Mirror of the gdb-patches mailing list
 help / color / mirror / Atom feed
* [PATCH v2] Use sha256 for hashes in the release process
@ 2020-10-26  3:03 andreas
  2020-10-26 14:12 ` Simon Marchi
  0 siblings, 1 reply; 6+ messages in thread
From: andreas @ 2020-10-26  3:03 UTC (permalink / raw)
  To: gdb-patches; +Cc: Andreas Rammhold

From: Andreas Rammhold <andreas@rammhold.de>

I just came across the GDB 10.1 release notes and saw that md5 is still
being used in those. I thought it would be a good idea to instead have a
more modern, secure and wildly available hash function such as SHA256 as
part of the release process.

The changes have been done rather mechnically via sed but executing the
`src-release.sh -b gdb` did work so I am confident about the result.

While this does not directly address the release mails, I was wasn't
able to find the template/script used for those, this is probably still
an improvement.

ChangeLog:
	* src-release.sh: Use sha256sum instead of md5sum.

binutils/ChangeLog:
	* README-how-to-make-a-release: Use sha256sum instead of md5sum.
---
 ChangeLog                             |  3 +++
 binutils/ChangeLog                    |  3 +++
 binutils/README-how-to-make-a-release |  4 ++--
 src-release.sh                        | 18 +++++++++---------
 4 files changed, 17 insertions(+), 11 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 9daa7be322..e9e5f754bd 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,6 @@
+2020-10-26  Andreas Rammhold <andreas@rammhold.de>
+	* src-release.sh: Use sha256sum instead of md5sum.
+
 2020-10-14  Andrew Burgess  <andrew.burgess@embecosm.com>
 
 	* Makefile.in: Rebuild.
diff --git a/binutils/ChangeLog b/binutils/ChangeLog
index 4c14fd1510..8772a930b2 100644
--- a/binutils/ChangeLog
+++ b/binutils/ChangeLog
@@ -1,3 +1,6 @@
+2020-10-26  Andreas Rammhold <andreas@rammhold.de>
+	* README-how-to-make-a-release: Use sha256sum instead of md5sum.
+
 2020-10-22  H.J. Lu  <hongjiu.lu@intel.com>
 
 	* testsuite/binutils-all/objcopy.exp (objcopy_test): Report
diff --git a/binutils/README-how-to-make-a-release b/binutils/README-how-to-make-a-release
index abb2438c5c..db962e2f55 100644
--- a/binutils/README-how-to-make-a-release
+++ b/binutils/README-how-to-make-a-release
@@ -124,7 +124,7 @@ How to perform a release.
 
           cd <branch-sources>
           scp binutils-<OLD_VERSION>.90.tar.xz sourceware.org:~ftp/pub/binutils/snapshots
-          ssh sourceware.org md5sum ~ftp/pub/binutils/snapshots/binutils-<OLD_VERSION>.90.tar.xz
+          ssh sourceware.org sha256sum ~ftp/pub/binutils/snapshots/binutils-<OLD_VERSION>.90.tar.xz
 
      e. Clean up the source directory again.
 
@@ -364,7 +364,7 @@ Cheers
       David Edelsohn <dje.gcc@gmail.com> announcing the new release.
       Sign the email and include the checksum:
 
-          md5sum binutils-2.3x.tar.*
+          sha256sum binutils-2.3x.tar.*
 
       (The email to Davis is so that he can update the GNU Toolchain
       social media).  Something like this:
diff --git a/src-release.sh b/src-release.sh
index 1f69deeb0e..fd65856a55 100755
--- a/src-release.sh
+++ b/src-release.sh
@@ -26,7 +26,7 @@ BZIPPROG=bzip2
 GZIPPROG=gzip
 LZIPPROG=lzip
 XZPROG=xz
-MD5PROG=md5sum
+SHA256PROG=sha256sum
 MAKE=make
 CC=gcc
 CXX=g++
@@ -168,15 +168,15 @@ do_proto_toplev()
 
 CVS_NAMES='-name CVS -o -name .cvsignore'
 
