spark-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ryan Blue <>
Subject Re: Changing how we compute release hashes
Date Fri, 16 Mar 2018 15:31:45 GMT
+1 It's possible to produce the same file with gpg, but the sha*sum
utilities are a bit easier to remember the syntax for.

On Thu, Mar 15, 2018 at 9:01 PM, Nicholas Chammas <> wrote:

> To verify that I’ve downloaded a Hadoop release correctly, I can just do
> this:
> $ shasum --check hadoop-2.7.5.tar.gz.sha256
> hadoop-2.7.5.tar.gz: OK
> However, since we generate Spark release hashes with GPG
> <>,
> the resulting hash is in a format that doesn’t play well with any tools:
> $ shasum --check spark-2.3.0-bin-hadoop2.7.tgz.sha512
> shasum: spark-2.3.0-bin-hadoop2.7.tgz.sha512: no properly formatted SHA1 checksum lines
> GPG doesn’t seem to offer a way to verify a file from a hash.
> I know I can always manipulate the SHA512 hash into a different format or
> just manually inspect it, but as a “quality of life” improvement can we
> change how we generate the SHA512 hash so that it plays nicely with shasum?
> If it’s too disruptive to change the format of the SHA512 hash, can we add
> a SHA256 hash to our releases in this format?
> I suppose if it’s not easy to update or add hashes to our existing
> releases, it may be too difficult to change anything here. But I’m not
> sure, so I thought I’d ask.
> Nick
> ​

Ryan Blue
Software Engineer

View raw message