< Zurück | Inhalt | Weiter >

9.3.1 Installing a Binary Tarball

Binary distributions of ant are available in .zip, .tar.gz, and .tar.bz2

formats. Utilities are available for all of these formats for Linux, although you


2. Not so little anymore. As of this writing, the head of the CVS tree for ant weighs in at just shy of 48MB, and there are 5,239 files in there! These totals include a lot of project documen- tation, but even considering only the src subdirectory, we are still looking at 18MB and 1,687 files. It is probably incorrect to call ant a “little thing” these days.

3. http://ant.apache.org/

will find that generally .zip files are intended for Windows machines and

.tar.gz and .tar.bz2 for UNIX systems. The .gz format is decompressed with the gzip utility and .bz2 files with the bzip2 utility. The bzip2 compres- sion algorithm produces better compression, while gzip is “more common.” If you have a modern Linux distribution, you almost certainly have both installed already.

Once you have the archive file downloaded, you should download one of the files linked next to it. These are cryptographic hashes of the legitimate archive file so you may be (more) assured that the software is the software you think it is. The first, PGP, is an actual digital signature. If you are already famil- iar with PGP or GnuPG and are comfortable with them, then by all means use this. It is, as you know, a superior form of validation compared to MD5. But explaining how to use digital signatures and GPG keys is beyond our scope here. As for MD5, however, this is fairly easy.

An MD5 hash is a 128-bit value generated in such a way that it is impos- sible for two different files of the same length to have the same hash value (ac- tually, the term used in the literature is “computationally unfeasible,” but for our purposes that is the same thing). If you run the program md5sum with the tarball file as an argument and you get the same number as the one you down- loaded, you may be certain that the file you have is an exact match with the one that was used to produce the number you downloaded from the Web page. Remember that this is all that is proved by this. If both the file server and the Web page have been compromised, then the fact of a match doesn’t mean much. A mismatch however proves that one of the two has been compromised and you probably shouldn’t use the tarball.

You should get in the habit of verifying checksums and digital signatures where they are supported.

If you are still worried about the dual compromise, well, that’s where a PGP digital signature can help. It not only proves the integrity of the data; it also proves the identity of the generator. Learn more about PGP (actually, the Free Software version of it, called GnuPG, at the GnuPG Web site.4

Once you have downloaded both the md5 file and the tarball, validate and extract the tarball (Example 9.1).

Note that we did this in a regular user’s home directory. If you just wish to use ant yourself, then this is the way to go. If you wish to make ant available


4. http://www.gnupg.org/


Example 9.1 Validating and extracting the ant tarball

$ cat jakarta-ant-1.5.1-bin.tar.gz.md5 2be27d9e09011bf1cc3d1967ee34f7d1

$ md5sum jakarta-ant-1.5.1-bin.tar.gz 2be27d9e09011bf1cc3d1967ee34f7d1 jakarta-ant-1.5.1-bin.tar.gz

$ zcat jakarta-ant-1.5.1-bin.tar.gz | tar xf -

$ cd jakarta-ant-1.5.1

$ ls


welcome.php WHATSNEW



to multiple (or all) users on the system, you will want to untar as root and move the resulting directories to locations convenient to other users, such as


Whether for one user or for many, there is a handful of remaining tasks to make ant usable. Environment Variables

The JAVA_HOME environment variable should already be set as a result of setting up your JDK. JAVA_HOME should point at the base of your JDK installation.

The ANT_HOME environment variable should be set to point at the untar- ed installation of ant. In our sample here, it would be ~/jakarta-ant-1.5.1.

Make sure that the bin directory of the ant installation is added to your PATH.