Re: [PATCH] use SHA-2 family hash for releases

Thu, 23 Feb 2017 12:13:47 -0800 

On 23/02/17 21:08, Andreas Stieger wrote:
After the alpha, the next release should go up with a SHA-2 family digest. 


And some cleanup patches, even though this does not currently seem to be 
part of the release pipeline:


sha-2-dist.patch
[[[
* tools/dist/dist.sh: also print SHA-512
]]]

sha-2-checksums-py.patch
[[[
* tools/dist/checksums.py: support SHA-512
]]]

sha-2-cleanup.patch
[[[
* tools/dist/download-release.sh: remove unused script
]]]

Andreas

Index: tools/dist/checksums.py
===================================================================
--- tools/dist/checksums.py	(revision 1784199)
+++ tools/dist/checksums.py	(working copy)
@@ -19,12 +19,14 @@
 # under the License.
 #
 #
-# Check MD5 and SHA1 signatures of files, using md5sums and/or
-# sha1sums as manifests.  Replaces the 'md5sum' and 'sha1sum' commands
+# Check MD5 and SHA-1 and SHA-2 signatures of files, using 
+# md5sums, sha1sums, and/or sha512sums as manifests
+# Replaces the 'md5sum', 'sha1sum', and 'sha512sums' commands
 # on systems that do not have them, such as Mac OS X or Windows.
 #
 # Usage: checksums.py [manifest]
-#   where "os.path.basename(manifest)" is either "md5sums" or "sha1sums"
+#   where "os.path.basename(manifest)" is either "md5sums", "sha1sums",
+#   "sha512sums"
 #
 # Tested with the following Python versions:
 #        2.4   2.5   2.6   2.7   3.2
@@ -37,6 +39,7 @@ import sys
 try:
     from hashlib import md5
     from hashlib import sha1
+    from hashlib import sha512
 except ImportError:
     from md5 import md5
     from sha import sha as sha1
@@ -67,9 +70,11 @@ def main(manipath):
         sink = Digester(md5)
     elif manifest == 'sha1sums':
         sink = Digester(sha1)
+    elif manifest == 'sha512sums':
+        sink = Digester(sha512)
     else:
         raise ValueError('The name of the digest manifest must be '
-                         "'md5sums' or 'sha1sums', not '%s'" % manifest)
+                         "'md5sums', 'sha1sums', or 'sha512sums', not '%s'" % manifest)
 
     # No 'with' statement in Python 2.4 ...
     stream = None

Index: tools/dist/dist.sh
===================================================================
--- tools/dist/dist.sh	(revision 1784199)
+++ tools/dist/dist.sh	(working copy)
@@ -369,9 +369,10 @@ sign_file()
   fi
 }
 
-# allow md5sum and sha1sum tool names to be overridden
+# allow md5sum, sha1sum, and sha512sum tool names to be overridden
 [ -n "$MD5SUM" ] || MD5SUM=md5sum
 [ -n "$SHA1SUM" ] || SHA1SUM=sha1sum
+[ -n "$SHA512SUM" ] || SHA512SUM=sha512sum
 
 echo ""
 echo "Done:"
@@ -387,6 +388,12 @@ if [ -z "$ZIP" ]; then
     echo "sha1sums:"
     $SHA1SUM "$DISTNAME.tar.bz2" "$DISTNAME.tar.gz"
   fi
+  type $SHA512SUM > /dev/null 2>&1
+  if [ $? -eq 0 ]; then
+    echo ""
+    echo "sha512sums:"
+    $SHA512SUM "$DISTNAME.tar.bz2" "$DISTNAME.tar.gz"
+  fi
 else
   ls -l "$DISTNAME.zip"
   sign_file $DISTNAME.zip
@@ -399,4 +406,10 @@ else
     echo "sha1sum:"
     $SHA1SUM "$DISTNAME.zip"
   fi
+  type $SHA512SUM > /dev/null 2>&1
+  if [ $? -eq 0 ]; then
+    echo ""
+    echo "sha512sum:"
+    $SHA512SUM "$DISTNAME.zip"
+  fi
 fi

Index: tools/dist/download-release.sh
===================================================================
--- tools/dist/download-release.sh	(revision 1784199)
+++ tools/dist/download-release.sh	(nonexistent)
@@ -1,28 +0,0 @@
-#!/bin/bash
-#
-#
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements.  See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership.  The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License.  You may obtain a copy of the License at
-#
-#   http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied.  See the License for the
-# specific language governing permissions and limitations
-# under the License.
-#
-#
-BASEURL=$1
-VERSION=$2
-wget -nc $BASEURL/{{md5,sha1}sums,svn_version.h.dist,subversion{-deps,}-$VERSION.{{zip,tar.bz2}{.asc,},tar.gz.asc}}
-bzip2 -dk subversion{-deps,}-$VERSION.tar.bz2
-gzip -9n subversion{-deps,}-$VERSION.tar
-md5sum -c md5sums
-sha1sum -c sha1sums

Property changes on: tools/dist/download-release.sh
___________________________________________________________________
Deleted: svn:eol-style
## -1 +0,0 ##
-native
\ No newline at end of property
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property






















					Reply via email to