[Pharo-dev] [ANN] sha256 checksum for Pharo6 downloads

henry henry at callistohouse.club
Tue Oct 24 11:56:38 EDT 2017


Hi Marcus,

Are you using SHA256 inside Pharo to generate the checksum files? If so were you planning to use the OpenPGP by hmmosner, in the Cryptography repository for PGP signatures?

I am curious as to integration of the newest Cryptography package there into Pharo. There are two Undeclared: SoundRecorder and FillInTheBlank, though I do not know if such would be a part of a Pharo-Squeak compatibility layer.

More pertinent would be what to do with the HashFunctions that already reside in the Pharo image. If the decision was to include the entire Cryptography into base, then making the HashFunctions not go Obselete would be the objective.

Currently, SHA1, SHA256 and MD5 all get redefined by Cryptography-zzz.111.mcz loading.

What do you think about bringing Cryptography up to date for Pharo and what would be needed. It would help to seek common ground between Squeak and Pharo, yes?

HH

On Tue, Oct 24, 2017 at 11:34, Marcus Denker <[marcus.denker at inria.fr]("mailto:marcus.denker at inria.fr")> wrote:

> Hi,
>
> A tiny first step: I added sha256 chechsums for all downloads created by the Pharo6 build process
>
> [https://ci.inria.fr/pharo/]("https://ci.inria.fr/pharo/")
>
> This step:
>
> [https://ci.inria.fr/pharo/job/Pharo-6.0-Update-Step-5-Publish/]("https://ci.inria.fr/pharo/job/Pharo-6.0-Update-Step-5-Publish/")
>
> now creates .sha256.txt files, e.g for the mac:
>
> [https://ci.inria.fr/pharo/job/Pharo-6.0-Update-Step-5-Publish/lastSuccessfulBuild/artifact/Pharo6.1-mac.zip.sha256.txt]("https://ci.inria.fr/pharo/job/Pharo-6.0-Update-Step-5-Publish/lastSuccessfulBuild/artifact/Pharo6.1-mac.zip.sha256.txt")
>
> This allows to check that downloads from the file server are indeed the same files that the build server created.
> [http://files.pharo.org/platform/]("http://files.pharo.org/platform/")
> [http://files.pharo.org/image/60/]("http://files.pharo.org/image/60/")
>
> As I said, just a very first step.
>
> TODO:
> - pgp signatures
> - insert into website
> - SSL for [files.pharo.org]("http://files.pharo.org")
> - do it Pharo7
> - ….
>
> So: more to come!
>
> Marcus
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.pharo.org/pipermail/pharo-dev_lists.pharo.org/attachments/20171024/9664c6c6/attachment-0002.html>


More information about the Pharo-dev mailing list