Meh, there's no hard requirement to have the filename in the hash file. Not a biggie. I'm writing tooling to help people vet hashes and signatures which is why I was interested. Thanks!
Regards, Alan On Jun 23, 2014, at 12:53 AM, Leonidas Fegaras <[email protected]> wrote: > Hi Alan, > The hashes were created based on the directions at > http://www.apache.org/dev/release-signing.html#md5 > There was a discussion about this when we submitted our first release on the > incubator list and we decided to include the file names along with the hashes > (see http://markmail.org/message/t3caj6um22ni3wo2 ) > > I used the following shell script to verify the signatures (which were > generated by 'mvn release:perform') and to generate the hashes: > > for f in *.tar.gz *.zip; do \ > gpg --verify $f.asc $f; \ > gpg --print-md SHA1 $f > $f.sha1; \ > gpg --print-md MD5 $f > $f.md5; \ > done > > Best regards, > Leonidas > > On 06/23/2014 08:43 AM, Alan Cabrera wrote: >> >> On Jun 15, 2014, at 10:08 PM, Leonidas Fegaras <[email protected]> wrote: >> >>> The release tarballs, including signatures, digests, etc can be found at: >>> https://dist.apache.org/repos/dist/dev/incubator/mrql/0.9.2-incubating-RC2/ >> >> I was wondering how the hashes were created by the files in this directory. >> They seem to have the file names as well as the hash in the corresponding >> hash files as opposed to simply the hash. >> >> Just curious. >> >> >> Regards, >> Alan >> >> . >
