[
https://issues.apache.org/jira/browse/CASSANDRA-14970?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16737808#comment-16737808
]
Michael Shuler edited comment on CASSANDRA-14970 at 1/9/19 3:28 AM:
--------------------------------------------------------------------
Our current release process uploads/signs/checksums the tar.gz and maven
artifacts to nexus, then we vote. After vote, we download the tar.gz/.md5/.sha1
files for final release and promote the staging repo to release. Since the MD5
and SHA files are there in build.xml, I thought the patch for creating the
.sha256/.sha512 checksums in the 'release' target were used for release build.
They are not. I gave another try at uploading the .sha256/.sha512 files, but
realized we never build them due to the target dependencies, so looked a little
more.
I created ant target graphs for 2.1 and trunk to get an idea of the target
relations. The release task I patched isn't depended on by anything, and
currently is completely unused in our release process.
build_cassandra-2.1.png
build_trunk.png
(edit: removed no-thumb images - they are attached..)
was (Author: mshuler):
Our current release process uploads/signs/checksums the tar.gz and maven
artifacts to nexus, then we vote. After vote, we download the tar.gz/.md5/.sha1
files for final release and promote the staging repo to release. Since the MD5
and SHA files are there in build.xml, I thought the patch for creating the
.sha256/.sha512 checksums in the 'release' target were used for release build.
They are not. I gave another try at uploading the .sha256/.sha512 files, but
realized we never build them due to the target dependencies, so looked a little
more.
I created ant target graphs for 2.1 and trunk to get an idea of the target
relations. The release task I patched isn't depended on by anything, and
currently is completely unused in our release process.
!build_cassandra-2.1.png!
!build_trunk.png!
> New releases must supply SHA-256 and/or SHA-512 checksums
> ---------------------------------------------------------
>
> Key: CASSANDRA-14970
> URL: https://issues.apache.org/jira/browse/CASSANDRA-14970
> Project: Cassandra
> Issue Type: Bug
> Components: Packaging
> Reporter: Michael Shuler
> Assignee: Michael Shuler
> Priority: Blocker
> Fix For: 2.1.21, 2.2.14, 3.0.18, 3.11.4, 4.0
>
> Attachments:
> 0001-Update-downloads-for-sha256-sha512-checksum-files.patch,
> 0001-Update-release-checksum-algorithms-to-SHA-256-SHA-512.patch,
> ant-publish-checksum-fail.jpg, build_cassandra-2.1.png, build_trunk.png
>
>
> Release policy was updated around 9/2018 to state:
> "For new releases, PMCs MUST supply SHA-256 and/or SHA-512; and SHOULD NOT
> supply MD5 or SHA-1. Existing releases do not need to be changed."
> build.xml needs to be updated from MD5 & SHA-1 to, at least, SHA-256 or both.
> cassandra-builds/cassandra-release scripts need to be updated to work with
> the new checksum files.
> http://www.apache.org/dev/release-distribution#sigs-and-sums
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
