From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gdb-patches-bounces@sourceware.org>
Received: from simark.ca
	by simark.ca with LMTP
	id DRe9BkrZll+GHwAAWB0awg
	(envelope-from <gdb-patches-bounces@sourceware.org>)
	for <public-inbox@simark.ca>; Mon, 26 Oct 2020 10:12:26 -0400
Received: by simark.ca (Postfix, from userid 112)
	id 0DF451F08D; Mon, 26 Oct 2020 10:12:26 -0400 (EDT)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on simark.ca
X-Spam-Level: 
X-Spam-Status: No, score=-1.0 required=5.0 tests=MAILING_LIST_MULTI,
	URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.2
Received: from sourceware.org (server2.sourceware.org [8.43.85.97])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
	(No client certificate requested)
	by simark.ca (Postfix) with ESMTPS id E24851E552
	for <public-inbox@simark.ca>; Mon, 26 Oct 2020 10:12:24 -0400 (EDT)
Received: from server2.sourceware.org (localhost [IPv6:::1])
	by sourceware.org (Postfix) with ESMTP id 9491C389C424;
	Mon, 26 Oct 2020 14:12:24 +0000 (GMT)
Received: from simark.ca (simark.ca [158.69.221.121])
 by sourceware.org (Postfix) with ESMTPS id A3EC53850412;
 Mon, 26 Oct 2020 14:12:20 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org A3EC53850412
Authentication-Results: sourceware.org;
 dmarc=none (p=none dis=none) header.from=simark.ca
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=simark@simark.ca
Received: from [172.16.0.95] (192-222-181-218.qc.cable.ebox.net
 [192.222.181.218])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits))
 (No client certificate requested)
 by simark.ca (Postfix) with ESMTPSA id 222821E552;
 Mon, 26 Oct 2020 10:12:20 -0400 (EDT)
Subject: Re: [PATCH v2] Use sha256 for hashes in the release process
To: andreas@rammhold.de, gdb-patches@sourceware.org,
 Binutils <binutils@sourceware.org>
References: <20201026030329.4314-1-andreas@rammhold.de>
From: Simon Marchi <simark@simark.ca>
Message-ID: <7518cada-e5e1-8d24-5690-d87a9871e1c5@simark.ca>
Date: Mon, 26 Oct 2020 10:12:19 -0400
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101
 Thunderbird/68.10.0
MIME-Version: 1.0
In-Reply-To: <20201026030329.4314-1-andreas@rammhold.de>
Content-Type: text/plain; charset=utf-8
Content-Language: tl
Content-Transfer-Encoding: 7bit
X-BeenThere: gdb-patches@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Gdb-patches mailing list <gdb-patches.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/gdb-patches>,
 <mailto:gdb-patches-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/gdb-patches/>
List-Post: <mailto:gdb-patches@sourceware.org>
List-Help: <mailto:gdb-patches-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/gdb-patches>,
 <mailto:gdb-patches-request@sourceware.org?subject=subscribe>
Errors-To: gdb-patches-bounces@sourceware.org
Sender: "Gdb-patches" <gdb-patches-bounces@sourceware.org>

On 2020-10-25 11:03 p.m., andreas@rammhold.de wrote:

Again, this must be sent to the binutils mailing list as well, I added
it.

Here's the link to the patch:

