[PATCH] Use sha256 for hashes in the release process
andreas@rammhold.de
andreas@rammhold.de
Mon Oct 26 01:33:47 GMT 2020
From: Andreas Rammhold <andreas@rammhold.de>
I just came across the GDB 10.1 release notes and saw that md5 is still
being used in those. I thought it would be a good idea to instead have a
more modern, secure and wildly available hash function such as SHA256 as
part of the release process.
The changes have been done rather mechnically via sed but executing the
`src-release.sh -b gdb` did work so I am confident about the result.
While this does not directly address the release mails, as I was wasn't
able to find the template/script used for those, this is probably still
an improvement.
ChangeLog:
* src-release.sh: Use sha256sum instead of md5sum.
binutils/ChangeLog:
* README-how-to-make-a-release: Use sha256sum instead of md5sum.
---
ChangeLog | 3 +++
binutils/ChangeLog | 3 +++
binutils/README-how-to-make-a-release | 4 ++--
src-release.sh | 18 +++++++++---------
4 files changed, 17 insertions(+), 11 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 9daa7be322..e9e5f754bd 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,6 @@
+2020-10-26 Andreas Rammhold <andreas@rammhold.de>
+ * src-release.sh: Use sha256sum instead of md5sum.
+
2020-10-14 Andrew Burgess <andrew.burgess@embecosm.com>
* Makefile.in: Rebuild.
diff --git a/binutils/ChangeLog b/binutils/ChangeLog
index 4c14fd1510..8772a930b2 100644
--- a/binutils/ChangeLog
+++ b/binutils/ChangeLog
@@ -1,3 +1,6 @@
+2020-10-26 Andreas Rammhold <andreas@rammhold.de>
+ * README-how-to-make-a-release: Use sha256sum instead of md5sum.
+
2020-10-22 H.J. Lu <hongjiu.lu@intel.com>
* testsuite/binutils-all/objcopy.exp (objcopy_test): Report
diff --git a/binutils/README-how-to-make-a-release b/binutils/README-how-to-make-a-release
index abb2438c5c..db962e2f55 100644
--- a/binutils/README-how-to-make-a-release
+++ b/binutils/README-how-to-make-a-release
@@ -124,7 +124,7 @@ How to perform a release.
cd <branch-sources>
scp binutils-<OLD_VERSION>.90.tar.xz sourceware.org:~ftp/pub/binutils/snapshots
- ssh sourceware.org md5sum ~ftp/pub/binutils/snapshots/binutils-<OLD_VERSION>.90.tar.xz
+ ssh sourceware.org sha256sum ~ftp/pub/binutils/snapshots/binutils-<OLD_VERSION>.90.tar.xz
e. Clean up the source directory again.
@@ -364,7 +364,7 @@ Cheers
David Edelsohn <dje.gcc@gmail.com> announcing the new release.
Sign the email and include the checksum:
- md5sum binutils-2.3x.tar.*
+ sha256sum binutils-2.3x.tar.*
(The email to Davis is so that he can update the GNU Toolchain
social media). Something like this:
diff --git a/src-release.sh b/src-release.sh
index 1f69deeb0e..0ed467125b 100755
--- a/src-release.sh
+++ b/src-release.sh
@@ -26,7 +26,7 @@ BZIPPROG=bzip2
GZIPPROG=gzip
LZIPPROG=lzip
XZPROG=xz
-MD5PROG=md5sum
+SHA256PROG=sha256sum
MAKE=make
CC=gcc
CXX=g++
@@ -168,15 +168,15 @@ do_proto_toplev()
CVS_NAMES='-name CVS -o -name .cvsignore'
-# Add an md5sum to the built tarball
-do_md5sum()
+# Add an sha256sum to the built tarball
+do_sha256sum()
{
- echo "==> Adding md5 checksum to top-level directory"
+ echo "==> Adding sha256 checksum to top-level directory"
(cd proto-toplev && find * -follow \( $CVS_NAMES \) -prune \
-o -type f -print \
- | xargs $MD5PROG > ../md5.new)
- rm -f proto-toplev/md5.sum
- mv md5.new proto-toplev/md5.sum
+ | xargs $SHA256PROG > ../sha256.new)
+ rm -f proto-toplev/sha256.sum
+ mv sha256.new proto-toplev/sha256.sum
}
# Build the release tarball
@@ -276,7 +276,7 @@ tar_compress()
verdir=${5:-$tool}
ver=$(getver $verdir)
do_proto_toplev $package $ver $tool "$support_files"
- do_md5sum
+ do_sha256sum
do_tar $package $ver
do_compress $package $ver "$compressors"
}
@@ -290,7 +290,7 @@ gdb_tar_compress()
compressors=$4
ver=$(getver $tool)
do_proto_toplev $package $ver $tool "$support_files"
- do_md5sum
+ do_sha256sum
do_djunpack $package $ver
do_tar $package $ver
do_compress $package $ver "$compressors"
--
2.28.0
More information about the Gdb-patches
mailing list