You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@arrow.apache.org by uw...@apache.org on 2018/09/20 08:53:51 UTC

[arrow] branch master updated: ARROW-3069: [Release] Stop using SHA1 checksums per ASF policy

This is an automated email from the ASF dual-hosted git repository.

uwe pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/arrow.git


The following commit(s) were added to refs/heads/master by this push:
     new 78886e4  ARROW-3069: [Release] Stop using SHA1 checksums per ASF policy
78886e4 is described below

commit 78886e4176889d55cbc9fc1b5c1bb84d3d46dd82
Author: Krisztián Szűcs <sz...@gmail.com>
AuthorDate: Thu Sep 20 10:53:36 2018 +0200

    ARROW-3069: [Release] Stop using SHA1 checksums per ASF policy
    
    Not tested yet.
    
    Author: Krisztián Szűcs <sz...@gmail.com>
    
    Closes #2584 from kszucs/ARROW-3069 and squashes the following commits:
    
    3f16e458 <Krisztián Szűcs>  update crossbow and verification scripts
---
 dev/release/js-source-release.sh           | 1 -
 dev/release/js-verify-release-candidate.sh | 6 +++---
 dev/release/verify-release-candidate.sh    | 6 +++---
 dev/tasks/crossbow.py                      | 2 +-
 4 files changed, 7 insertions(+), 8 deletions(-)

diff --git a/dev/release/js-source-release.sh b/dev/release/js-source-release.sh
index 49d2858..368bcd1 100755
--- a/dev/release/js-source-release.sh
+++ b/dev/release/js-source-release.sh
@@ -118,7 +118,6 @@ ${SOURCE_DIR}/run-rat.sh ${tarball}
 
 # sign the archive
 gpg --armor --output ${tarball}.asc --detach-sig ${tarball}
-sha1sum $tarball > ${tarball}.sha1
 sha256sum $tarball > ${tarball}.sha256
 sha512sum $tarball > ${tarball}.sha512
 
diff --git a/dev/release/js-verify-release-candidate.sh b/dev/release/js-verify-release-candidate.sh
index 039c94d..edabb4c 100755
--- a/dev/release/js-verify-release-candidate.sh
+++ b/dev/release/js-verify-release-candidate.sh
@@ -54,14 +54,14 @@ fetch_archive() {
   local dist_name=$1
   download_rc_file ${dist_name}.tar.gz
   download_rc_file ${dist_name}.tar.gz.asc
-  download_rc_file ${dist_name}.tar.gz.sha1
+  download_rc_file ${dist_name}.tar.gz.sha256
   download_rc_file ${dist_name}.tar.gz.sha512
   gpg --verify ${dist_name}.tar.gz.asc ${dist_name}.tar.gz
   if [ "$(uname)" == "Darwin" ]; then
-    shasum -a 1 ${dist_name}.tar.gz | diff - ${dist_name}.tar.gz.sha1
+    shasum -a 256 ${dist_name}.tar.gz | diff - ${dist_name}.tar.gz.sha256
     shasum -a 512 ${dist_name}.tar.gz | diff - ${dist_name}.tar.gz.sha512
   else
-    sha1sum ${dist_name}.tar.gz | diff - ${dist_name}.tar.gz.sha1
+    sha256sum ${dist_name}.tar.gz | diff - ${dist_name}.tar.gz.sha256
     sha512sum ${dist_name}.tar.gz | diff - ${dist_name}.tar.gz.sha512
   fi
 }
diff --git a/dev/release/verify-release-candidate.sh b/dev/release/verify-release-candidate.sh
index 4eba3c2..dc0f08f 100755
--- a/dev/release/verify-release-candidate.sh
+++ b/dev/release/verify-release-candidate.sh
@@ -74,11 +74,11 @@ fetch_archive() {
   local dist_name=$1
   download_rc_file ${dist_name}.tar.gz
   download_rc_file ${dist_name}.tar.gz.asc
-  download_rc_file ${dist_name}.tar.gz.sha1
   download_rc_file ${dist_name}.tar.gz.sha256
+  download_rc_file ${dist_name}.tar.gz.sha512
   gpg --verify ${dist_name}.tar.gz.asc ${dist_name}.tar.gz
-  shasum -a 1 -c ${dist_name}.tar.gz.sha1
   shasum -a 256 -c ${dist_name}.tar.gz.sha256
+  shasum -a 512 -c ${dist_name}.tar.gz.sha512
 }
 
 verify_binary_artifacts() {
@@ -106,8 +106,8 @@ verify_binary_artifacts() {
     # basename of the artifact
     pushd $(dirname $artifact)
     base_artifact=$(basename $artifact)
-    shasum -a 1 -c $base_artifact.sha1 || exit 1
     shasum -a 256 -c $base_artifact.sha256 || exit 1
+    shasum -a 512 -c $base_artifact.sha512 || exit 1
     popd
   done
 }
diff --git a/dev/tasks/crossbow.py b/dev/tasks/crossbow.py
index 324b997..cb7a13d 100755
--- a/dev/tasks/crossbow.py
+++ b/dev/tasks/crossbow.py
@@ -700,7 +700,7 @@ def hashbytes(bytes, algoname):
               type=click.Path(file_okay=False, dir_okay=True),
               help='Directory to download the build artifacts')
 @click.option('-a', '--algorithm',
-              default=['sha1', 'sha256'],
+              default=['sha256', 'sha512'],
               show_default=True,
               type=click.Choice(sorted(hashlib.algorithms_guaranteed)),
               multiple=True,