From: David Bremner Date: Thu, 2 Mar 2017 00:44:47 +0000 (-0400) Subject: build: use sha256sum instead of sha1sum to sign releases X-Git-Tag: 0.24_rc0~13 X-Git-Url: https://git.notmuchmail.org/git?p=notmuch;a=commitdiff_plain;h=914c4db1f2cf5b19100b42a8e3ea62d000a9b642;ds=inline build: use sha256sum instead of sha1sum to sign releases --- diff --git a/Makefile.global b/Makefile.global index d8f335af..7a78e9b5 100644 --- a/Makefile.global +++ b/Makefile.global @@ -43,8 +43,8 @@ RELEASE_URL=https://notmuchmail.org/releases TAR_FILE=$(PACKAGE)-$(VERSION).tar.gz ELPA_FILE:=$(PACKAGE)-emacs-$(ELPA_VERSION).tar DEB_TAR_FILE=$(PACKAGE)_$(VERSION).orig.tar.gz -SHA1_FILE=$(TAR_FILE).sha1 -GPG_FILE=$(SHA1_FILE).asc +SHA256_FILE=$(TAR_FILE).sha256 +GPG_FILE=$(SHA256_FILE).asc PV_FILE=bindings/python/notmuch/version.py diff --git a/Makefile.local b/Makefile.local index 3548ed96..d2ef3e08 100644 --- a/Makefile.local +++ b/Makefile.local @@ -36,12 +36,11 @@ $(TAR_FILE): gzip < $(TAR_FILE).tmp > $(TAR_FILE) @echo "Source is ready for release in $(TAR_FILE)" -$(SHA1_FILE): $(TAR_FILE) - sha1sum $^ > $@ +$(SHA256_FILE): $(TAR_FILE) + sha256sum $^ > $@ -$(GPG_FILE): $(SHA1_FILE) - @echo "Please enter your GPG password to sign the checksum." - gpg --armor --sign $^ +$(GPG_FILE): $(SHA256_FILE) + gpg --armor --sign $^ .PHONY: dist dist: $(TAR_FILE)