Generate SHA1 hashes as well as MD5 ones. Also, use md5sum/sha1sum in preference to openssl (if found), as the former include the filenames in the hashes which is helpful when verifying

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1000901 13f79535-47bb-0310-9956-ffa450edef68

maven/multisign.sh

@@ -22,10 +22,29 @@ echo "enter your GPG passphrase"
 read passphrase
 stty echo
 
+# Do we have md5sum and sha1sum?
+# (We can use openssl if not, but the files it produces aren't as nice)
+which md5sum > /dev/null
+LACKING_MD5SUM=$?
+which sha1sum > /dev/null
+LACKING_SHA1SUM=$?
+
 for i in *; do
+    echo ""
     echo Signing $i
     echo $passphrase | gpg --passphrase-fd 0 --output $i.asc --detach-sig --armor $i
     gpg --verify $i.asc $i
     echo Hashing $i
-    openssl md5 < $i > $i.md5
+
+    if [ "$LACKING_MD5SUM" = "1" ]; then
+       openssl md5 < $i > $i.md5
+    else
+       md5sum $i > $i.md5
+    fi
+
+    if [ "$LACKING_SHA1SUM" = "1" ]; then
+       openssl sha1 < $i > $i.sha1
+    else
+       sha1sum $i > $i.sha1
+    fi
 done

src/documentation/content/xdocs/status.xml

@@ -33,10 +33,9 @@
     </developers>
 
     <changes>
-<!--
         <release version="3.7-beta4" date="2010-??-??">
+           <action dev="poi-developers" type="add">Generate SHA1 hashes of distribution files, alongside existing MD5 ones</action>
         </release>
--->
         <release version="3.7-beta3" date="2010-09-24">
            <action dev="poi-developers" type="fix">48325 - If a HSSF header or footer lacks left/right/centre information, assume it is a centre one</action>
            <action dev="poi-developers" type="fix">49966 - Correctly remove calcChain entries for XSSF cells that stop holding formulas</action>