You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@airflow.apache.org by GitBox <gi...@apache.org> on 2020/12/06 13:25:13 UTC

[GitHub] [airflow] potiuk edited a comment on issue #12832: Source hash apache-airflow-1.10.13-bin.tar.gz.sha512 format is invalid

potiuk edited a comment on issue #12832:
URL: https://github.com/apache/airflow/issues/12832#issuecomment-739502352


   The file is valid, but not recognized by ansible. We are currently using GPG to generate the SHA files:  
   
   ```
   gpg --print-md SHA512 "${name}" > "${name}.sha512"` (See   gpg --print-md SHA512 "${name}" > "${name}.sha512`
   ```
   
   And likewise we are using GPG to verify them:
   
   https://github.com/apache/airflow/blob/master/dev/README_RELEASE_AIRFLOW.md#sha512-sum-check
   
   ```
   echo "Checking $i"; gpg --print-md SHA512 `basename $i .sha512 ` | diff - $i
   ```
   @noelmcloughlin  I think as a workaround, you could use `skip_verify: true' and add a simple script verifying the signature in a similar way https://stackoverflow.com/questions/45287269/check-authenticity-of-file-in-ansible/45303473 
   
   @kaxil -> the format of the SHA files is indeed non-standard, so why don't we change it for 2.0? It's rather straightforward WDYT?
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org