Uploaded image for project: 'Calcite'
  1. Calcite
  2. CALCITE-1329

As part of release, generate a file containing multiple digests

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 1.9.0
    • Component/s: None
    • Labels:
      None

      Description

      Currently as part of the release we generate .md5 and .sha1 digests (as well as the pgp .asc file) and the download page http://calcite.apache.org/downloads/ references the md5 and pgp but not the sha1.

      Per http://www.apache.org/dev/release-signing.html#md5-security md5 is no longer secure, and sha512 is preferred over sha256. The best approach seems to be to generate multiple digests, and generate new ones as best practices change. I think we should generate checksum file with a .mds suffix as follows:

      $ gpg --print-mds apache-calcite-1.8.0-src.tar.gz | tee apache-calcite-1.8.0-src.tar.gz.mds
      apache-calcite-1.8.0-src.tar.gz:    MD5 = B2 5D 0C 14 8B FE 20 0C  16 47 13 96
                                                D9 2E C4 6D
      apache-calcite-1.8.0-src.tar.gz:   SHA1 = 4246 C20C BAA0 6534 B628  ADCB 1D5E
                                                3AF1 4DE4 A864
      apache-calcite-1.8.0-src.tar.gz: RMD160 = ED29 BD56 D430 AD30 EB17  67CB 34C6
                                                FCB0 47DB 58C5
      apache-calcite-1.8.0-src.tar.gz: SHA224 = 40333911 B0852673 08009F4B 747C88AD
                                                B9996629 EE9BC16E 4492F367
      apache-calcite-1.8.0-src.tar.gz: SHA256 = E5C1DD83 14146A58 3AD44BAF 40F19F4C
                                                D39A95FC E438231D 186F335B C86D6551
      apache-calcite-1.8.0-src.tar.gz: SHA384 = B2619FD2 E17C1CFB 199AE44B D15E79CA
                                                DFAC6AFF D2F00D28 851D2DA2 F07B210E
                                                F7349BED 44524A16 4990B79D A36D2B29
      apache-calcite-1.8.0-src.tar.gz: SHA512 = 18CFCA89 53874D31 80C60C6C 8D89652D
                                                36AA1DAC 4007E113 02BCCDC3 E7465182
                                                78B86071 431195D6 940773A7 F5314B09
                                                5749791B 55F82E25 60C89735 29B4B468
      

      Apache Ranger already does this; see http://ranger.apache.org/download.html.

      We would no longer generate .md5 and .sha1 files, but would continue to generate the .asc file.

        Issue Links

          Activity

          Hide
          julianhyde Julian Hyde added a comment -

          Selvamohan Neethiraj, I got the idea of the .mds file from Apache Ranger. I've never seen any other project that combined all digests into one file, but it seems like a good idea, and I see you've been doing it ever since Apache Ranger 0.4.0 (incubating). Any comments on how it worked for you?

          Show
          julianhyde Julian Hyde added a comment - Selvamohan Neethiraj , I got the idea of the .mds file from Apache Ranger. I've never seen any other project that combined all digests into one file, but it seems like a good idea, and I see you've been doing it ever since Apache Ranger 0.4.0 (incubating). Any comments on how it worked for you?
          Hide
          julianhyde Julian Hyde added a comment -

          I have created PR https://github.com/apache/calcite/pull/272. Jesus Camacho Rodriguez, can you please include the PR in release 1.9, verifying as you make the release?

          Show
          julianhyde Julian Hyde added a comment - I have created PR https://github.com/apache/calcite/pull/272 . Jesus Camacho Rodriguez , can you please include the PR in release 1.9, verifying as you make the release?
          Show
          jcamachorodriguez Jesus Camacho Rodriguez added a comment - Fixed in http://git-wip-us.apache.org/repos/asf/calcite/commit/2f1932d .
          Hide
          jcamachorodriguez Jesus Camacho Rodriguez added a comment -

          Resolved in release 1.9.0 (2016-09-22)

          Show
          jcamachorodriguez Jesus Camacho Rodriguez added a comment - Resolved in release 1.9.0 (2016-09-22)

            People

            • Assignee:
              julianhyde Julian Hyde
              Reporter:
              julianhyde Julian Hyde
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development