TINKERPOP-1912 Removed MD5 checksums from release

Project: http://git-wip-us.apache.org/repos/asf/tinkerpop/repo
Commit: http://git-wip-us.apache.org/repos/asf/tinkerpop/commit/bf1e242e
Tree: http://git-wip-us.apache.org/repos/asf/tinkerpop/tree/bf1e242e
Diff: http://git-wip-us.apache.org/repos/asf/tinkerpop/diff/bf1e242e

Branch: refs/heads/TINKERPOP-1912-tp33
Commit: bf1e242eebfb4d16f3d50ac181698b7b57ee0635
Parents: cf6f974
Author: Daniel Kuppitz <daniel_kupp...@hotmail.com>
Authored: Tue Apr 10 13:31:47 2018 -0700
Committer: Daniel Kuppitz <daniel_kupp...@hotmail.com>
Committed: Wed Apr 11 09:26:41 2018 -0700

 bin/validate-distribution.sh            | 3 ++-
 docs/site/home/downloads.html           | 4 ++--
 docs/src/dev/developer/release.asciidoc | 1 +
 3 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/bin/validate-distribution.sh b/bin/validate-distribution.sh
index 0121a1a..b071ea0 100755
--- a/bin/validate-distribution.sh
+++ b/bin/validate-distribution.sh
@@ -83,10 +83,11 @@ fi
 echo -n "* downloading ${COMPONENT} (${ZIP_FILENAME})... "
 curl -Lsf ${URL} -o ${ZIP_FILENAME} || { echo "Failed to download 
${COMPONENT}" ; exit 1; }
-for ext in "asc" "md5" "sha1"
+for ext in "asc" "sha1"
   curl -Lsf ${URL}.${ext} -o ${ZIP_FILENAME}.${ext} || { echo "Failed to 
download ${COMPONENT} (${ext})" ; exit 1 ; }
+curl -Lsf ${URL}.md5 -o ${ZIP_FILENAME}.md5 && { echo "MD5 checksums should 
not be released (${ZIP_FILENAME}.md5)" ; exit 1 ; }
 echo "OK"
 # validate zip file

diff --git a/docs/site/home/downloads.html b/docs/site/home/downloads.html
index efe3ac8..f5f0ab3 100644
--- a/docs/site/home/downloads.html
+++ b/docs/site/home/downloads.html
@@ -491,7 +491,7 @@ limitations under the License.
     <p><strong>Note</strong> that upgrade documentation was only introduced at 
3.1.1-incubating which is why there are no links "upgrade" links in versions 
prior to that one.
     <h4>Verifying Downloads</h4>
-    <p>All downloads have associated PGP and MD5 signatures to help verify a 
distribution provided by a mirror. To verify a distribution via PGP or GPG 
first download the
+    <p>All downloads have associated PGP and SHA1 signatures to help verify a 
distribution provided by a mirror. To verify a distribution via PGP or GPG 
first download the
        <a href="https://www.apache.org/dist/tinkerpop/KEYS";>KEYS</a> file (it 
is important to use the linked file which is from the main distribution 
directory and not a
        mirror. Next download the appropriate "asc" signature file for the 
relevant distribution (again, this file should come from the <a 
        distribution directory</a> - note that older releases will have such 
files in the <a href="https://archive.apache.org/dist/tinkerpop/";>archives</a> 
or if released under Apache
@@ -517,7 +517,7 @@ limitations under the License.
       gpg --verify apache-gremlin-console-x.y.z-bin.zip.asc 
-    <p>Alternatively, consider verifying the MD5 signature on the files. An 
MD5 signature consists of 32 hex characters, and a SHA1 signature consists of 
40 hex characters.
+    <p>Alternatively, consider verifying the SHA1 signature on the files. An 
SHA1 signature consists of 40 hex characters.
        Ensure that the generated signature string matches the signature string 
published in the files above.</p>

diff --git a/docs/src/dev/developer/release.asciidoc 
index cc18bde..9439abb 100644
--- a/docs/src/dev/developer/release.asciidoc
+++ b/docs/src/dev/developer/release.asciidoc
@@ -224,6 +224,7 @@ for generating javadoc and without that the binary 
distributions won't contain t
 .. `cp 
 .. `cp 
 .. `cp 
+.. `rm -f dev/*.md5
 .. `cd dev/xx.yy.zz`
 .. pass:[<code>ls * | xargs -n1 -I {} echo "mv apache-tinkerpop-{} {}" | sed 
-e 's/distribution/bin/' -e 's/source-release/src/' -e 
's/tinkerpop-tinkerpop/tinkerpop/' -e s'/^\(.*\) \(.*\) \(.*\)$/\1 \3 \2/' | 
 .. `cd ..; svn add xx.yy.zz/; svn ci -m "TinkerPop xx.yy.zz release"`

Reply via email to