hbase-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Christopher Tubbs (JIRA)" <j...@apache.org>
Subject [jira] [Reopened] (HBASE-15630) Improve checksum files for releases for easier verification
Date Wed, 13 Apr 2016 18:04:25 GMT

     [ https://issues.apache.org/jira/browse/HBASE-15630?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

Christopher Tubbs reopened HBASE-15630:

Reopening pending a comment explicitly documenting the community decision to either adopt
the proposed changes or not.

While I find the information provided very useful (and I appreciate the response), I think
the suggested changes may still warrant consideration and discussion, and I think closing
it without a discussion of the pros and cons of what has been proposed is premature.

> Improve checksum files for releases for easier verification
> -----------------------------------------------------------
>                 Key: HBASE-15630
>                 URL: https://issues.apache.org/jira/browse/HBASE-15630
>             Project: HBase
>          Issue Type: Wish
>    Affects Versions: 1.2.1
>            Reporter: Christopher Tubbs
>            Assignee: Elliott Clark
>            Priority: Trivial
> Trying to verify latest release (1.2.1), and I found it a bit inconvenient to parse the
*.mds checksum file. The line wrapping, white space, and the general format of the file does
not lend itself for easy verification.
> I suggest using the standard "coreutils" format for md5sum, sha*sum, etc., instead: <lowercase-hash><space><asterisk(binary-flag)><filename>
> {code}
> # md5
> 3d66c0dd4f38fa881046fe64dd680a7a *hbase-1.2.1-src.tar.gz
> # sha1
> 3666a4829d9a8d9285173bfa8e8d0ff5423a22d6 *hbase-1.2.1-src.tar.gz
> # rmd160
> #fb318e84b6256492cfb990aec2238a64c2da21ad *hbase-1.2.1-src.tar.gz
> # sha224
> 89d341a55069e4875f9e6859737062fd7a4c11596811731c4ba95ca0 *hbase-1.2.1-src.tar.gz
> # sha256
> e8000a65e98d4c5db7bab54da99a57209fe4ea777ab41e91ae8ccf7bfa2d50dd *hbase-1.2.1-src.tar.gz
> # sha384
> 49aa0620bf0fbe20bbde66cecabb76b22defb9ee609936edc3952889e6484e55c88f1c93d6258a2eaab4a9d5188b6170
> # sha512
> 28956a35a01ae87e9f733664c52c6fd25f9a60a1ff7047bbf306cd433c2a5b863c9bf05aba1d58792b86eec9943ae00e772c4b76fb81c5d210cf256cd074189b
> {code}
> (comment lines added for humans, but ignored by tools; commented out rmd160, because
not a coreutils supported algorithm; binary flag optional, could use another space instead...
probably only matters for some dos tools)
> This makes it very easy to verify multiple files and hashes using: {{shasum -c file.mds}}
or {{sha1sum -c file.mds}} or {{md5sum -c file.mds}}.
> In addition to the file format change, I suggest these two additional changes:
> 1. Drop rmd160. It's not nearly as popular as the others, and it doesn't lend itself
to easy verification (no coreutils equivalent command like md5sum, sha1sum, etc.)
> 2. Concatenate hashes from all files into a single file. This makes it easier to verify
all downloads at once.

This message was sent by Atlassian JIRA

View raw message