_2.13-2.7.0.tgz | diff - kafka_2.13-2.7.0.tgz.sha512