You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@hbase.apache.org by "Christopher Tubbs (JIRA)" <ji...@apache.org> on 2016/04/11 18:15:25 UTC

[jira] [Created] (HBASE-15630) Improve checksum files for releases for easier verification

Christopher Tubbs created HBASE-15630:
-----------------------------------------

             Summary: Improve checksum files for releases for easier verification
                 Key: HBASE-15630
                 URL: https://issues.apache.org/jira/browse/HBASE-15630
             Project: HBase
          Issue Type: Wish
    Affects Versions: 1.2.1
            Reporter: Christopher Tubbs
            Priority: Trivial


Trying to verify latest release (1.2.1), and I found it a bit inconvenient to parse the *.mds checksum file. The line wrapping, white space, and the general format of the file does not lend itself for easy verification.

I suggest using the standard "coreutils" format for md5sum, sha*sum, etc., instead: <lowercase-hash><space><asterisk(binary-flag)><filename>
{code}
# md5
3d66c0dd4f38fa881046fe64dd680a7a *hbase-1.2.1-src.tar.gz
# sha1
3666a4829d9a8d9285173bfa8e8d0ff5423a22d6 *hbase-1.2.1-src.tar.gz
# rmd160
#fb318e84b6256492cfb990aec2238a64c2da21ad *hbase-1.2.1-src.tar.gz
# sha224
89d341a55069e4875f9e6859737062fd7a4c11596811731c4ba95ca0 *hbase-1.2.1-src.tar.gz
# sha256
e8000a65e98d4c5db7bab54da99a57209fe4ea777ab41e91ae8ccf7bfa2d50dd *hbase-1.2.1-src.tar.gz
# sha384
49aa0620bf0fbe20bbde66cecabb76b22defb9ee609936edc3952889e6484e55c88f1c93d6258a2eaab4a9d5188b6170 *hbase-1.2.1-src.tar.gz
# sha512
28956a35a01ae87e9f733664c52c6fd25f9a60a1ff7047bbf306cd433c2a5b863c9bf05aba1d58792b86eec9943ae00e772c4b76fb81c5d210cf256cd074189b *hbase-1.2.1-src.tar.gz
{code}
(comment lines added for humans, but ignored by tools; commented out rmd160, because not a coreutils supported algorithm; binary flag optional, could use another space instead... probably only matters for some dos tools)

This makes it very easy to verify multiple files and hashes using: {{shasum -c file.mds}} or {{sha1sum -c file.mds}} or {{md5sum -c file.mds}}.

In addition to the file format change, I suggest these two additional changes:

1. Drop rmd160. It's not nearly as popular as the others, and it doesn't lend itself to easy verification (no coreutils equivalent command like md5sum, sha1sum, etc.)
2. Concatenate hashes from all files into a single file. This makes it easier to verify all downloads at once.




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)