-# Add an md5sum to the built tarball
-do_md5sum()
+# Add a sha256sum to the built tarball
+do_sha256sum()
 {
-    echo "==> Adding md5 checksum to top-level directory"
+    echo "==> Adding sha256 checksum to top-level directory"
     (cd proto-toplev && find * -follow \( $CVS_NAMES \) -prune \
 	-o -type f -print \
-	| xargs $MD5PROG > ../md5.new)
-    rm -f proto-toplev/md5.sum
-    mv md5.new proto-toplev/md5.sum
+	| xargs $SHA256PROG > ../sha256.new)
+    rm -f proto-toplev/sha256.sum
+    mv sha256.new proto-toplev/sha256.sum
 }
 
 # Build the release tarball
@@ -276,7 +276,7 @@ tar_compress()
     verdir=${5:-$tool}
     ver=$(getver $verdir)
     do_proto_toplev $package $ver $tool "$support_files"
-    do_md5sum
+    do_sha256sum
     do_tar $package $ver
     do_compress $package $ver "$compressors"
 }
@@ -290,7 +290,7 @@ gdb_tar_compress()
     compressors=$4
     ver=$(getver $tool)
     do_proto_toplev $package $ver $tool "$support_files"
-    do_md5sum
+    do_sha256sum
     do_djunpack $package $ver
     do_tar $package $ver
     do_compress $package $ver "$compressors"
-- 
2.28.0


^ permalink raw reply	[flat|nested] 6+ messages in thread
* Re: [PATCH v2] Use sha256 for hashes in the release process
  2020-10-26  3:03 [PATCH v2] Use sha256 for hashes in the release process andreas
@ 2020-10-26 14:12 ` Simon Marchi
  2020-10-27 16:50   ` Nick Clifton via Gdb-patches
  0 siblings, 1 reply; 6+ messages in thread
From: Simon Marchi @ 2020-10-26 14:12 UTC (permalink / raw)
  To: andreas, gdb-patches, Binutils

On 2020-10-25 11:03 p.m., andreas@rammhold.de wrote:

Again, this must be sent to the binutils mailing list as well, I added
it.

Here's the link to the patch:

