From: Simon Marchi <simark@simark.ca>
To: andreas@rammhold.de, gdb-patches@sourceware.org,
Binutils <binutils@sourceware.org>
Subject: Re: [PATCH v2] Use sha256 for hashes in the release process
Date: Mon, 26 Oct 2020 10:12:19 -0400 [thread overview]
Message-ID: <7518cada-e5e1-8d24-5690-d87a9871e1c5@simark.ca> (raw)
In-Reply-To: <20201026030329.4314-1-andreas@rammhold.de>
On 2020-10-25 11:03 p.m., andreas@rammhold.de wrote:
Again, this must be sent to the binutils mailing list as well, I added
it.
Here's the link to the patch:
https://sourceware.org/pipermail/gdb-patches/2020-October/172866.html
> From: Andreas Rammhold <andreas@rammhold.de>
>
> I just came across the GDB 10.1 release notes and saw that md5 is still
> being used in those. I thought it would be a good idea to instead have a
> more modern, secure and wildly available hash function such as SHA256 as
> part of the release process.
>
> The changes have been done rather mechnically via sed but executing the
> `src-release.sh -b gdb` did work so I am confident about the result.
>
> While this does not directly address the release mails, I was wasn't
> able to find the template/script used for those, this is probably still
> an improvement.
>
> ChangeLog:
> * src-release.sh: Use sha256sum instead of md5sum.
>
> binutils/ChangeLog:
> * README-how-to-make-a-release: Use sha256sum instead of md5sum.
> ---
> ChangeLog | 3 +++
> binutils/ChangeLog | 3 +++
> binutils/README-how-to-make-a-release | 4 ++--
> src-release.sh | 18 +++++++++---------
> 4 files changed, 17 insertions(+), 11 deletions(-)
>
> diff --git a/ChangeLog b/ChangeLog
> index 9daa7be322..e9e5f754bd 100644
> --- a/ChangeLog
> +++ b/ChangeLog
> @@ -1,3 +1,6 @@
> +2020-10-26 Andreas Rammhold <andreas@rammhold.de>
> + * src-release.sh: Use sha256sum instead of md5sum.
> +
> 2020-10-14 Andrew Burgess <andrew.burgess@embecosm.com>
>
> * Makefile.in: Rebuild.
> diff --git a/binutils/ChangeLog b/binutils/ChangeLog
> index 4c14fd1510..8772a930b2 100644
> --- a/binutils/ChangeLog
> +++ b/binutils/ChangeLog
> @@ -1,3 +1,6 @@
> +2020-10-26 Andreas Rammhold <andreas@rammhold.de>
> + * README-how-to-make-a-release: Use sha256sum instead of md5sum.
> +
> 2020-10-22 H.J. Lu <hongjiu.lu@intel.com>
>
> * testsuite/binutils-all/objcopy.exp (objcopy_test): Report
> diff --git a/binutils/README-how-to-make-a-release b/binutils/README-how-to-make-a-release
> index abb2438c5c..db962e2f55 100644
> --- a/binutils/README-how-to-make-a-release
> +++ b/binutils/README-how-to-make-a-release
> @@ -124,7 +124,7 @@ How to perform a release.
>
> cd <branch-sources>
> scp binutils-<OLD_VERSION>.90.tar.xz sourceware.org:~ftp/pub/binutils/snapshots
> - ssh sourceware.org md5sum ~ftp/pub/binutils/snapshots/binutils-<OLD_VERSION>.90.tar.xz
> + ssh sourceware.org sha256sum ~ftp/pub/binutils/snapshots/binutils-<OLD_VERSION>.90.tar.xz
>
> e. Clean up the source directory again.
>
> @@ -364,7 +364,7 @@ Cheers
> David Edelsohn <dje.gcc@gmail.com> announcing the new release.
> Sign the email and include the checksum:
>
> - md5sum binutils-2.3x.tar.*
> + sha256sum binutils-2.3x.tar.*
>
> (The email to Davis is so that he can update the GNU Toolchain
> social media). Something like this:
> diff --git a/src-release.sh b/src-release.sh
> index 1f69deeb0e..fd65856a55 100755
> --- a/src-release.sh
> +++ b/src-release.sh
> @@ -26,7 +26,7 @@ BZIPPROG=bzip2
> GZIPPROG=gzip
> LZIPPROG=lzip
> XZPROG=xz
> -MD5PROG=md5sum
> +SHA256PROG=sha256sum
> MAKE=make
> CC=gcc
> CXX=g++
> @@ -168,15 +168,15 @@ do_proto_toplev()
>
> CVS_NAMES='-name CVS -o -name .cvsignore'
>
> -# Add an md5sum to the built tarball
> -do_md5sum()
> +# Add a sha256sum to the built tarball
> +do_sha256sum()
> {
> - echo "==> Adding md5 checksum to top-level directory"
> + echo "==> Adding sha256 checksum to top-level directory"
> (cd proto-toplev && find * -follow \( $CVS_NAMES \) -prune \
> -o -type f -print \
> - | xargs $MD5PROG > ../md5.new)
> - rm -f proto-toplev/md5.sum
> - mv md5.new proto-toplev/md5.sum
> + | xargs $SHA256PROG > ../sha256.new)
> + rm -f proto-toplev/sha256.sum
> + mv sha256.new proto-toplev/sha256.sum
> }
>
> # Build the release tarball
> @@ -276,7 +276,7 @@ tar_compress()
> verdir=${5:-$tool}
> ver=$(getver $verdir)
> do_proto_toplev $package $ver $tool "$support_files"
> - do_md5sum
> + do_sha256sum
> do_tar $package $ver
> do_compress $package $ver "$compressors"
> }
> @@ -290,7 +290,7 @@ gdb_tar_compress()
> compressors=$4
> ver=$(getver $tool)
> do_proto_toplev $package $ver $tool "$support_files"
> - do_md5sum
> + do_sha256sum
> do_djunpack $package $ver
> do_tar $package $ver
> do_compress $package $ver "$compressors"
> --
> 2.28.0
>
next prev parent reply other threads:[~2020-10-26 14:12 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-10-26 3:03 andreas
2020-10-26 14:12 ` Simon Marchi [this message]
2020-10-27 16:50 ` Nick Clifton via Gdb-patches
2020-10-27 16:52 ` Simon Marchi
2020-10-28 10:41 ` Joel Brobecker
2020-10-28 14:36 ` Simon Marchi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=7518cada-e5e1-8d24-5690-d87a9871e1c5@simark.ca \
--to=simark@simark.ca \
--cc=andreas@rammhold.de \
--cc=binutils@sourceware.org \
--cc=gdb-patches@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox