[lucy-dev] Generating checksums chewable by md5sum/shasum

[Marvin Humphrey <ma...@rectangular.com>]

On Tue, Nov 01, 2011 at 10:15:09AM -0700, Chris Hostetter wrote:
> 0) (as noted on the wiki) the SHA and MD5 sig formats don't match any 
> format i've ever seen before -- making them impossible to check in an 
> automated fasion using things like "md5sum -c" or "sha512sum -c" ... 

We have heretofore used GnuPG to generate those.  It was convenient, because
we knew that it would be on the RM's machine, since the RM would need it to
generate PGP sigs.

> if there is *any* app that can automate the verification of these sigs, that
> should be documented somewhere.

I've committed a change to release_commands.pl so that in the future, RMs will
use Perl instead of GnuPG to generate checksums.

The commands are somewhat lengthy, but they produce digests that md5sum and
shasum can chew.

perl -MDigest -e '$d = Digest->new("MD5"); open $fh, "<apache-lucy-incubating-0.2.2.tar.gz" or die; $d->addfile($fh); print $d->hexdigest; print "  apache-lucy-incubating-0.2.2.tar.gz\n"' >  apache-lucy-incubating-0.2.2.tar.gz.md5
perl -MDigest -e '$d = Digest->new("SHA-512"); open $fh, "<apache-lucy-incubating-0.2.2.tar.gz" or die; $d->addfile($fh); print $d->hexdigest; print "  apache-lucy-incubating-0.2.2.tar.gz\n"' >  apache-lucy-incubating-0.2.2.tar.gz.sha

I've also updated the Wiki page to include instructions on how to verify with
md5sum/shasum when available, falling back to eyeballing if necessary.

Marvin Humphrey