    https://sourceware.org/pipermail/gdb-patches/2020-October/172866.html

> From: Andreas Rammhold <andreas@rammhold.de>
>
> I just came across the GDB 10.1 release notes and saw that md5 is still
> being used in those. I thought it would be a good idea to instead have a
> more modern, secure and wildly available hash function such as SHA256 as
> part of the release process.
>
> The changes have been done rather mechnically via sed but executing the
> `src-release.sh -b gdb` did work so I am confident about the result.
>
> While this does not directly address the release mails, I was wasn't
> able to find the template/script used for those, this is probably still
> an improvement.
>
> ChangeLog:
> 	* src-release.sh: Use sha256sum instead of md5sum.
>
> binutils/ChangeLog:
> 	* README-how-to-make-a-release: Use sha256sum instead of md5sum.
> ---
>  ChangeLog                             |  3 +++
>  binutils/ChangeLog                    |  3 +++
>  binutils/README-how-to-make-a-release |  4 ++--
>  src-release.sh                        | 18 +++++++++---------
>  4 files changed, 17 insertions(+), 11 deletions(-)
>
> diff --git a/ChangeLog b/ChangeLog
> index 9daa7be322..e9e5f754bd 100644
> --- a/ChangeLog
> +++ b/ChangeLog
> @@ -1,3 +1,6 @@
> +2020-10-26  Andreas Rammhold <andreas@rammhold.de>
> +	* src-release.sh: Use sha256sum instead of md5sum.
> +
>  2020-10-14  Andrew Burgess  <andrew.burgess@embecosm.com>
>
>  	* Makefile.in: Rebuild.
> diff --git a/binutils/ChangeLog b/binutils/ChangeLog
> index 4c14fd1510..8772a930b2 100644
> --- a/binutils/ChangeLog
> +++ b/binutils/ChangeLog
> @@ -1,3 +1,6 @@
> +2020-10-26  Andreas Rammhold <andreas@rammhold.de>
> +	* README-how-to-make-a-release: Use sha256sum instead of md5sum.
> +
>  2020-10-22  H.J. Lu  <hongjiu.lu@intel.com>
>
>  	* testsuite/binutils-all/objcopy.exp (objcopy_test): Report
> diff --git a/binutils/README-how-to-make-a-release b/binutils/README-how-to-make-a-release
> index abb2438c5c..db962e2f55 100644
> --- a/binutils/README-how-to-make-a-release
> +++ b/binutils/README-how-to-make-a-release
> @@ -124,7 +124,7 @@ How to perform a release.
>
>            cd <branch-sources>
>            scp binutils-<OLD_VERSION>.90.tar.xz sourceware.org:~ftp/pub/binutils/snapshots
> -          ssh sourceware.org md5sum ~ftp/pub/binutils/snapshots/binutils-<OLD_VERSION>.90.tar.xz
> +          ssh sourceware.org sha256sum ~ftp/pub/binutils/snapshots/binutils-<OLD_VERSION>.90.tar.xz
>
>       e. Clean up the source directory again.
>
> @@ -364,7 +364,7 @@ Cheers
>        David Edelsohn <dje.gcc@gmail.com> announcing the new release.
>        Sign the email and include the checksum:
>
> -          md5sum binutils-2.3x.tar.*
> +          sha256sum binutils-2.3x.tar.*
>
>        (The email to Davis is so that he can update the GNU Toolchain
>        social media).  Something like this:
> diff --git a/src-release.sh b/src-release.sh
> index 1f69deeb0e..fd65856a55 100755
> --- a/src-release.sh
> +++ b/src-release.sh
> @@ -26,7 +26,7 @@ BZIPPROG=bzip2
>  GZIPPROG=gzip
>  LZIPPROG=lzip
>  XZPROG=xz
> -MD5PROG=md5sum
> +SHA256PROG=sha256sum
>  MAKE=make
>  CC=gcc
>  CXX=g++
> @@ -168,15 +168,15 @@ do_proto_toplev()
>
>  CVS_NAMES='-name CVS -o -name .cvsignore'
>
> -# Add an md5sum to the built tarball
> -do_md5sum()
> +# Add a sha256sum to the built tarball
> +do_sha256sum()
>  {
> -    echo "==> Adding md5 checksum to top-level directory"
> +    echo "==> Adding sha256 checksum to top-level directory"
>      (cd proto-toplev && find * -follow \( $CVS_NAMES \) -prune \
>  	-o -type f -print \
> -	| xargs $MD5PROG > ../md5.new)
> -    rm -f proto-toplev/md5.sum
> -    mv md5.new proto-toplev/md5.sum
> +	| xargs $SHA256PROG > ../sha256.new)
> +    rm -f proto-toplev/sha256.sum
> +    mv sha256.new proto-toplev/sha256.sum
>  }
>
>  # Build the release tarball
> @@ -276,7 +276,7 @@ tar_compress()
>      verdir=${5:-$tool}
>      ver=$(getver $verdir)
>      do_proto_toplev $package $ver $tool "$support_files"
> -    do_md5sum
> +    do_sha256sum
>      do_tar $package $ver
>      do_compress $package $ver "$compressors"
>  }
> @@ -290,7 +290,7 @@ gdb_tar_compress()
>      compressors=$4
>      ver=$(getver $tool)
>      do_proto_toplev $package $ver $tool "$support_files"
> -    do_md5sum
> +    do_sha256sum
>      do_djunpack $package $ver
>      do_tar $package $ver
>      do_compress $package $ver "$compressors"
> --
> 2.28.0
>


^ permalink raw reply	[flat|nested] 6+ messages in thread
* Re: [PATCH v2] Use sha256 for hashes in the release process
  2020-10-26 14:12 ` Simon Marchi
@ 2020-10-27 16:50   ` Nick Clifton via Gdb-patches
  2020-10-27 16:52     ` Simon Marchi
  0 siblings, 1 reply; 6+ messages in thread
From: Nick Clifton via Gdb-patches @ 2020-10-27 16:50 UTC (permalink / raw)
  To: Simon Marchi, andreas, gdb-patches, Binutils

Hi Simon,

> Again, this must be sent to the binutils mailing list as well, I added
> it.
> 
> Here's the link to the patch:
> 
>     https://sourceware.org/pipermail/gdb-patches/2020-October/172866.html

I am all for this.  Approved from a binutils point of view.