    https://sourceware.org/pipermail/gdb-patches/2020-October/172866.html

> From: Andreas Rammhold <andreas@rammhold.de>
>
> I just came across the GDB 10.1 release notes and saw that md5 is still
> being used in those. I thought it would be a good idea to instead have a
> more modern, secure and wildly available hash function such as SHA256 as
> part of the release process.
>
> The changes have been done rather mechnically via sed but executing the
> `src-release.sh -b gdb` did work so I am confident about the result.
>
> While this does not directly address the release mails, I was wasn't
> able to find the template/script used for those, this is probably still
> an improvement.
>
> ChangeLog:
> 	* src-release.sh: Use sha256sum instead of md5sum.
>
> binutils/ChangeLog:
> 	* README-how-to-make-a-release: Use sha256sum instead of md5sum.
> ---
>  ChangeLog                             |  3 +++
>  binutils/ChangeLog                    |  3 +++
>  binutils/README-how-to-make-a-release |  4 ++--
>  src-release.sh                        | 18 +++++++++---------
>  4 files changed, 17 insertions(+), 11 deletions(-)
>
> diff --git a/ChangeLog b/ChangeLog
> index 9daa7be322..e9e5f754bd 100644
> --- a/ChangeLog
> +++ b/ChangeLog
> @@ -1,3 +1,6 @@
> +2020-10-26  Andreas Rammhold <andreas@rammhold.de>
> +	* src-release.sh: Use sha256sum instead of md5sum.
> +
>  2020-10-14  Andrew Burgess  <andrew.burgess@embecosm.com>
>
>  	* Makefile.in: Rebuild.
> diff --git a/binutils/ChangeLog b/binutils/ChangeLog
> index 4c14fd1510..8772a930b2 100644
> --- a/binutils/ChangeLog
> +++ b/binutils/ChangeLog
> @@ -1,3 +1,6 @@
> +2020-10-26  Andreas Rammhold <andreas@rammhold.de>
> +	* README-how-to-make-a-release: Use sha256sum instead of md5sum.
> +
>  2020-10-22  H.J. Lu  <hongjiu.lu@intel.com>
>
>  	* testsuite/binutils-all/objcopy.exp (objcopy_test): Report
> diff --git a/binutils/README-how-to-make-a-release b/binutils/README-how-to-make-a-release
> index abb2438c5c..db962e2f55 100644
> --- a/binutils/README-how-to-make-a-release
> +++ b/binutils/README-how-to-make-a-release
> @@ -124,7 +124,7 @@ How to perform a release.
>
>            cd <branch-sources>
>            scp binutils-<OLD_VERSION>.90.tar.xz sourceware.org:~ftp/pub/binutils/snapshots
> -          ssh sourceware.org md5sum ~ftp/pub/binutils/snapshots/binutils-<OLD_VERSION>.90.tar.xz
> +          ssh sourceware.org sha256sum ~ftp/pub/binutils/snapshots/binutils-<OLD_VERSION>.90.tar.xz
>
>       e. Clean up the source directory again.
>
> @@ -364,7 +364,7 @@ Cheers
>        David Edelsohn <dje.gcc@gmail.com> announcing the new release.
>        Sign the email and include the checksum:
>
> -          md5sum binutils-2.3x.tar.*
> +          sha256sum binutils-2.3x.tar.*
>
>        (The email to Davis is so that he can update the GNU Toolchain
>        social media).  Something like this:
> diff --git a/src-release.sh b/src-release.sh
> index 1f69deeb0e..fd65856a55 100755
> --- a/src-release.sh
> +++ b/src-release.sh
> @@ -26,7 +26,7 @@ BZIPPROG=bzip2
>  GZIPPROG=gzip
>  LZIPPROG=lzip
>  XZPROG=xz
> -MD5PROG=md5sum
> +SHA256PROG=sha256sum
>  MAKE=make
>  CC=gcc
>  CXX=g++
> @@ -168,15 +168,15 @@ do_proto_toplev()
>
>  CVS_NAMES='-name CVS -o -name .cvsignore'
>
> -# Add an md5sum to the built tarball
> -do_md5sum()
> +# Add a sha256sum to the built tarball
> +do_sha256sum()
>  {
> -    echo "==> Adding md5 checksum to top-level directory"
> +    echo "==> Adding sha256 checksum to top-level directory"
>      (cd proto-toplev && find * -follow \( $CVS_NAMES \) -prune \
>  	-o -type f -print \
> -	| xargs $MD5PROG > ../md5.new)
> -    rm -f proto-toplev/md5.sum
> -    mv md5.new proto-toplev/md5.sum
> +	| xargs $SHA256PROG > ../sha256.new)
> +    rm -f proto-toplev/sha256.sum
> +    mv sha256.new proto-toplev/sha256.sum
>  }
>
>  # Build the release tarball
> @@ -276,7 +276,7 @@ tar_compress()
>      verdir=${5:-$tool}
>      ver=$(getver $verdir)
>      do_proto_toplev $package $ver $tool "$support_files"
> -    do_md5sum
> +    do_sha256sum
>      do_tar $package $ver
>      do_compress $package $ver "$compressors"
>  }
> @@ -290,7 +290,7 @@ gdb_tar_compress()
>      compressors=$4
>      ver=$(getver $tool)
>      do_proto_toplev $package $ver $tool "$support_files"
> -    do_md5sum
> +    do_sha256sum
>      do_djunpack $package $ver
>      do_tar $package $ver
>      do_compress $package $ver "$compressors"
> --
> 2.28.0
>