CRITICAL:cwlprov.tool:Path "data/..." in manifest "manifest-sha1.txt" is unsafe

[steninidak]

Hello,

When trying to validate CWL provenance folder using cwlprov python tool, I get the error in subject, which deals with the usage of unsafe SHA1 checksums. As far as I have noticed into cwltool, the only supported SHA by CWL at the moment is SHA1 (Am I right?).

Is there any way to bypass that critical error or to switch to SHA256 or SHA512?

In the same provenance folder, there are also 2 tagmanifest files for SHA256 and SHA512.

Thank you in advance

[mr-c]

Hello @steninidak ; can you provide a reproducible example? cwltool --provenance should be providing the additional hash types

https://github.com/common-workflow-language/cwltool/blob/72e4ffb7814ec846c12ec15df82a4243654fe053/cwltool/provenance.py#L99