Generate and upload checksums for released ZIPs to GitHub
When generating an Electron release, create a `sha256sum`-compatible file for each ZIP file, and upload them to the corresponding GitHub release. This is primarily to confirm that the download of a given ZIP completed successfully, as opposed to verifying that an Electron team member uploaded the given ZIP files (which would require using a trusted GPG key).
This commit is contained in:
Mark Lee
parent
01ebc77228
commit
5b07154b8e
2 changed files with 29 additions and 6 deletions
|
|
@ -3,6 +3,7 @@
|
|||
import atexit
|
||||
import contextlib
|
||||
import errno
|
||||
import hashlib
|
||||
import platform
|
||||
import re
|
||||
import shutil
|
||||
|
|
@ -129,6 +130,19 @@ def make_zip(zip_file_path, files, dirs):
|
|||
for f in filenames:
|
||||
zip_file.write(os.path.join(root, f))
|
||||
zip_file.close()
|
||||
make_zip_sha256_checksum(zip_file_path)
|
||||
|
||||
|
||||
def make_zip_sha256_checksum(zip_file_path):
|
||||
checksum_path = '{}.sha256sum'.format(zip_file_path)
|
||||
safe_unlink(checksum_path)
|
||||
sha256 = hashlib.sha256()
|
||||
with open(zip_file_path, 'rb') as f:
|
||||
sha256.update(f.read())
|
||||
|
||||
zip_basename = os.path.basename(zip_file_path)
|
||||
with open(checksum_path, 'w') as checksum:
|
||||
checksum.write('{} *{}'.format(sha256.hexdigest(), zip_basename))
|
||||
|
||||
|
||||
def rm_rf(path):
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue