BUILD: Generate sha256 checksums in publish-release
Currently only md5 signatures are generated. While md5
still is not broken with regard to preimage attacks, sha256
clearly is the current secure solution.
This patch should be backported to all supported branches.
diff --git a/scripts/publish-release b/scripts/publish-release
index ecef867..6a615a6 100755
--- a/scripts/publish-release
+++ b/scripts/publish-release
@@ -159,14 +159,15 @@
fi
echo "Archiving sources for version $NEW ..."
-rm -f "${TARGET_DIR}/src${DEVEL}/haproxy-${NEW}.tar.gz"{,.md5}
+rm -f "${TARGET_DIR}/src${DEVEL}/haproxy-${NEW}.tar.gz"{,.md5,.sha256}
if ! git archive --format=tar --prefix="haproxy-${NEW}/" "v$NEW" | \
gzip -9 > "${TARGET_DIR}/src${DEVEL}/haproxy-${NEW}.tar.gz"; then
die "Failed to produce the tar.gz archive"
fi
( cd "$TARGET_DIR/src${DEVEL}" ; \
- md5sum haproxy-$NEW.tar.gz > haproxy-$NEW.tar.gz.md5 )
+ md5sum haproxy-$NEW.tar.gz > haproxy-$NEW.tar.gz.md5 ; \
+ sha256sum haproxy-$NEW.tar.gz > haproxy-$NEW.tar.gz.sha256 )
echo "Extracting doc ..."
git show "v$NEW:CHANGELOG" > "$TARGET_DIR/src/CHANGELOG"
@@ -178,6 +179,6 @@
echo "Done : ls -l ${TARGET_DIR}"
( cd "$TARGET_DIR" ;
- ls -l src/CHANGELOG "src${DEVEL}/haproxy-${NEW}".tar.gz{,.md5} $(for i in "${DOC[@]}"; do echo "doc/${i#doc/}"{,.gz}; done)
+ ls -l src/CHANGELOG "src${DEVEL}/haproxy-${NEW}".tar.gz{,.md5,.sha256} $(for i in "${DOC[@]}"; do echo "doc/${i#doc/}"{,.gz}; done)
)
echo