From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from simark.ca by simark.ca with LMTP id DzR1KYknll9UGAAAWB0awg (envelope-from ) for ; Sun, 25 Oct 2020 21:34:01 -0400 Received: by simark.ca (Postfix, from userid 112) id 9BEB71F08D; Sun, 25 Oct 2020 21:34:01 -0400 (EDT) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on simark.ca X-Spam-Level: X-Spam-Status: No, score=-1.0 required=5.0 tests=MAILING_LIST_MULTI, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.2 Received: from sourceware.org (server2.sourceware.org [8.43.85.97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by simark.ca (Postfix) with ESMTPS id 394451E58E for ; Sun, 25 Oct 2020 21:34:00 -0400 (EDT) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 884BD3857C62; Mon, 26 Oct 2020 01:33:59 +0000 (GMT) Received: from mx.h4ck.space (mx.h4ck.space [159.69.146.50]) by sourceware.org (Postfix) with ESMTPS id 0BA4B3857C62 for ; Mon, 26 Oct 2020 01:33:56 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 0BA4B3857C62 Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=rammhold.de Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=andi@notmuch.email From: andreas@rammhold.de To: gdb-patches@sourceware.org Subject: [PATCH] Use sha256 for hashes in the release process Date: Mon, 26 Oct 2020 02:33:47 +0100 Message-Id: <20201026013347.6250-1-andreas@rammhold.de> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-BeenThere: gdb-patches@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gdb-patches mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Andreas Rammhold Errors-To: gdb-patches-bounces@sourceware.org Sender: "Gdb-patches" From: Andreas Rammhold I just came across the GDB 10.1 release notes and saw that md5 is still being used in those. I thought it would be a good idea to instead have a more modern, secure and wildly available hash function such as SHA256 as part of the release process. The changes have been done rather mechnically via sed but executing the `src-release.sh -b gdb` did work so I am confident about the result. While this does not directly address the release mails, as I was wasn't able to find the template/script used for those, this is probably still an improvement. ChangeLog: * src-release.sh: Use sha256sum instead of md5sum. binutils/ChangeLog: * README-how-to-make-a-release: Use sha256sum instead of md5sum. --- ChangeLog | 3 +++ binutils/ChangeLog | 3 +++ binutils/README-how-to-make-a-release | 4 ++-- src-release.sh | 18 +++++++++--------- 4 files changed, 17 insertions(+), 11 deletions(-) diff --git a/ChangeLog b/ChangeLog index 9daa7be322..e9e5f754bd 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,6 @@ +2020-10-26 Andreas Rammhold + * src-release.sh: Use sha256sum instead of md5sum. + 2020-10-14 Andrew Burgess * Makefile.in: Rebuild. diff --git a/binutils/ChangeLog b/binutils/ChangeLog index 4c14fd1510..8772a930b2 100644 --- a/binutils/ChangeLog +++ b/binutils/ChangeLog @@ -1,3 +1,6 @@ +2020-10-26 Andreas Rammhold + * README-how-to-make-a-release: Use sha256sum instead of md5sum. + 2020-10-22 H.J. Lu * testsuite/binutils-all/objcopy.exp (objcopy_test): Report diff --git a/binutils/README-how-to-make-a-release b/binutils/README-how-to-make-a-release index abb2438c5c..db962e2f55 100644 --- a/binutils/README-how-to-make-a-release +++ b/binutils/README-how-to-make-a-release @@ -124,7 +124,7 @@ How to perform a release. cd scp binutils-.90.tar.xz sourceware.org:~ftp/pub/binutils/snapshots - ssh sourceware.org md5sum ~ftp/pub/binutils/snapshots/binutils-.90.tar.xz + ssh sourceware.org sha256sum ~ftp/pub/binutils/snapshots/binutils-.90.tar.xz e. Clean up the source directory again. @@ -364,7 +364,7 @@ Cheers David Edelsohn announcing the new release. Sign the email and include the checksum: - md5sum binutils-2.3x.tar.* + sha256sum binutils-2.3x.tar.* (The email to Davis is so that he can update the GNU Toolchain social media). Something like this: diff --git a/src-release.sh b/src-release.sh index 1f69deeb0e..0ed467125b 100755 --- a/src-release.sh +++ b/src-release.sh @@ -26,7 +26,7 @@ BZIPPROG=bzip2 GZIPPROG=gzip LZIPPROG=lzip XZPROG=xz -MD5PROG=md5sum +SHA256PROG=sha256sum MAKE=make CC=gcc CXX=g++ @@ -168,15 +168,15 @@ do_proto_toplev() CVS_NAMES='-name CVS -o -name .cvsignore' -# Add an md5sum to the built tarball -do_md5sum() +# Add an sha256sum to the built tarball +do_sha256sum() { - echo "==> Adding md5 checksum to top-level directory" + echo "==> Adding sha256 checksum to top-level directory" (cd proto-toplev && find * -follow \( $CVS_NAMES \) -prune \ -o -type f -print \ - | xargs $MD5PROG > ../md5.new) - rm -f proto-toplev/md5.sum - mv md5.new proto-toplev/md5.sum + | xargs $SHA256PROG > ../sha256.new) + rm -f proto-toplev/sha256.sum + mv sha256.new proto-toplev/sha256.sum } # Build the release tarball @@ -276,7 +276,7 @@ tar_compress() verdir=${5:-$tool} ver=$(getver $verdir) do_proto_toplev $package $ver $tool "$support_files" - do_md5sum + do_sha256sum do_tar $package $ver do_compress $package $ver "$compressors" } @@ -290,7 +290,7 @@ gdb_tar_compress() compressors=$4 ver=$(getver $tool) do_proto_toplev $package $ver $tool "$support_files" - do_md5sum + do_sha256sum do_djunpack $package $ver do_tar $package $ver do_compress $package $ver "$compressors" -- 2.28.0