From 43dc1c504b305a8e5156e94686c333a1c4da2ea1 Mon Sep 17 00:00:00 2001
From: Michael Bien <mbien42@gmail.com>
Date: Tue, 2 Sep 2025 22:13:33 +0200
Subject: [PATCH] Print computed checksum on validation failure

simplifies the upgrade process a little bit
---
 maven-wrapper-distribution/src/resources/only-mvnw | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/maven-wrapper-distribution/src/resources/only-mvnw b/maven-wrapper-distribution/src/resources/only-mvnw
index 93373137..2e5435c6 100755
--- a/maven-wrapper-distribution/src/resources/only-mvnw
+++ b/maven-wrapper-distribution/src/resources/only-mvnw
@@ -225,6 +225,7 @@ fi
 # If specified, validate the SHA-256 sum of the Maven distribution zip file
 if [ -n "${distributionSha256Sum-}" ]; then
   distributionSha256Result=false
+  computedSha256Sum=""
   if [ "$MVN_CMD" = mvnd.sh ]; then
     echo "Checksum validation is not supported for maven-mvnd." >&2
     echo "Please disable validation by removing 'distributionSha256Sum' from your maven-wrapper.properties." >&2
@@ -232,10 +233,14 @@ if [ -n "${distributionSha256Sum-}" ]; then
   elif command -v sha256sum >/dev/null; then
     if echo "$distributionSha256Sum  $TMP_DOWNLOAD_DIR/$distributionUrlName" | sha256sum -c - >/dev/null 2>&1; then
       distributionSha256Result=true
+    else
+      computedSha256Sum=$(sha256sum "$TMP_DOWNLOAD_DIR/$distributionUrlName" | cut -b -64)
     fi
   elif command -v shasum >/dev/null; then
     if echo "$distributionSha256Sum  $TMP_DOWNLOAD_DIR/$distributionUrlName" | shasum -a 256 -c >/dev/null 2>&1; then
       distributionSha256Result=true
+    else
+      computedSha256Sum=$(shasum "$TMP_DOWNLOAD_DIR/$distributionUrlName" | cut -b -64)
     fi
   else
     echo "Checksum validation was requested but neither 'sha256sum' or 'shasum' are available." >&2
@@ -245,6 +250,8 @@ if [ -n "${distributionSha256Sum-}" ]; then
   if [ $distributionSha256Result = false ]; then
     echo "Error: Failed to validate Maven distribution SHA-256, your Maven distribution might be compromised." >&2
     echo "If you updated your Maven version, you need to update the specified distributionSha256Sum property." >&2
+    echo "expected: $distributionSha256Sum" >&2
+    echo "received: $computedSha256Sum" >&2
     exit 1
   fi
 fi