[PATCH] use SHA-2 family hash for releases

Thu, 23 Feb 2017 12:09:15 -0800 

Hello,

After the alpha, the next release should go up with a SHA-2 family digest.

[[[
Use SHA-512 for releases

* tools/dist/release.py: generate SHA-512 digests

* tools/dist/templates/download.ezt
  tools/dist/templates/rc-release-ann.ezt
  tools/dist/templates/stable-release-ann.ezt: adjust text and variable

]]]

Andreas


Index: tools/dist/release.py
===================================================================
--- tools/dist/release.py	(revision 1784199)
+++ tools/dist/release.py	(working copy)
@@ -537,9 +537,9 @@ def roll_tarballs(args):
 
         shutil.move(filename, get_deploydir(args.base_dir))
         filename = os.path.join(get_deploydir(args.base_dir), filename)
-        m = hashlib.sha1()
+        m = hashlib.sha512()
         m.update(open(filename, 'r').read())
-        open(filename + '.sha1', 'w').write(m.hexdigest())
+        open(filename + '.sha512', 'w').write(m.hexdigest())
 
     shutil.move('svn_version.h.dist',
                 get_deploydir(args.base_dir) + '/' + 'svn_version.h.dist'
@@ -758,39 +758,39 @@ def write_news(args):
     template.generate(sys.stdout, data)
 
 
-def get_sha1info(args, replace=False):
-    'Return a list of sha1 info for the release'
+def get_sha512info(args, replace=False):
+    'Return a list of sha512 info for the release'
 
     target = get_target(args)
 
-    sha1s = glob.glob(os.path.join(target, 'subversion*-%s*.sha1' % args.version))
+    sha512s = glob.glob(os.path.join(target, 'subversion*-%s*.sha512' % args.version))
 
     class info(object):
         pass
 
-    sha1info = []
-    for s in sha1s:
+    sha512info = []
+    for s in sha512s:
         i = info()
-        # strip ".sha1"
-        fname = os.path.basename(s)[:-5]
+        # strip ".sha512"
+        fname = os.path.basename(s)[:-7]
         if replace:
             # replace the version number with the [version] reference
             i.filename = Version.regex.sub('[version]', fname)
         else:
             i.filename = fname
-        i.sha1 = open(s, 'r').read()
-        sha1info.append(i)
+        i.sha512 = open(s, 'r').read()
+        sha512info.append(i)
 
-    return sha1info
+    return sha512info
 
 
 def write_announcement(args):
     'Write the release announcement.'
-    sha1info = get_sha1info(args)
+    sha512info = get_sha512info(args)
     siginfo = "\n".join(get_siginfo(args, True)) + "\n"
 
     data = { 'version'              : str(args.version),
-             'sha1info'             : sha1info,
+             'sha512info'           : sha512info,
              'siginfo'              : siginfo,
              'major-minor'          : args.version.branch,
              'major-minor-patch'    : args.version.base,
@@ -809,10 +809,10 @@ def write_announcement(args):
 
 def write_downloads(args):
     'Output the download section of the website.'
-    sha1info = get_sha1info(args, replace=True)
+    sha512info = get_sha512info(args, replace=True)
 
     data = { 'version'              : str(args.version),
-             'fileinfo'             : sha1info,
+             'fileinfo'             : sha512info,
            }
 
     template = ezt.Template(compress_whitespace = False)
Index: tools/dist/templates/download.ezt
===================================================================
--- tools/dist/templates/download.ezt	(revision 1784199)
+++ tools/dist/templates/download.ezt	(working copy)
@@ -2,12 +2,12 @@
 <table class="centered">
 <tr>
   <th>File</th>
-  <th>Checksum (SHA1)</th>
+  <th>Checksum (SHA-512)</th>
   <th>Signatures</th>
 </tr>
 [for fileinfo]<tr>
   <td><a href="[[]preferred]subversion/[fileinfo.filename]">[fileinfo.filename]</a></td>
-  <td class="checksum">[fileinfo.sha1]</td>
+  <td class="checksum">[fileinfo.sha512]</td>
   <td>[<a href="http://www.apache.org/dist/subversion/[fileinfo.filename].asc";>PGP</a>]</td>
 </tr>[end]
 </table>
Index: tools/dist/templates/rc-release-ann.ezt
===================================================================
--- tools/dist/templates/rc-release-ann.ezt	(revision 1784199)
+++ tools/dist/templates/rc-release-ann.ezt	(working copy)
@@ -3,9 +3,9 @@ Please choose the mirror closest to you by visitin
 
     http://subversion.apache.org/download.cgi#[anchor]
 
-The SHA1 checksums are:
+The SHA-512 checksums are:
 
-[for sha1info]    [sha1info.sha1] [sha1info.filename]
+[for sha512info]    [sha512info.sha512] [sha512info.filename]
 [end]
 PGP Signatures are available at:
 
Index: tools/dist/templates/stable-release-ann.ezt
===================================================================
--- tools/dist/templates/stable-release-ann.ezt	(revision 1784199)
+++ tools/dist/templates/stable-release-ann.ezt	(working copy)
@@ -3,9 +3,9 @@ Please choose the mirror closest to you by visitin
 
     http://subversion.apache.org/download.cgi#[anchor]
 
-The SHA1 checksums are:
+The SHA-512 checksums are:
 
-[for sha1info]    [sha1info.sha1] [sha1info.filename]
+[for sha512info]    [sha512info.sha512] [sha512info.filename]
 [end]
 PGP Signatures are available at:

Reply via email to