Thank you, this seems like what I needed. It turns out gpg-agent has to be
used to sign.

Unfortunately the Internet bandwidth required to upload all the files is
vast, so a Sanselan release is probably only going to happen in January.

In the meanwhile, does my key have to linked into the web of trust before I
can make a release?

Damjan

On Thu, Dec 15, 2011 at 7:05 PM, Simone Tripodi <simonetrip...@apache.org>wrote:

> Hi Damjan!
>
> I suggest you approaching the wiki page[1] first to see how components
> are released in commons, at least the described method is the one I
> follow when proposing RCs.
>
> HTH, have a nice day!
> -Simo
>
> [1] http://wiki.apache.org/commons/CreatingReleases
>
> http://people.apache.org/~simonetripodi/
> http://simonetripodi.livejournal.com/
> http://twitter.com/simonetripodi
> http://www.99soft.org/
>
>
>
> On Thu, Dec 15, 2011 at 5:58 PM, Damjan Jovanovic <damjan....@gmail.com>
> wrote:
> > Hi
> >
> > I promised to start the Sanselan release process early this week, but
> I've
> > been having problem after problem:
> >
> > 1. The instructions on http://commons.apache.org/releases/prepare.htmlsay
> > that you run a variation of "mvn install" to build the release... but
> this
> > only generates the .jar files, not the src/bin zip/tar.gz/tar.bz2 files.
> >
> > 2. Running "mvn assembly:assembly" fails because my UTF-8 platform locale
> > causes a multibyte bug in Plexus Archiver when writing a German sounding
> > filename into the src tar file. I reported this 3 year old bug and
> > submitted a patch (http://jira.codehaus.org/browse/PLXCOMP-195). How did
> > you build Sanselan without this patch before?
> >
> > 3. Running "mvn assembly:assembly" with a manually patched Plexus
> Archiver
> > (and what a mission it was to figure out which of the 5 versions of
> Plexus
> > Archiver in my Maven repository is the one used...) does generate those
> > other files, but doesn't sign them.
> >
> > 4. My attempts to manually sign the .jar file, or its md5 or sha1 hash,
> > with gpg, generate different checksums than those generated by Maven.
> Thus
> > I cannot manually sign the zip/tar files. How is signing supposed to
> work,
> > what gets signed and how?
> >
> > 5. "mvn release" is so badly documented that I am scared to use it. When
> I
> > run it with -DdryRun=true, it hangs on [gpg:sign {execution:
> > sign-artifacts}]. The child process launched by "mvn release:prepare" is
> > launched without this parameter, and strace shows it stuck in read() on
> fd
> > 0 (stdin). Typing the passphrase and pressing enter does nothing.
> > Redirecting stdin from a file with the passphrase also does nothing.
> > Attempts to use -Dgpg.passphrase=... also do nothing, whether passed to
> > directly "mvn" or quoted inside the -Darguments or both, and "ps fax"
> shows
> > that it isn't passed to the child process.
> >
> > Please help?
> >
> > Thank you
> > Damjan
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org
> For additional commands, e-mail: dev-h...@commons.apache.org
>
>

Reply via email to