Cheers
  Nick

 


^ permalink raw reply	[flat|nested] 6+ messages in thread
* Re: [PATCH v2] Use sha256 for hashes in the release process
  2020-10-27 16:50   ` Nick Clifton via Gdb-patches
@ 2020-10-27 16:52     ` Simon Marchi
  2020-10-28 10:41       ` Joel Brobecker
  0 siblings, 1 reply; 6+ messages in thread
From: Simon Marchi @ 2020-10-27 16:52 UTC (permalink / raw)
  To: Nick Clifton, andreas, gdb-patches, Binutils; +Cc: Joel Brobecker

On 2020-10-27 12:50 p.m., Nick Clifton wrote:
> Hi Simon,
> 
>> Again, this must be sent to the binutils mailing list as well, I added
>> it.
>>
>> Here's the link to the patch:
>>
>>     https://sourceware.org/pipermail/gdb-patches/2020-October/172866.html
> 
> I am all for this.  Approved from a binutils point of view.
> 
> Cheers
>   Nick

Thanks Nick.  CC-ing Joel, hopefully, he can take a quick look and approve it.

Simon

^ permalink raw reply	[flat|nested] 6+ messages in thread
* Re: [PATCH v2] Use sha256 for hashes in the release process
  2020-10-27 16:52     ` Simon Marchi
@ 2020-10-28 10:41       ` Joel Brobecker
  2020-10-28 14:36         ` Simon Marchi
  0 siblings, 1 reply; 6+ messages in thread
From: Joel Brobecker @ 2020-10-28 10:41 UTC (permalink / raw)
  To: Simon Marchi; +Cc: gdb-patches, Nick Clifton, andreas, Binutils

> >> Again, this must be sent to the binutils mailing list as well, I added
> >> it.
> >>
> >> Here's the link to the patch:
> >>
> >>     https://sourceware.org/pipermail/gdb-patches/2020-October/172866.html
> > 
> > I am all for this.  Approved from a binutils point of view.
> > 
> > Cheers
> >   Nick
> 
> Thanks Nick.  CC-ing Joel, hopefully, he can take a quick look and approve it.

Thanks Simon. This is OK for me.

-- 
Joel

^ permalink raw reply	[flat|nested] 6+ messages in thread
* Re: [PATCH v2] Use sha256 for hashes in the release process
  2020-10-28 10:41       ` Joel Brobecker
@ 2020-10-28 14:36         ` Simon Marchi
  0 siblings, 0 replies; 6+ messages in thread
From: Simon Marchi @ 2020-10-28 14:36 UTC (permalink / raw)
  To: Joel Brobecker; +Cc: andreas, Nick Clifton, gdb-patches, Binutils

On 2020-10-28 6:41 a.m., Joel Brobecker wrote:
>>>> Again, this must be sent to the binutils mailing list as well, I added
>>>> it.
>>>>
>>>> Here's the link to the patch:
>>>>
>>>>     https://sourceware.org/pipermail/gdb-patches/2020-October/172866.html
>>>
>>> I am all for this.  Approved from a binutils point of view.
>>>
>>> Cheers
>>>   Nick
>>
>> Thanks Nick.  CC-ing Joel, hopefully, he can take a quick look and approve it.
> 
> Thanks Simon. This is OK for me.

Thanks, I pushed the patch.

Simon

^ permalink raw reply	[flat|nested] 6+ messages in thread
end of thread, other threads:[~2020-10-28 14:36 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-10-26  3:03 [PATCH v2] Use sha256 for hashes in the release process andreas
2020-10-26 14:12 ` Simon Marchi
2020-10-27 16:50   ` Nick Clifton via Gdb-patches
2020-10-27 16:52     ` Simon Marchi
2020-10-28 10:41       ` Joel Brobecker
2020-10-28 14:36         ` Simon Marchi

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox