[jira] [Commented] (HBASE-15630) Improve checksum files for releases for easier verification

[Christopher Tubbs (JIRA)]

    [ 
https://issues.apache.org/jira/browse/HBASE-15630?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15239762#comment-15239762
 ] 

Christopher Tubbs commented on HBASE-15630:
-------------------------------------------

Which maven plugin generates this file in this format? I've not seen this 
anywhere else using the Apache parent POM (MPOM).

> Improve checksum files for releases for easier verification
> -----------------------------------------------------------
>
>                 Key: HBASE-15630
>                 URL: https://issues.apache.org/jira/browse/HBASE-15630
>             Project: HBase
>          Issue Type: Wish
>    Affects Versions: 1.2.1
>            Reporter: Christopher Tubbs
>            Assignee: Elliott Clark
>            Priority: Trivial
>
> Trying to verify latest release (1.2.1), and I found it a bit inconvenient to 
> parse the *.mds checksum file. The line wrapping, white space, and the 
> general format of the file does not lend itself for easy verification.
> I suggest using the standard "coreutils" format for md5sum, sha*sum, etc., 
> instead: <lowercase-hash><space><asterisk(binary-flag)><filename>
> {code}
> # md5
> 3d66c0dd4f38fa881046fe64dd680a7a *hbase-1.2.1-src.tar.gz
> # sha1
> 3666a4829d9a8d9285173bfa8e8d0ff5423a22d6 *hbase-1.2.1-src.tar.gz
> # rmd160
> #fb318e84b6256492cfb990aec2238a64c2da21ad *hbase-1.2.1-src.tar.gz
> # sha224
> 89d341a55069e4875f9e6859737062fd7a4c11596811731c4ba95ca0 
> *hbase-1.2.1-src.tar.gz
> # sha256
> e8000a65e98d4c5db7bab54da99a57209fe4ea777ab41e91ae8ccf7bfa2d50dd 
> *hbase-1.2.1-src.tar.gz
> # sha384
> 49aa0620bf0fbe20bbde66cecabb76b22defb9ee609936edc3952889e6484e55c88f1c93d6258a2eaab4a9d5188b6170
>  *hbase-1.2.1-src.tar.gz
> # sha512
> 28956a35a01ae87e9f733664c52c6fd25f9a60a1ff7047bbf306cd433c2a5b863c9bf05aba1d58792b86eec9943ae00e772c4b76fb81c5d210cf256cd074189b
>  *hbase-1.2.1-src.tar.gz
> {code}
> (comment lines added for humans, but ignored by tools; commented out rmd160, 
> because not a coreutils supported algorithm; binary flag optional, could use 
> another space instead... probably only matters for some dos tools)
> This makes it very easy to verify multiple files and hashes using: {{shasum 
> -c file.mds}} or {{sha1sum -c file.mds}} or {{md5sum -c file.mds}}.
> In addition to the file format change, I suggest these two additional changes:
> 1. Drop rmd160. It's not nearly as popular as the others, and it doesn't lend 
> itself to easy verification (no coreutils equivalent command like md5sum, 
> sha1sum, etc.)
> 2. Concatenate hashes from all files into a single file. This makes it easier 
> to verify all downloads at once.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)