Fix SHA256SUMS

shesek · shesek · commit 5e7aab1787f8 · 2021-01-16T09:43:12.000+02:00
Actually sign the npm package hash, rather than only the libbwt hashes.

And rename to LIBBWT-SHA256SUMS, to prevent future confusion.
diff --git a/LIBBWT-SHA256SUMS b/LIBBWT-SHA256SUMS
@@ -0,0 +1,10 @@
+0797b116d267ddfa4b327f80ed60ac7a73b149e2bdd7bb3e3e1cfffb4577be9a  libbwt-0.2.1-electrum_only-x86_64-windows.tar.gz
+1a68ddf31b241837f3d537ff6a279dc294862c1fac4ed26d54fc9c0a0c2be71e  libbwt-0.2.1-x86_64-osx.tar.gz
+3b5b4ba82f0932fd226fbd6455c02fb1df7cf708175fc2571acce08e2fc6582d  libbwt-0.2.1-arm64v8-linux.tar.gz
+3ed646ca654e532a6917c491a85ca29a28ce901b030886d02a52b577edc6afb6  libbwt-0.2.1-electrum_only-arm64v8-linux.tar.gz
+6dfb0368418449ada0af3edc52baf01593e15a49d18b81c712361f3efc7fbccf  libbwt-0.2.1-electrum_only-x86_64-osx.tar.gz
+8d3c1f05a32a9caa155986725a5af4e88071598fddd200f8f039b130dc090973  libbwt-0.2.1-electrum_only-arm32v7-linux.tar.gz
+b8d773f1feb7fc2612f26a324c8cd035ec2bc8ad021b86e090c5645b275e71fd  libbwt-0.2.1-x86_64-linux.tar.gz
+bf9d19d6d0187b609c496fcfb41f500fc80834818e8491027cfd556971649668  libbwt-0.2.1-arm32v7-linux.tar.gz
+e73ab59429090aa467211101c63f273574b934f3eacff3399054c6cea976588a  libbwt-0.2.1-x86_64-windows.tar.gz
+ebfdf7dcd570d116d73348113f36f7bebed998a953871aed6831d226f6073dc2  libbwt-0.2.1-electrum_only-x86_64-linux.tar.gz
diff --git a/README.md b/README.md
@@ -111,7 +111,7 @@ The will download the `libbwt` library for your platform as a postinstall step.
 The currently supported platforms are Linux, Mac, Windows and ARMv7/8.
 
 The hash of the downloaded library is verified against the
-[`SHA256SUMS`](SHA256SUMS) file that ships with the npm package.
+[`SHA256SUMS`](LIBBWT-SHA256SUMS) file that ships with the npm package.
 
 > Note: `libbwt-nodejs` uses [`ffi-napi`](https://github.com/node-ffi-napi/node-ffi-napi), which requires
 > a recent nodejs version. If you're running into errors during installation or segmentation faults,
@@ -158,7 +158,7 @@ copy the `libbwt.so`/`libbwt.dylib`/`bwt.dll` file into the root directory of `l
 
