What happened
scripts/generate-checksums.sh writes checksums.txt with one line per artifact in <sha256> <basename> format and pipes the result through | sort. Because each line starts with the sha256 prefix, the final sort orders lines by the (effectively random) hash, not by filename.
Example observed output for three artifacts staged in alphabetic filename order:
92207e51… ci-tools_1.0.0_linux-x64.tar.gz
b95cf784… ci-tools_1.0.0_amd64.deb
ef… ci-tools_1.0.0_osx-x64.tar.gz
What was expected
Lines sorted alphabetically by filename, matching the apparent intent of the trailing | sort and conventional checksum-file layout:
<sha> ci-tools_1.0.0_amd64.deb
<sha> ci-tools_1.0.0_linux-x64.tar.gz
<sha> ci-tools_1.0.0_osx-x64.tar.gz
Steps to reproduce
- Stage two or more release artifacts with deterministic content in a dist dir.
- Run
scripts/generate-checksums.sh <dist-dir>.
- Observe
artifacts/release/checksums.txt — lines are ordered by sha256 prefix, not by filename.
Environment
Affects all platforms; the behavior is in the script itself, not platform-dependent.
Notes
Surfaced while adding bats tests for the script in #137. The tests/bats/scripts/generate-checksums.bats suite intentionally asserts only the set of records, not order, so the buggy order isn't frozen as a contract. A test asserting filename order should be added alongside the fix.
Fix sketch: sort by the second whitespace-separated field, e.g. sort -k2 instead of bare sort, or restructure to sort the filename list before checksumming.
What happened
scripts/generate-checksums.shwriteschecksums.txtwith one line per artifact in<sha256> <basename>format and pipes the result through| sort. Because each line starts with the sha256 prefix, the final sort orders lines by the (effectively random) hash, not by filename.Example observed output for three artifacts staged in alphabetic filename order:
What was expected
Lines sorted alphabetically by filename, matching the apparent intent of the trailing
| sortand conventional checksum-file layout:Steps to reproduce
scripts/generate-checksums.sh <dist-dir>.artifacts/release/checksums.txt— lines are ordered by sha256 prefix, not by filename.Environment
Affects all platforms; the behavior is in the script itself, not platform-dependent.
Notes
Surfaced while adding bats tests for the script in #137. The
tests/bats/scripts/generate-checksums.batssuite intentionally asserts only the set of records, not order, so the buggy order isn't frozen as a contract. A test asserting filename order should be added alongside the fix.Fix sketch: sort by the second whitespace-separated field, e.g.
sort -k2instead of baresort, or restructure to sort the filename list before checksumming.