rdelval closed pull request #36: Removing MD5 check from verify release candidate script and release script URL: https://github.com/apache/aurora/pull/36
This is a PR merged from a forked repository. As GitHub hides the original diff on merge, it is displayed below for the sake of provenance: As this is a foreign pull request (from a fork), the diff is supplied below (as it won't show otherwise due to GitHub magic): diff --git a/build-support/release/release b/build-support/release/release index 86bcbe409..705ff8df9 100755 --- a/build-support/release/release +++ b/build-support/release/release @@ -192,8 +192,7 @@ echo "Signing the distribution" gpg --armor --output ${dist_name}.tar.gz.asc --detach-sig ${dist_name}.tar.gz # Create the checksums -echo "Creating checksums" -gpg --print-md MD5 ${dist_name}.tar.gz > ${dist_name}.tar.gz.md5 +echo "Creating checksum" shasum -a 512 ${dist_name}.tar.gz > ${dist_name}.tar.gz.sha512 if [[ $publish == 1 ]]; then @@ -241,8 +240,8 @@ ${aurora_git_web_url}&a=shortlog&h=refs/tags/${current_version_tag} The release is available at: ${aurora_svn_dist_url}/${current_version}/${dist_name}.tar.gz -The MD5 checksum of the release can be found at: -${aurora_svn_dist_url}/${current_version}/${dist_name}.tar.gz.md5 +The SHA-512 checksum of the release can be found at: +${aurora_svn_dist_url}/${current_version}/${dist_name}.tar.gz.sha512 The signature of the release can be found at: ${aurora_svn_dist_url}/${current_version}/${dist_name}.tar.gz.asc diff --git a/build-support/release/release-candidate b/build-support/release/release-candidate index 4547af67b..d7cb38f98 100755 --- a/build-support/release/release-candidate +++ b/build-support/release/release-candidate @@ -226,8 +226,8 @@ pushd ${dist_dir} echo "Signing the distribution" gpg --armor --output ${dist_name}.tar.gz.asc --detach-sig ${dist_name}.tar.gz - # Create the checksums - echo "Creating checksums" + # Create the checksum + echo "Creating checksum" shasum -a 512 ${dist_name}.tar.gz > ${dist_name}.tar.gz.sha512 popd diff --git a/build-support/release/verify-release-candidate b/build-support/release/verify-release-candidate index dcd8114ec..524da76ca 100755 --- a/build-support/release/verify-release-candidate +++ b/build-support/release/verify-release-candidate @@ -40,10 +40,8 @@ fetch_archive() { local dist_name=$1 download_rc_file ${dist_name}.tar.gz download_rc_file ${dist_name}.tar.gz.asc - download_rc_file ${dist_name}.tar.gz.md5 download_rc_file ${dist_name}.tar.gz.sha512 gpg --verify ${dist_name}.tar.gz.asc ${dist_name}.tar.gz - gpg --print-md MD5 ${dist_name}.tar.gz | diff - ${dist_name}.tar.gz.md5 shasum -a 512 ${dist_name}.tar.gz | diff - ${dist_name}.tar.gz.sha512 } ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services