[
https://issues.apache.org/jira/browse/HBASE-24589?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Matthew Foley updated HBASE-24589:
----------------------------------
Description:
The value of srcChecksum displayed in the HBase UI is generated at build time
by
https://github.com/apache/hbase/blob/master/hbase-common/src/saveVersion.sh#L53-L61
On a Linux build host,
if `openssl`(v 1.1.1) is available, the resulting value of srcChecksum is
`(stdin)=`
else if `gpg` (v 2.2.19) is available, the value is only the first 8-character
substring of the sha512 hash.
On a Mac build host,
if `openssl`(LibreSSL 2.8.3) is available, the resulting value of srcChecksum
is correct
else if `gpg` (v 2.2.19) is available, the value is again the first 8-character
substring of the sha512 hash.
Furthermore, while "sha512" is well defined and gives the same value from all
four programs, the associated leader text for file names has a different
format, and gpg generates uppercase hex divided into 8-character blocks while
openssl generates lowercase hex in a single string. Either of these
differences will cause the sum-of-sums generated by openssl and gpg to be
different! Which is unacceptable if srcChecksum is to be used for validation.
was:
The value of srcChecksum displayed in the HBase UI is generated at build time
by
https://github.com/apache/hbase/blob/master/hbase-common/src/saveVersion.sh#L53-L61
On a Linux build host,
if `openssl`(v 1.1.1) is available, the resulting value of srcChecksum is
`(stdin)=`
else if `gpg` (v 2.2.19) is available, the value is only the first 8-character
substring of the sha512 hash.
On a Mac build host,
if `openssl`(LibreSSL 2.8.3) is available, the resulting value of srcChecksum
is correct
else if `gpg` (v 2.2.19) is available, the value is again the first 8-character
substring of the sha512 hash.
Furthermore, while "sha512" is well defined and gives the same value from all
four programs, the associated leader text for file names has a different
format, therefore the sum-of-sums generated by openssl and gpg will be
different! Which is unacceptable if srcChecksum is to be used for validation.
> In HBase UI, srcChecksum has bad content
> ----------------------------------------
>
> Key: HBASE-24589
> URL: https://issues.apache.org/jira/browse/HBASE-24589
> Project: HBase
> Issue Type: Bug
> Components: UI
> Affects Versions: 3.0.0-alpha-1, 2.3.0
> Reporter: Matthew Foley
> Assignee: Matthew Foley
> Priority: Minor
>
> The value of srcChecksum displayed in the HBase UI is generated at build time
> by
> https://github.com/apache/hbase/blob/master/hbase-common/src/saveVersion.sh#L53-L61
> On a Linux build host,
> if `openssl`(v 1.1.1) is available, the resulting value of srcChecksum is
> `(stdin)=`
> else if `gpg` (v 2.2.19) is available, the value is only the first
> 8-character substring of the sha512 hash.
> On a Mac build host,
> if `openssl`(LibreSSL 2.8.3) is available, the resulting value of srcChecksum
> is correct
> else if `gpg` (v 2.2.19) is available, the value is again the first
> 8-character substring of the sha512 hash.
> Furthermore, while "sha512" is well defined and gives the same value from all
> four programs, the associated leader text for file names has a different
> format, and gpg generates uppercase hex divided into 8-character blocks while
> openssl generates lowercase hex in a single string. Either of these
> differences will cause the sum-of-sums generated by openssl and gpg to be
> different! Which is unacceptable if srcChecksum is to be used for validation.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
