I've prepared a new release. Not issuing a vote just yet, wanted to check it first.
> You need to sign with your own key, and the public key needs to be in our KEYS file. Ok, so this should be fine then. I need, however, to add my key to the KEYS file, created jira for this: https://issues.apache.org/jira/browse/CASSANDRA-15652 > What was the guide you were using? I've used this release guide: https://infra.apache.org/maven-releases.html Release RSA: https://github.com/apache/cassandra-in-jvm-dtest-api/commit/b4e8724615a931d0b38b59beb08c4c227aa8996e New artifact: https://repository.apache.org/content/repositories/orgapachecassandra-1199/org/apache/cassandra/dtest-api/0.0.1/ I've left sources artifact, but added md5 and sha checksums. Thank you for helping out with this, -- Alex On Sat, Mar 21, 2020 at 10:45 AM Oleksandr Petrov < oleksandr.pet...@gmail.com> wrote: > Thanks for bringing these up! > > > this fixes everything but the signing key used issue > https://github.com/apache/cassandra-in-jvm-dtest-api/pull/2 > Great, I'll just merge this together with my branch to master to have a > ref. Thank you for taking time to resolve these. > > > * Source artifacts does not compile. They depend on snapshot > dependency, see below. > I did mention this explicitly in my original email. There's no Cassandra > artifact and we can not release it yet because it depends on this > repository. To resolve this, I'll remove tests and dependency on > cassandra jar for now just to publish. These tests won't do us any good > here until Cassandra artifacts are released anyways. > > > * There's no copyright or NOTICE file in source jar artifact. > I'll double-check, but I do not remember this mentioned in the Apache > guide I've followed, it's worth adding this information there if it's > missing. > > > * What key has been used to sign? > Can you provide more specific details on that? Apache guide I've followed > said you have to sign with your own key, which was what I've done. If this > is not the case, it'd be great to know which key I should use. I did upload > public key to ubuntu keystore for verification to. > > > * The scm SHA is not mentioned in the vote. > True; branch is not merged since Cassandra patch that depends on it is not > finalized. But to comply to Apache processes we can just merge the branch. > > > * There's a ".git" directory in the source jar artifact. > Interesting. I've used `mvn release:prepare/perform`, and expected it to > take care of it. > > On Fri, Mar 20, 2020 at 7:39 PM Mick Semb Wever <m...@apache.org> wrote: > >> > The vote will be open for 72 hours (longer if needed). Everyone who has >> > tested the build is invited to vote. Votes by PMC members are considered >> > binding. A vote passes if there are at least three binding +1s. >> > >> >> >> -1 >> >> A few things here don't meet the requirements. >> >> * There's no copyright or NOTICE file in source jar artifact. >> * The license is not present in all files (eg AssertUtils.java) >> * What key has been used to sign? >> * Source artifacts does not compile. They depend on snapshot dependency, >> see below. >> * There's a ".git" directory in the source jar artifact. >> >> Additionally, >> * `mvn rat:check` does not pass. (relates back to license and .git >> directory) >> * There's unnecessary duplicate source artifacts. >> * The source zip file does not have sha256 or sha512 checksums. >> * The contents of the source zip artifact do not match what's in scm. >> * The scm SHA is not mentioned in the vote. >> * Where's the scm tag for this scm SHA? >> * Erroneous `.asc.asc` files. >> >> >> The build failure I get is: >> ``` >> [ERROR] Failed to execute goal on project dtest-api: Could not resolve >> dependencies for project >> org.apache.cassandra:dtest-api:jar:0.0.4-SNAPSHOT: >> Could not find artifact >> org.apache.cassandra:in-jvm-dtest-cassandra-tryout:jar:0.0.1-2.2-1 in >> central (https://repo.maven.apache.org/maven2) -> [Help 1] >> ``` >> >> The source zip artifact can just be removed (not generated) as there's no >> need (afaik) for any artifacts outside of the maven repository. But add >> those manually added files into git. This will solve the sha256 and sha512 >> problem, and that the build that doesn't match scm contents. >> >> >> I've got a few hours in front of me and will try to send some PRs to fix >> what I can here. >> >> regards, >> Mick >> > > > -- > alex p > -- alex p
