Hi Bruno, Bruno Haible <[email protected]> writes:
> Collin Funk wrote: >> How is the following text instead? >> >> Verify the SHA256 checksum with either sha256sum, sha256, or >> shasum -a 256. > > Looks good. That's a helpful wording, without going into unnecessary details. > Thanks. Thanks for checking. I pushed the attached patch with that change. Collin
>From 0da738b4e9a145405ee77d8fd1ac243877499579 Mon Sep 17 00:00:00 2001 Message-ID: <0da738b4e9a145405ee77d8fd1ac243877499579.1764035646.git.collin.fu...@gmail.com> From: Collin Funk <[email protected]> Date: Mon, 24 Nov 2025 17:53:15 -0800 Subject: [PATCH v3] announce-gen: replace SHA1 checksums with SHA3-256. * build-aux/announce-gen (usage): Mention that SHA256 and SHA3-256 checksums are used. (digest_file_base64_wrap): Add padding lengths for SHA3. Emit the tagged format expected by cksum. (print_checksums): Use SHA3-256 instead of SHA1. Update instructions for checking SHA3-256 checksums. Add instructions for when --cksum-checksums is not used. --- ChangeLog | 11 +++++++++++ build-aux/announce-gen | 34 +++++++++++++++++++++------------- 2 files changed, 32 insertions(+), 13 deletions(-) diff --git a/ChangeLog b/ChangeLog index 1a05e96148..18e341468c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,14 @@ +2025-11-24 Collin Funk <[email protected]> + + announce-gen: replace SHA1 checksums with SHA3-256. + * build-aux/announce-gen (usage): Mention that SHA256 and SHA3-256 + checksums are used. + (digest_file_base64_wrap): Add padding lengths for SHA3. Emit the tagged + format expected by cksum. + (print_checksums): Use SHA3-256 instead of SHA1. Update instructions for + checking SHA3-256 checksums. Add instructions for when --cksum-checksums + is not used. + 2025-11-23 Bruno Haible <[email protected]> math-h, string-h: Fix C++ compilation errors with GNULIB_POSIXCHECK. diff --git a/build-aux/announce-gen b/build-aux/announce-gen index 8d02f4f5c8..db6ebe84aa 100755 --- a/build-aux/announce-gen +++ b/build-aux/announce-gen @@ -35,7 +35,7 @@ eval 'exec perl -wSx "$0" "$@"' if 0; -my $VERSION = '2025-11-14 18:29'; # UTC +my $VERSION = '2025-11-25 01:53'; # UTC # The definition above must lie within the first 8 lines in order # for the Emacs time-stamp write hook (at end) to update it. # If you change this file with Emacs, please let the write hook @@ -95,9 +95,9 @@ The following are optional: sign the tarballs --gpg-keyring-url=URL URL pointing to keyring containing the key used to sign the tarballs - --no-print-checksums do not emit SHA1 or SHA256 checksums - --cksum-checksums emit SHA256 checksums in a form that requires - cksum from coreutils or OpenBSD + --no-print-checksums do not emit SHA256 or SHA3-256 checksums + --cksum-checksums emit SHA256 and SHA3-256 checksums in a form + that requires cksum from coreutils or OpenBSD --archive-suffix=SUF add SUF to the list of archive suffixes --mail-headers=HEADERS a space-separated list of mail headers, e.g., To: x\@example.com Cc: y-announce\@example.com,... @@ -166,7 +166,7 @@ sub print_locations ($\@\%@) =item C<print_checksums (@file)> -Print the SHA1 and SHA256 signature section for each C<@file>. +Print the SHA256 and SHA3-256 signature section for each C<@file>. =cut @@ -180,15 +180,17 @@ sub digest_file_base64_wrap ($$) my ($file, $alg) = @_; my $h = digest_file_base64($file, $alg); $alg =~ tr{-}{}d; - my %pad = (MD5 => 2, SHA1 => 1, SHA256 => 1, SHA384 => 0, SHA512 => 2); - return $h . '=' x $pad{$alg}; + my %pad = (MD5 => 2, SHA1 => 1, SHA256 => 1, SHA384 => 0, SHA512 => 2, + SHA3256 => 1, SHA3384 => 0, SHA3512 => 2); + (my $alg_tag = $alg) =~ s/^SHA3(\d{3})/SHA3-$1/; + return $alg_tag . " (" . $file . ") = " . $h . '=' x $pad{$alg}; } sub print_checksums ($@) { my ($prefer_cksum, @file) = @_; - print "Here are the SHA1 and SHA256 checksums:\n"; + print "Here are the SHA256 and SHA3-256 checksums:\n"; print "\n"; use Digest::file qw(digest_file_hex digest_file_base64); @@ -197,21 +199,27 @@ sub print_checksums ($@) { foreach my $f (@file) { - print ' ', digest_file_hex ($f, "SHA-1"), " $f\n"; - print ' ', digest_file_base64_wrap ($f, "SHA-256"), " $f\n"; + print ' ', digest_file_base64_wrap ($f, "SHA-256"), "\n"; + print ' ', digest_file_base64_wrap ($f, "SHA3-256"), "\n"; } print "\nVerify the base64 SHA256 checksum with cksum -a sha256 --check\n"; - print "from coreutils-9.2 or OpenBSD's cksum since 2007.\n\n"; + print "from coreutils-9.2 or OpenBSD's cksum since 2007.\n"; + print "\nVerify the base64 SHA3-256 checksum with cksum -a sha3 --check\n"; + print "from coreutils-9.8.\n\n"; } else { foreach my $f (@file) { print " File: $f\n"; - print ' SHA1 sum: ', digest_file_hex ($f, "SHA-1"), "\n"; - print ' SHA256 sum: ', digest_file_hex ($f, "SHA-256"), "\n"; + print ' SHA256 sum: ', digest_file_hex ($f, "SHA-256"), "\n"; + print ' SHA3-256 sum: ', digest_file_hex ($f, "SHA3-256"), "\n"; print "\n"; } + print "Verify the SHA256 checksum with either sha256sum, sha256, or\n"; + print "shasum -a 256.\n"; + print "\nVerify the SHA3-256 checksum with cksum -a sha3 --check\n"; + print "from coreutils-9.8.\n\n"; } } -- 2.52.0
