-
Notifications
You must be signed in to change notification settings - Fork 13.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore: Change the format for sha512 sum for releases #25577
chore: Change the format for sha512 sum for releases #25577
Conversation
Thanks for this @sebastianliebscher ! I don't understand the original if/else logic, can you explain what is changed by removing this outside of it and placing it at the end? |
As someone who tends to validate releases, I appreciate this. That said, it's a convenience more than a necessity, so I haven't been losing sleep over it. What I'm not clear on is the if/else statement, and if skipping that would cause unforeseen issues. I'm very tempted to approve otherwise... |
else | ||
# The GPG key name to use | ||
GPG_LOCAL_USER="${2}" | ||
gpg --local-user "${GPG_LOCAL_USER}" --armor --output "${NAME}".asc --detach-sig "${NAME}" | ||
gpg --local-user "${GPG_LOCAL_USER}" --print-md SHA512 "${NAME}" > "${NAME}".sha512 | ||
fi |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This checks if a GPG user-id was specified to use gpg
with --local-user
for signing/decrypting. Generating SHA sums (--print-md SHA512
) is not affected by specifying this --local-user
option.
So it is the same as
if [ -z "${2}" ]; then
gpg --armor --output "${NAME}".asc --detach-sig "${NAME}"
else
# The GPG key name to use
GPG_LOCAL_USER="${2}"
gpg --local-user "${GPG_LOCAL_USER}" --armor --output "${NAME}".asc --detach-sig "${NAME}"
fi
gpg --print-md SHA512 "${NAME}" > "${NAME}".sha512
which I then replaced with shasum
:
if [ -z "${2}" ]; then
gpg --armor --output "${NAME}".asc --detach-sig "${NAME}"
else
# The GPG key name to use
GPG_LOCAL_USER="${2}"
gpg --local-user "${GPG_LOCAL_USER}" --armor --output "${NAME}".asc --detach-sig "${NAME}"
fi
shasum -a 512 "${NAME}" > "${NAME}.sha512"
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. Thanks for the improvement @sebastianliebscher!
SUMMARY
The current
release.tar.gz.sha512
file format does not allow an easy comparison of the SHA sum. See #25333Resolves #25333
Mirrors apache/airflow#12867
BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF
TESTING INSTRUCTIONS
ADDITIONAL INFORMATION