Call for testing: SHA512 in the install_script instead of md5 on the server
Hi all, Currently to verify file integrity with the install script we download sidecar md5 file from yt-project.org. These aren't versioned, and md5 itself is largely deprecated for this. I've created a new sha512-using version of the install script, which uses sha512 hashes stored *in the install script* to verify file integrity. This way any time these change we will be notified of them. I'd like it if a few people could test this -- I have -- on pristine systems. It changes both how the files are downloaded and it now uses sha512sum, which should be available on most systems (according to Kacper :). You can do this by: wget https://bitbucket.org/MatthewTurk/yt/raw/367ea3bfff2e/doc/install_script.sh and then running it, but maybe supplying an alternate directory rather than the default. Thanks for any feedback. -Matt
Hi Matt. I don't think macs have sha512sum. I get: Awesome! Here we go. Using wget Downloading HDF5 Downloading hdf5-1.8.7.tar.gz from yt-project.org 2012-01-25 13:22:51 URL:http://yt-project.org/dependencies/hdf5-1.8.7.tar.gz[7827944/7827944] -> "hdf5-1.8.7.tar.gz" [1] I am unable to locate sha512sum. FILE INTEGRITY NOT VERIFIED. Downloading zlib-1.2.3.tar.bz2 from yt-project.org ... Best, Casey On Wed, Jan 25, 2012 at 1:19 PM, Matthew Turk <matthewturk@gmail.com> wrote:
Ah, so I found the discussion in IRC. It looks like you use sha512sum on linux and shasum -a 512 on macs. Maybe the install script can try shasum, then sha512sum, then bail on the sum? NERSC has shasum btw. Best, Casey On Wed, Jan 25, 2012 at 1:52 PM, Matthew Turk <matthewturk@gmail.com> wrote:
Anybody have a chance to look at the PR? https://bitbucket.org/yt_analysis/yt/pull-request/76/sha-sums-instead-of-md5 On Thu, Jan 26, 2012 at 7:26 PM, Matthew Turk <matthewturk@gmail.com> wrote:
participants (6)
-
Casey W. Stark -
Christopher Moody -
j s oishi -
Kacper Kowalik -
Matthew Turk -
Nathan Goldbaum