From 3ce3811a9c510bc5c33047be058c1e3601f9e036 Mon Sep 17 00:00:00 2001
From: Tim Duesterhus <tim@bastelstu.be>
Date: Thu, 19 Jul 2018 23:57:56 +0200
Subject: [PATCH] BUILD: Generate sha256 checksums in publish-release

Currently only md5 signatures are generated. While md5
still is not broken with regard to preimage attacks, sha256
clearly is the current secure solution.

This patch should be backported to all supported branches.
---
 scripts/publish-release | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/scripts/publish-release b/scripts/publish-release
index ecef867b9..6a615a6f1 100755
--- a/scripts/publish-release
+++ b/scripts/publish-release
@@ -159,14 +159,15 @@ if [ -z "$AUTO" ]; then
 fi
 
 echo "Archiving sources for version $NEW ..."
-rm -f "${TARGET_DIR}/src${DEVEL}/haproxy-${NEW}.tar.gz"{,.md5}
+rm -f "${TARGET_DIR}/src${DEVEL}/haproxy-${NEW}.tar.gz"{,.md5,.sha256}
 if ! git archive --format=tar --prefix="haproxy-${NEW}/" "v$NEW" | \
      gzip -9 > "${TARGET_DIR}/src${DEVEL}/haproxy-${NEW}.tar.gz"; then
 	die "Failed to produce the tar.gz archive"
 fi
 
 ( cd "$TARGET_DIR/src${DEVEL}" ; \
-  md5sum haproxy-$NEW.tar.gz > haproxy-$NEW.tar.gz.md5 )
+  md5sum haproxy-$NEW.tar.gz > haproxy-$NEW.tar.gz.md5 ; \
+  sha256sum haproxy-$NEW.tar.gz > haproxy-$NEW.tar.gz.sha256 )
 
 echo "Extracting doc ..."
 git show "v$NEW:CHANGELOG" > "$TARGET_DIR/src/CHANGELOG"
@@ -178,6 +179,6 @@ done
 
 echo "Done : ls -l ${TARGET_DIR}"
 ( cd "$TARGET_DIR" ;
-  ls -l src/CHANGELOG "src${DEVEL}/haproxy-${NEW}".tar.gz{,.md5} $(for i in "${DOC[@]}"; do echo "doc/${i#doc/}"{,.gz}; done)
+  ls -l src/CHANGELOG "src${DEVEL}/haproxy-${NEW}".tar.gz{,.md5,.sha256} $(for i in "${DOC[@]}"; do echo "doc/${i#doc/}"{,.gz}; done)
 )
 echo