Re: [PATCH] MINOR: Generate sha256 checksums in publish-release

2018-07-20 Thread Willy Tarreau 
On Fri, Jul 20, 2018 at 01:45:51PM +0200, Tim Düsterhus wrote:
> Perfect. Could you possibly retroactively add a .sha256 file for the
> newest version of each currently supported branch (i.e. 1.8.12, 1.7.11,
> 1.6.14 and 1.5.19)? This would allow me to update a few scripts, without
> having to special case branches with and without sha256.

OK, given that you wrote the patch and the effort of enumerating the
versions, I didn't have to think too much so I've just done it :-)

Cheers,
Willy

Re: [PATCH] MINOR: Generate sha256 checksums in publish-release

2018-07-20 Thread Tim Düsterhus 
Willy,

Am 20.07.2018 um 10:50 schrieb Willy Tarreau:
> Makes sense, now merge.
> 

Perfect. Could you possibly retroactively add a .sha256 file for the
newest version of each currently supported branch (i.e. 1.8.12, 1.7.11,
1.6.14 and 1.5.19)? This would allow me to update a few scripts, without
having to special case branches with and without sha256.

Best regards
Tim Düsterhus

Re: [PATCH] MINOR: Generate sha256 checksums in publish-release

2018-07-20 Thread Willy Tarreau 
Hi Tim,

On Thu, Jul 19, 2018 at 11:57:56PM +0200, Tim Duesterhus wrote:
> Currently only md5 signatures are generated. While md5
> still is not broken with regard to preimage attacks, sha256
> clearly is the current secure solution.
> 
> This patch should be backported to all supported branches.

Makes sense, now merge.

Thank you!
Willy

[PATCH] MINOR: Generate sha256 checksums in publish-release

2018-07-19 Thread Tim Duesterhus 
Currently only md5 signatures are generated. While md5
still is not broken with regard to preimage attacks, sha256
clearly is the current secure solution.

This patch should be backported to all supported branches.
---
 scripts/publish-release | 7 ---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/scripts/publish-release b/scripts/publish-release
index ecef867b..6a615a6f 100755
--- a/scripts/publish-release
+++ b/scripts/publish-release
@@ -159,14 +159,15 @@ if [ -z "$AUTO" ]; then
 fi
 
 echo "Archiving sources for version $NEW ..."
-rm -f "${TARGET_DIR}/src${DEVEL}/haproxy-${NEW}.tar.gz"{,.md5}
+rm -f "${TARGET_DIR}/src${DEVEL}/haproxy-${NEW}.tar.gz"{,.md5,.sha256}
 if ! git archive --format=tar --prefix="haproxy-${NEW}/" "v$NEW" | \
  gzip -9 > "${TARGET_DIR}/src${DEVEL}/haproxy-${NEW}.tar.gz"; then
die "Failed to produce the tar.gz archive"
 fi
 
 ( cd "$TARGET_DIR/src${DEVEL}" ; \
-  md5sum haproxy-$NEW.tar.gz > haproxy-$NEW.tar.gz.md5 )
+  md5sum haproxy-$NEW.tar.gz > haproxy-$NEW.tar.gz.md5 ; \
+  sha256sum haproxy-$NEW.tar.gz > haproxy-$NEW.tar.gz.sha256 )
 
 echo "Extracting doc ..."
 git show "v$NEW:CHANGELOG" > "$TARGET_DIR/src/CHANGELOG"
@@ -178,6 +179,6 @@ done
 
 echo "Done : ls -l ${TARGET_DIR}"
 ( cd "$TARGET_DIR" ;
-  ls -l src/CHANGELOG "src${DEVEL}/haproxy-${NEW}".tar.gz{,.md5} $(for i in 
"${DOC[@]}"; do echo "doc/${i#doc/}"{,.gz}; done)
+  ls -l src/CHANGELOG "src${DEVEL}/haproxy-${NEW}".tar.gz{,.md5,.sha256} $(for 
i in "${DOC[@]}"; do echo "doc/${i#doc/}"{,.gz}; done)
 )
 echo
-- 
2.18.0