This is an automated email from the ASF dual-hosted git repository.
srowen pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/spark.git
The following commit(s) were added to refs/heads/master by this push:
new 3e783375097 [SPARK-39240][INFRA][BUILD] Source and binary releases
using different tool to generate hashes for integrity
3e783375097 is described below
commit 3e783375097d14f1c28eb9b0e08075f1f8daa4a2
Author: Kent Yao <[email protected]>
AuthorDate: Fri May 20 10:54:53 2022 -0500
[SPARK-39240][INFRA][BUILD] Source and binary releases using different tool
to generate hashes for integrity
### What changes were proposed in this pull request?
unify the hash generator for release files.
### Why are the changes needed?
Currently, we use `shasum` for source but `gpg` for binary, since
https://github.com/apache/spark/pull/30123
this confuses me when validating the integrities of spark 3.3.0 RC
https://dist.apache.org/repos/dist/dev/spark/v3.3.0-rc2-bin/
### Does this PR introduce _any_ user-facing change?
no
### How was this patch tested?
test script manually
Closes #36619 from yaooqinn/SPARK-39240.
Authored-by: Kent Yao <[email protected]>
Signed-off-by: Sean Owen <[email protected]>
---
dev/create-release/release-build.sh | 12 +++---------
1 file changed, 3 insertions(+), 9 deletions(-)
diff --git a/dev/create-release/release-build.sh
b/dev/create-release/release-build.sh
index a65d02289c0..78fd06ba2be 100755
--- a/dev/create-release/release-build.sh
+++ b/dev/create-release/release-build.sh
@@ -283,9 +283,7 @@ if [[ "$1" == "package" ]]; then
echo $GPG_PASSPHRASE | $GPG --passphrase-fd 0 --armour \
--output $R_DIST_NAME.asc \
--detach-sig $R_DIST_NAME
- echo $GPG_PASSPHRASE | $GPG --passphrase-fd 0 --print-md \
- SHA512 $R_DIST_NAME > \
- $R_DIST_NAME.sha512
+ shasum -a 512 $R_DIST_NAME > $R_DIST_NAME.sha512
fi
if [[ -n $PIP_FLAG ]]; then
@@ -296,9 +294,7 @@ if [[ "$1" == "package" ]]; then
echo $GPG_PASSPHRASE | $GPG --passphrase-fd 0 --armour \
--output $PYTHON_DIST_NAME.asc \
--detach-sig $PYTHON_DIST_NAME
- echo $GPG_PASSPHRASE | $GPG --passphrase-fd 0 --print-md \
- SHA512 $PYTHON_DIST_NAME > \
- $PYTHON_DIST_NAME.sha512
+ shasum -a 512 $PYTHON_DIST_NAME > $PYTHON_DIST_NAME.sha512
fi
echo "Copying and signing regular binary distribution"
@@ -306,9 +302,7 @@ if [[ "$1" == "package" ]]; then
echo $GPG_PASSPHRASE | $GPG --passphrase-fd 0 --armour \
--output spark-$SPARK_VERSION-bin-$NAME.tgz.asc \
--detach-sig spark-$SPARK_VERSION-bin-$NAME.tgz
- echo $GPG_PASSPHRASE | $GPG --passphrase-fd 0 --print-md \
- SHA512 spark-$SPARK_VERSION-bin-$NAME.tgz > \
- spark-$SPARK_VERSION-bin-$NAME.tgz.sha512
+ shasum -a 512 spark-$SPARK_VERSION-bin-$NAME.tgz >
spark-$SPARK_VERSION-bin-$NAME.tgz.sha512
}
# List of binary packages built. Populates two associative arrays, where the
key is the "name" of
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
