Repository: kudu Updated Branches: refs/heads/master 8654a2115 -> dfa465265
[build] Switch to sha512 checksum for releases According to the current release distribution guide[1] the checksum file SHOULD be SHA-256 and/or SHA-512 and SHOULD NOT be SHA-1 SHA-512 seemed more future-proof than SHA-256 Another change is the separator between the checksum and the filename. Previously it was a <TAB> character, but at least on MacOS the tab version doesn't work when trying to verify the checksum with `shasum -c <checksum_file>` This commit changes it to double-space which works on both Linux using `sha512sum` and MacOS using `shasum`. Looking at a checksum created by `sha512sum` on Linux, it also uses double-space as the separator, so this seems to be the de-facto standard: $ sha512sum apache-kudu-1.8.0-SNAPSHOT.tar.gz | xxd 0000070: 3065 3132 3666 3463 3664 6332 3065 6338 0e126f4c6dc20ec8 0000080: 2020 6170 6163 6865 2d6b 7564 752d 312e apache-kudu-1. (0x20 is <SPACE>[2]) [1] http://www.apache.org/dev/release-distribution#sigs-and-sums [2] man 7 ascii Change-Id: I7646b4559bf39d2415b32a1dcdd4cd7ecde41531 Reviewed-on: http://gerrit.cloudera.org:8080/11217 Tested-by: Kudu Jenkins Reviewed-by: Grant Henke <[email protected]> Reviewed-by: Todd Lipcon <[email protected]> Project: http://git-wip-us.apache.org/repos/asf/kudu/repo Commit: http://git-wip-us.apache.org/repos/asf/kudu/commit/08637705 Tree: http://git-wip-us.apache.org/repos/asf/kudu/tree/08637705 Diff: http://git-wip-us.apache.org/repos/asf/kudu/diff/08637705 Branch: refs/heads/master Commit: 08637705ae6ad8d3426cb7f8ed016cc1c0fbea46 Parents: 8654a21 Author: Attila Bukor <[email protected]> Authored: Tue Aug 14 21:56:58 2018 +0200 Committer: Todd Lipcon <[email protected]> Committed: Wed Aug 15 18:49:07 2018 +0000 ---------------------------------------------------------------------- build-support/build_source_release.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/kudu/blob/08637705/build-support/build_source_release.py ---------------------------------------------------------------------- diff --git a/build-support/build_source_release.py b/build-support/build_source_release.py index 5ef39b2..5bf6950 100755 --- a/build-support/build_source_release.py +++ b/build-support/build_source_release.py @@ -125,13 +125,13 @@ def gen_sha_file(tarball_path): """ Create a sha checksum file of the tarball. - The output format is compatible with command line tools like 'sha1sum' so it + The output format is compatible with command line tools like 'sha512sum' so it can be used to verify the checksum. """ - digest = checksum_file(hashlib.sha1(), tarball_path) - path = tarball_path + ".sha1" + digest = checksum_file(hashlib.sha512(), tarball_path) + path = tarball_path + ".sha512" with open(path, "w") as f: - f.write("%s\t%s\n" % (digest, os.path.basename(tarball_path))) + f.write("%s %s\n" % (digest, os.path.basename(tarball_path))) print(Colors.GREEN + "Generated sha:\t\t" + Colors.RESET + path)
