Checksums for build_visit modules

[griffin28]

When using checksums for building third-party libraries (3PL) from a bv_*.sh script what are the suggested best practices for:

• Selecting the checksum algorithm (e.g., is MD5 preferred over SHA256/512)?
• When a checksum fails do you continue with building the 3PL with a warning message or do you abort with an error message?

As an aside, it may be good to add developer documentation on creating build_visit modules touching on:

• Should you copy an existing bv_*.sh as a starting point or use construct_build_visit_module.sh
• Brief description of the generated functions and best practices

[markcmiller86]

When using checksums for building third-party libraries (3PL) from a bv_*.sh script what are the suggested best practices for:

• Selecting the checksum algorithm (e.g., is MD5 preferred over SHA256/512)?

AFAIK, we use MD5, SHA 1 and SHA 256 everywhere. I think we're free to not include some of these. I don't think we favor any. Honestly, I don't know why we need three different checksums? So, good question about what is the best practice here. Ideally, we'd want to use whatever checksum alg is ubiquitiously available everywhere. I don't know which that is.

• When a checksum fails do you continue with building the 3PL with a warning message or do you abort with an error message?

I think by default, we ignore case where no checksum is available (so proceed without out). If a checksum fails, by default, we stop. But, I think that can be overridden by some build_visit flag.

As an aside, it may be good to add developer documentation on creating build_visit modules touching on:

• Should you copy an existing bv_*.sh as a starting point or use construct_build_visit_module.sh
• Brief description of the generated functions and best practices

👍

[griffin28]

AFAIK, we use MD5, SHA 1 and SHA 256 everywhere. I think we're free to not include some of these. I don't think we favor any. Honestly, I don't know why we need three different checksums? So, good question about what is the best practice here. Ideally, we'd want to use whatever checksum alg is ubiquitiously available everywhere. I don't know which that is.

Yeah...the prepare_build_dir helper function only takes one type of checksum (you pick the type and the checksum value) however, in a lot of scripts you see both an MD5 and SHA checksum specified. And in some of the scripts they aren't even sent to the prepare_build_dir function. It may be a case of copying a bv_*.sh script as a starting point and not fully understanding what is needed and what's not. I just wanted to verify that the checksums, if specified, weren't being used in other places too.

[markcmiller86]

Yeah...the prepare_build_dir helper function only takes one type of checksum (you pick the type and the checksum value) however, in a lot of scripts you see both an MD5 and SHA checksum specified. And in some of the scripts they aren't even sent to the prepare_build_dir function. It may be a case of copying a bv_*.sh script as a starting point and not fully understanding what is needed and what's not. I just wanted to verify.

Ah, ok. I wasn't aware of that. Ok, that is a clear bug IMHO. I will create an issue ticket from this observation. Thanks for reporting.

[griffin28]

@markcmiller86 a correction...you don't need to explicitly send the checksum type and value to prepare_build_dir. As long as you name it properly (e.g., <MODULE>_MD5_CHECKSUM) build_visit will auto-magically use it to verify the checksum when downloading the 3PL. I verified this with my bv_anari.sh script.

[griffin28]

Also, in the comment header of the .../scripts/build_vist script, it has a lot of the documentation I was suggesting as far as a brief description of the generated/required functions for a bv_<module>.sh script. Maybe this can be transferred to the Developer Docs.

[brugger1]

@markcmiller86 opened the following ticket #18383 to track this issue.