tbouron commented on a change in pull request #150: BROOKLYN-597 Remove
md5/sha1 - DO NOT MERGE
URL: https://github.com/apache/brooklyn-dist/pull/150#discussion_r355353422
##########
File path: release/make-release-artifacts.sh
##########
@@ -270,19 +270,21 @@ cp
${src_staging_dir}/brooklyn-dist/deb-packaging/target/apache-brooklyn-${curre
###############################################################################
# Signatures and checksums
-# OSX doesn't have sha256sum, even if MacPorts md5sha1sum package is installed.
+# OSX doesn't have sha256sum, even if MacPorts package is installed.
# Easy to fake it though.
which sha256sum >/dev/null || alias sha256sum='shasum -a 256' && shopt -s
expand_aliases
-( cd ${artifact_dir} &&
- for a in *.tar.gz *.zip *.rpm *.deb; do
- md5sum -b ${a} > ${a}.md5
- sha1sum -b ${a} > ${a}.sha1
- sha256sum -b ${a} > ${a}.sha256
- gpg2 --armor --output ${a}.asc --detach-sig ${a}
- done
+(
+ cd ${artifact_dir}
+ checksum_file="${artifact_name}-SHA256SUMS"
+
+ for a in *.tar.gz *.zip *.rpm *.deb; do
+ sha256sum -b ${a} >> ${checksum_file}
+ done
+ gpg2 --armor --output ${checksum_file}.asc --detach-sig ${checksum_file}
Review comment:
Is this right? My interpretation of the text in the PR description is that
the GPG signature should be generated for each artifact, so this should be kept
into the for loop.
Or maybe I misread it?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
