[
https://issues.apache.org/jira/browse/HBASE-15630?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15239781#comment-15239781
]
Christopher Tubbs commented on HBASE-15630:
-------------------------------------------
Okay, that's fine. I'm not familiar with HBase community practices, so I
figured a proposed change via a JIRA issue marked "Wish" and "Trivial" priority
would be a sufficient way to make a minor suggestion.
Apologies for proposing a change in the wrong forum.
However, I didn't quite expect the issue to be closed (and, especially not by
somebody other than the assignee) without a comment explaining why, and with a
resolution status that did not seem appropriate to the contents of the issue
(it wasn't a request for information, it was a proposed change... but it was
closed as "Information Provided"). That seemed like a mistake to me, so I
reopened in good faith with an explanation, in an attempt to continue the
conversation.
> Improve checksum files for releases for easier verification
> -----------------------------------------------------------
>
> Key: HBASE-15630
> URL: https://issues.apache.org/jira/browse/HBASE-15630
> Project: HBase
> Issue Type: Wish
> Affects Versions: 1.2.1
> Reporter: Christopher Tubbs
> Assignee: Elliott Clark
> Priority: Trivial
>
> Trying to verify latest release (1.2.1), and I found it a bit inconvenient to
> parse the *.mds checksum file. The line wrapping, white space, and the
> general format of the file does not lend itself for easy verification.
> I suggest using the standard "coreutils" format for md5sum, sha*sum, etc.,
> instead: <lowercase-hash><space><asterisk(binary-flag)><filename>
> {code}
> # md5
> 3d66c0dd4f38fa881046fe64dd680a7a *hbase-1.2.1-src.tar.gz
> # sha1
> 3666a4829d9a8d9285173bfa8e8d0ff5423a22d6 *hbase-1.2.1-src.tar.gz
> # rmd160
> #fb318e84b6256492cfb990aec2238a64c2da21ad *hbase-1.2.1-src.tar.gz
> # sha224
> 89d341a55069e4875f9e6859737062fd7a4c11596811731c4ba95ca0
> *hbase-1.2.1-src.tar.gz
> # sha256
> e8000a65e98d4c5db7bab54da99a57209fe4ea777ab41e91ae8ccf7bfa2d50dd
> *hbase-1.2.1-src.tar.gz
> # sha384
> 49aa0620bf0fbe20bbde66cecabb76b22defb9ee609936edc3952889e6484e55c88f1c93d6258a2eaab4a9d5188b6170
> *hbase-1.2.1-src.tar.gz
> # sha512
> 28956a35a01ae87e9f733664c52c6fd25f9a60a1ff7047bbf306cd433c2a5b863c9bf05aba1d58792b86eec9943ae00e772c4b76fb81c5d210cf256cd074189b
> *hbase-1.2.1-src.tar.gz
> {code}
> (comment lines added for humans, but ignored by tools; commented out rmd160,
> because not a coreutils supported algorithm; binary flag optional, could use
> another space instead... probably only matters for some dos tools)
> This makes it very easy to verify multiple files and hashes using: {{shasum
> -c file.mds}} or {{sha1sum -c file.mds}} or {{md5sum -c file.mds}}.
> In addition to the file format change, I suggest these two additional changes:
> 1. Drop rmd160. It's not nearly as popular as the others, and it doesn't lend
> itself to easy verification (no coreutils equivalent command like md5sum,
> sha1sum, etc.)
> 2. Concatenate hashes from all files into a single file. This makes it easier
> to verify all downloads at once.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
