From ce04ca31231138105fae3b0dda1670c6ec0e2dcb Mon Sep 17 00:00:00 2001
From: Andreas Rammhold <andreas@rammhold.de>
Date: Mon, 26 Oct 2020 04:03:29 +0100
Subject: Use sha256 for hashes in the release process

I just came across the GDB 10.1 release notes and saw that md5 is still
being used in those. I thought it would be a good idea to instead have a
more modern, secure and wildly available hash function such as SHA256 as
part of the release process.

The changes have been done rather mechnically via sed but executing the
`src-release.sh -b gdb` did work so I am confident about the result.

While this does not directly address the release mails, I was wasn't
able to find the template/script used for those, this is probably still
an improvement.

ChangeLog:
	* src-release.sh: Use sha256sum instead of md5sum.

binutils/ChangeLog:
	* README-how-to-make-a-release: Use sha256sum instead of md5sum.

Change-Id: I9cf19ea40699137c45463b8514f6e29271af2347
---
 src-release.sh | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

(limited to 'src-release.sh')

diff --git a/src-release.sh b/src-release.sh
index 1f69deeb0e6..fd65856a55c 100755
--- a/src-release.sh
+++ b/src-release.sh
@@ -26,7 +26,7 @@ BZIPPROG=bzip2
 GZIPPROG=gzip
 LZIPPROG=lzip
 XZPROG=xz
-MD5PROG=md5sum
+SHA256PROG=sha256sum
 MAKE=make
 CC=gcc
 CXX=g++
@@ -168,15 +168,15 @@ do_proto_toplev()
 
 CVS_NAMES='-name CVS -o -name .cvsignore'
 
-# Add an md5sum to the built tarball
-do_md5sum()
+# Add a sha256sum to the built tarball
+do_sha256sum()
 {
-    echo "==> Adding md5 checksum to top-level directory"
+    echo "==> Adding sha256 checksum to top-level directory"
     (cd proto-toplev && find * -follow \( $CVS_NAMES \) -prune \
 	-o -type f -print \
-	| xargs $MD5PROG > ../md5.new)
-    rm -f proto-toplev/md5.sum
-    mv md5.new proto-toplev/md5.sum
+	| xargs $SHA256PROG > ../sha256.new)
+    rm -f proto-toplev/sha256.sum
+    mv sha256.new proto-toplev/sha256.sum
 }
 
 # Build the release tarball
@@ -276,7 +276,7 @@ tar_compress()
     verdir=${5:-$tool}
     ver=$(getver $verdir)
     do_proto_toplev $package $ver $tool "$support_files"
-    do_md5sum
+    do_sha256sum
     do_tar $package $ver
     do_compress $package $ver "$compressors"
 }
@@ -290,7 +290,7 @@ gdb_tar_compress()
     compressors=$4
     ver=$(getver $tool)
     do_proto_toplev $package $ver $tool "$support_files"
-    do_md5sum
+    do_sha256sum
     do_djunpack $package $ver
     do_tar $package $ver
     do_compress $package $ver "$compressors"
-- 
cgit v1.2.1