build: replace sha1 files with sha256

due to security reasons.
https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html

appveyor.yml

@@ -30,7 +30,7 @@ install:
 build_script:
   - go run build.go build
   - grunt release
-  - go run build.go sha1-dist
+  - go run build.go sha-dist
   - cp dist/* .
 
 artifacts:

build.go

@@ -5,7 +5,7 @@ package main
 import (
 	"bytes"
 	"crypto/md5"
-	"crypto/sha1"
+	"crypto/sha256"
 	"encoding/json"
 	"flag"
 	"fmt"
@@ -105,8 +105,8 @@ func main() {
 			grunt(gruntBuildArg("release")...)
 			createDebPackages()
 
-		case "sha1-dist":
-			sha1FilesInDist()
+		case "sha-dist":
+			shaFilesInDist()
 
 		case "latest":
 			makeLatestDistCopies()
@@ -522,14 +522,14 @@ func md5File(file string) error {
 	return out.Close()
 }
 
-func sha1FilesInDist() {
+func shaFilesInDist() {
 	filepath.Walk("./dist", func(path string, f os.FileInfo, err error) error {
 		if path == "./dist" {
 			return nil
 		}
 
-		if strings.Contains(path, ".sha1") == false {
-			err := sha1File(path)
+		if strings.Contains(path, ".sha256") == false {
+			err := shaFile(path)
 			if err != nil {
 				log.Printf("Failed to create sha file. error: %v\n", err)
 			}
@@ -538,20 +538,20 @@ func sha1FilesInDist() {
 	})
 }
 
-func sha1File(file string) error {
+func shaFile(file string) error {
 	fd, err := os.Open(file)
 	if err != nil {
 		return err
 	}
 	defer fd.Close()
 
-	h := sha1.New()
+	h := sha256.New()
 	_, err = io.Copy(h, fd)
 	if err != nil {
 		return err
 	}
 
-	out, err := os.Create(file + ".sha1")
+	out, err := os.Create(file + ".sha256")
 	if err != nil {
 		return err
 	}

circle.yml

@@ -41,7 +41,7 @@ deployment:
     commands:
       - ./scripts/build/deploy.sh
       - ./scripts/build/sign_packages.sh
-      - go run build.go sha1-dist
+      - go run build.go sha-dist
       - aws s3 sync ./dist s3://$BUCKET_NAME/master
       - ./scripts/trigger_windows_build.sh ${APPVEYOR_TOKEN} ${CIRCLE_SHA1} master
       - ./scripts/trigger_docker_build.sh ${TRIGGER_GRAFANA_PACKER_CIRCLECI_TOKEN}
@@ -50,7 +50,7 @@ deployment:
     commands:
       - ./scripts/build/deploy.sh
       - ./scripts/build/sign_packages.sh
-      - go run build.go sha1-dist
+      - go run build.go sha-dist
       - aws s3 sync ./dist s3://$BUCKET_NAME/release
       - ./scripts/trigger_windows_build.sh ${APPVEYOR_TOKEN} ${CIRCLE_SHA1} release
       - ./scripts/trigger_docker_build.sh ${TRIGGER_GRAFANA_PACKER_CIRCLECI_TOKEN} ${CIRCLE_TAG}