On 23/02/17 21:08, Andreas Stieger wrote:
After the alpha, the next release should go up with a SHA-2 family digest.
And some cleanup patches, even though this does not currently seem to be part of the release pipeline:
sha-2-dist.patch [[[ * tools/dist/dist.sh: also print SHA-512 ]]] sha-2-checksums-py.patch [[[ * tools/dist/checksums.py: support SHA-512 ]]] sha-2-cleanup.patch [[[ * tools/dist/download-release.sh: remove unused script ]]] Andreas
Index: tools/dist/checksums.py =================================================================== --- tools/dist/checksums.py (revision 1784199) +++ tools/dist/checksums.py (working copy) @@ -19,12 +19,14 @@ # under the License. # # -# Check MD5 and SHA1 signatures of files, using md5sums and/or -# sha1sums as manifests. Replaces the 'md5sum' and 'sha1sum' commands +# Check MD5 and SHA-1 and SHA-2 signatures of files, using +# md5sums, sha1sums, and/or sha512sums as manifests +# Replaces the 'md5sum', 'sha1sum', and 'sha512sums' commands # on systems that do not have them, such as Mac OS X or Windows. # # Usage: checksums.py [manifest] -# where "os.path.basename(manifest)" is either "md5sums" or "sha1sums" +# where "os.path.basename(manifest)" is either "md5sums", "sha1sums", +# "sha512sums" # # Tested with the following Python versions: # 2.4 2.5 2.6 2.7 3.2 @@ -37,6 +39,7 @@ import sys try: from hashlib import md5 from hashlib import sha1 + from hashlib import sha512 except ImportError: from md5 import md5 from sha import sha as sha1 @@ -67,9 +70,11 @@ def main(manipath): sink = Digester(md5) elif manifest == 'sha1sums': sink = Digester(sha1) + elif manifest == 'sha512sums': + sink = Digester(sha512) else: raise ValueError('The name of the digest manifest must be ' - "'md5sums' or 'sha1sums', not '%s'" % manifest) + "'md5sums', 'sha1sums', or 'sha512sums', not '%s'" % manifest) # No 'with' statement in Python 2.4 ... stream = None
Index: tools/dist/dist.sh =================================================================== --- tools/dist/dist.sh (revision 1784199) +++ tools/dist/dist.sh (working copy) @@ -369,9 +369,10 @@ sign_file() fi } -# allow md5sum and sha1sum tool names to be overridden +# allow md5sum, sha1sum, and sha512sum tool names to be overridden [ -n "$MD5SUM" ] || MD5SUM=md5sum [ -n "$SHA1SUM" ] || SHA1SUM=sha1sum +[ -n "$SHA512SUM" ] || SHA512SUM=sha512sum echo "" echo "Done:" @@ -387,6 +388,12 @@ if [ -z "$ZIP" ]; then echo "sha1sums:" $SHA1SUM "$DISTNAME.tar.bz2" "$DISTNAME.tar.gz" fi + type $SHA512SUM > /dev/null 2>&1 + if [ $? -eq 0 ]; then + echo "" + echo "sha512sums:" + $SHA512SUM "$DISTNAME.tar.bz2" "$DISTNAME.tar.gz" + fi else ls -l "$DISTNAME.zip" sign_file $DISTNAME.zip @@ -399,4 +406,10 @@ else echo "sha1sum:" $SHA1SUM "$DISTNAME.zip" fi + type $SHA512SUM > /dev/null 2>&1 + if [ $? -eq 0 ]; then + echo "" + echo "sha512sum:" + $SHA512SUM "$DISTNAME.zip" + fi fi
Index: tools/dist/download-release.sh =================================================================== --- tools/dist/download-release.sh (revision 1784199) +++ tools/dist/download-release.sh (nonexistent) @@ -1,28 +0,0 @@ -#!/bin/bash -# -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# -# -BASEURL=$1 -VERSION=$2 -wget -nc $BASEURL/{{md5,sha1}sums,svn_version.h.dist,subversion{-deps,}-$VERSION.{{zip,tar.bz2}{.asc,},tar.gz.asc}} -bzip2 -dk subversion{-deps,}-$VERSION.tar.bz2 -gzip -9n subversion{-deps,}-$VERSION.tar -md5sum -c md5sums -sha1sum -c sha1sums Property changes on: tools/dist/download-release.sh ___________________________________________________________________ Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:executable ## -1 +0,0 ## -* \ No newline at end of property