 ## Reproducible builds
 
-The nodejs package (including the `SHA256SUMS` file with the `libbwt` hashes for all platforms)
+The nodejs package (including the `LIBBWT-SHA256SUMS` file with the `libbwt` hashes for all platforms)
 can be reproduced in a Docker container environment as follows:
 
 ```bash
diff --git a/SHA256SUMS.asc b/SHA256SUMS.asc
@@ -1,24 +1,15 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA256
 
-0797b116d267ddfa4b327f80ed60ac7a73b149e2bdd7bb3e3e1cfffb4577be9a  libbwt-0.2.1-electrum_only-x86_64-windows.tar.gz
-1a68ddf31b241837f3d537ff6a279dc294862c1fac4ed26d54fc9c0a0c2be71e  libbwt-0.2.1-x86_64-osx.tar.gz
-3b5b4ba82f0932fd226fbd6455c02fb1df7cf708175fc2571acce08e2fc6582d  libbwt-0.2.1-arm64v8-linux.tar.gz
-3ed646ca654e532a6917c491a85ca29a28ce901b030886d02a52b577edc6afb6  libbwt-0.2.1-electrum_only-arm64v8-linux.tar.gz
-6dfb0368418449ada0af3edc52baf01593e15a49d18b81c712361f3efc7fbccf  libbwt-0.2.1-electrum_only-x86_64-osx.tar.gz
-8d3c1f05a32a9caa155986725a5af4e88071598fddd200f8f039b130dc090973  libbwt-0.2.1-electrum_only-arm32v7-linux.tar.gz
-b8d773f1feb7fc2612f26a324c8cd035ec2bc8ad021b86e090c5645b275e71fd  libbwt-0.2.1-x86_64-linux.tar.gz
-bf9d19d6d0187b609c496fcfb41f500fc80834818e8491027cfd556971649668  libbwt-0.2.1-arm32v7-linux.tar.gz
-e73ab59429090aa467211101c63f273574b934f3eacff3399054c6cea976588a  libbwt-0.2.1-x86_64-windows.tar.gz
-ebfdf7dcd570d116d73348113f36f7bebed998a953871aed6831d226f6073dc2  libbwt-0.2.1-electrum_only-x86_64-linux.tar.gz
+d580eb0543a5029625e8ba97f40a4d1199e0be53a08b177803f1d5f02af3dd3d  libbwt-nodejs-0.2.1.tgz
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
-iQEcBAEBCAAGBQJgAFAaAAoJEIH2EEzQ8VD8UdUH/AtwcsolOZH1Z2xEdEldfhxz
-fe2XnsDXjUfbN8s/i/Vwq8gHMv9iXAWIolPO01sugoI30BODgMClZHkQk+TnaQ6A
-m3dCCKqK2kaxu4/gOxm/Ksv311hVpktJhQ1/Ho7iMWbn9xprCu9KMpI0f9sD9Er4
-NZRtbV5Lp34Bqb5JNd48rvjzGAYeZoWKBpYp4weXMcWked51zXwM4XmMN7VR3sjS
-GCtI6eSUG0EE+paMGI3IVKIwoYQt/5SlFC01FAdaqySyc/K45KcuoysCCl9JoJ/E
-0rjjSeIWOYhATWkP0fqcHTqS4A0MC4zuu44QMeiGXi0sYoJRSlAnzGpvJw4f1NY=
-=2/mh
+iQEcBAEBCAAGBQJgAbbNAAoJEIH2EEzQ8VD8yuwIAJqGnLSri5+YAhwdyLS/2P1k
+oQz05CTZzdRj1Rl1gzdRkgcIsgvnC860f0qu+GIYyrRSmTm0XBd0EBuS/aG/DBKX
+73mWYAGNSToYlsdlu4tFZSIKYWO1Y01W3qRaH7FRU59WX3IX8hNhQdd4HJn0M+xq
+ZWUHY9wxVf/wCVbv4IeDsIoksUNqtGzT437uZJV6YJp0gkNl+Lz1elco362/18IP
+ABGPqs7JVAGiToPvrvypA7YuCHefkAgDpiK+2hvBcQAYRfsApDG01cRkZZMORQBl
+kSy6Bu7BoImOud8y2efMUviYoz+jWlguPS4V95l5UhKme+ksPZXXi2N67tKdQug=
+=rFKE
 -----END PGP SIGNATURE-----
diff --git a/package.json b/package.json
@@ -26,7 +26,7 @@
   "files": [
     "index.js",
     "postinstall.js",
-    "SHA256SUMS",
+    "LIBBWT-SHA256SUMS",
     "npm-shrinkwrap.json",
     "README.md"
   ]
diff --git a/postinstall.js b/postinstall.js
@@ -67,11 +67,11 @@ async function getFile(url, dest) {
 
 // Read the expected sha256 hash out of the SHA256SUMS file
 function getExpectedHash(dist_name) {
-  let line = fs.readFileSync(path.join(__dirname, 'SHA256SUMS'))
+  let line = fs.readFileSync(path.join(__dirname, 'LIBBWT-SHA256SUMS'))
     .toString()
     .split('\n')
     .find(line => line.endsWith(` ${dist_name}.tar.gz`))
-  if (!line) throw new Error(`Cannot find ${dist_name} in SHA256SUMS`)
+  if (!line) throw new Error(`Cannot find ${dist_name} in LIBBWT-SHA256SUMS`)
   return line.split(' ')[0]
 }
 
diff --git a/scripts/build.sh b/scripts/build.sh
@@ -14,9 +14,9 @@ fi
 
 mkdir -p dist && rm -rf dist/*
 
-# Update SHA256SUMS
-(cd $LIBBWT_DIST && sha256sum *.tar.gz) | sort > SHA256SUMS
-chmod 664 SHA256SUMS
+# Update LIBBWT-SHA256SUMS
+(cd $LIBBWT_DIST && sha256sum *.tar.gz) | sort > LIBBWT-SHA256SUMS
+chmod 664 LIBBWT-SHA256SUMS
 
 # Update version
 npm version --allow-same-version --no-git-tag-version $version
diff --git a/scripts/release.sh b/scripts/release.sh
@@ -38,11 +38,11 @@ if [ -z "$SKIP_BUILD" ]; then
 fi
 
 # Sign
-gpg --clearsign --digest-algo sha256 SHA256SUMS > SHA256SUMS.asc
+(cd dist && sha256sum *.tgz) | gpg --clearsign --digest-algo sha256 > SHA256SUMS.asc
 
 # Git tag and push
 if [ -z "$SKIP_GIT" ]; then
-  git add {package,npm-shrinkwrap}.json {CHANGELOG,README}.md SHA256SUMS SHA256SUMS.asc libbwt
+  git add {package,npm-shrinkwrap}.json {CHANGELOG,README}.md LIBBWT-SHA256SUMS SHA256SUMS.asc libbwt
   git commit -S -m v$version
   git tag --sign -m "$changelog" v$version
   git branch -f latest HEAD

Original file line number	Diff line number	Diff line change
`@@ -26,7 +26,7 @@`
`26`	`26`	`"files": [`
`27`	`27`	`"index.js",`
`28`	`28`	`"postinstall.js",`
`29`		`- "SHA256SUMS",`
	`29`	`+ "LIBBWT-SHA256SUMS",`
`30`	`30`	`"npm-shrinkwrap.json",`
`31`	`31`	`"README.md"`
`32`	`32`	`]`