[GitHub] rdelval closed pull request #36: Removing MD5 check from verify release candidate script and release script

Tue, 04 Sep 2018 12:16:51 -0700 

rdelval closed pull request #36: Removing MD5 check from verify release 
candidate script and release script
URL: https://github.com/apache/aurora/pull/36
 
 
   

This is a PR merged from a forked repository.
As GitHub hides the original diff on merge, it is displayed below for
the sake of provenance:

As this is a foreign pull request (from a fork), the diff is supplied
below (as it won't show otherwise due to GitHub magic):

diff --git a/build-support/release/release b/build-support/release/release
index 86bcbe409..705ff8df9 100755
--- a/build-support/release/release
+++ b/build-support/release/release
@@ -192,8 +192,7 @@ echo "Signing the distribution"
 gpg --armor --output ${dist_name}.tar.gz.asc --detach-sig ${dist_name}.tar.gz
 
 # Create the checksums
-echo "Creating checksums"
-gpg --print-md MD5 ${dist_name}.tar.gz > ${dist_name}.tar.gz.md5
+echo "Creating checksum"
 shasum -a 512 ${dist_name}.tar.gz > ${dist_name}.tar.gz.sha512
 
 if [[ $publish == 1 ]]; then
@@ -241,8 +240,8 @@ 
${aurora_git_web_url}&a=shortlog&h=refs/tags/${current_version_tag}
 The release is available at:
 ${aurora_svn_dist_url}/${current_version}/${dist_name}.tar.gz
 
-The MD5 checksum of the release can be found at:
-${aurora_svn_dist_url}/${current_version}/${dist_name}.tar.gz.md5
+The SHA-512 checksum of the release can be found at:
+${aurora_svn_dist_url}/${current_version}/${dist_name}.tar.gz.sha512
 
 The signature of the release can be found at:
 ${aurora_svn_dist_url}/${current_version}/${dist_name}.tar.gz.asc
diff --git a/build-support/release/release-candidate 
b/build-support/release/release-candidate
index 4547af67b..d7cb38f98 100755
--- a/build-support/release/release-candidate
+++ b/build-support/release/release-candidate
@@ -226,8 +226,8 @@ pushd ${dist_dir}
   echo "Signing the distribution"
   gpg --armor --output ${dist_name}.tar.gz.asc --detach-sig ${dist_name}.tar.gz
 
-  # Create the checksums
-  echo "Creating checksums"
+  # Create the checksum
+  echo "Creating checksum"
   shasum -a 512 ${dist_name}.tar.gz > ${dist_name}.tar.gz.sha512
 popd
 
diff --git a/build-support/release/verify-release-candidate 
b/build-support/release/verify-release-candidate
index dcd8114ec..524da76ca 100755
--- a/build-support/release/verify-release-candidate
+++ b/build-support/release/verify-release-candidate
@@ -40,10 +40,8 @@ fetch_archive() {
   local dist_name=$1
   download_rc_file ${dist_name}.tar.gz
   download_rc_file ${dist_name}.tar.gz.asc
-  download_rc_file ${dist_name}.tar.gz.md5
   download_rc_file ${dist_name}.tar.gz.sha512
   gpg --verify ${dist_name}.tar.gz.asc ${dist_name}.tar.gz
-  gpg --print-md MD5 ${dist_name}.tar.gz | diff - ${dist_name}.tar.gz.md5
   shasum -a 512 ${dist_name}.tar.gz | diff - ${dist_name}.tar.gz.sha512
 }
 


 

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

Reply via email to