On 16 December 2011 06:27, Damjan Jovanovic <damjan....@gmail.com> wrote: > Thank you, this seems like what I needed. It turns out gpg-agent has to be > used to sign. > > Unfortunately the Internet bandwidth required to upload all the files is > vast, so a Sanselan release is probably only going to happen in January.
Perhaps consider dropping the BZ2 format; only gz amd zip are generally needed. Also, can some of the larger test files be compressed or replaced? The source archive is much bigger than the binary - normally it's the other way round > In the meanwhile, does my key have to linked into the web of trust before I > can make a release? No. > Damjan > > On Thu, Dec 15, 2011 at 7:05 PM, Simone Tripodi > <simonetrip...@apache.org>wrote: > >> Hi Damjan! >> >> I suggest you approaching the wiki page[1] first to see how components >> are released in commons, at least the described method is the one I >> follow when proposing RCs. >> >> HTH, have a nice day! >> -Simo >> >> [1] http://wiki.apache.org/commons/CreatingReleases >> >> http://people.apache.org/~simonetripodi/ >> http://simonetripodi.livejournal.com/ >> http://twitter.com/simonetripodi >> http://www.99soft.org/ >> >> >> >> On Thu, Dec 15, 2011 at 5:58 PM, Damjan Jovanovic <damjan....@gmail.com> >> wrote: >> > Hi >> > >> > I promised to start the Sanselan release process early this week, but >> I've >> > been having problem after problem: >> > >> > 1. The instructions on http://commons.apache.org/releases/prepare.htmlsay >> > that you run a variation of "mvn install" to build the release... but >> this >> > only generates the .jar files, not the src/bin zip/tar.gz/tar.bz2 files. >> > >> > 2. Running "mvn assembly:assembly" fails because my UTF-8 platform locale >> > causes a multibyte bug in Plexus Archiver when writing a German sounding >> > filename into the src tar file. I reported this 3 year old bug and >> > submitted a patch (http://jira.codehaus.org/browse/PLXCOMP-195). How did >> > you build Sanselan without this patch before? >> > >> > 3. Running "mvn assembly:assembly" with a manually patched Plexus >> Archiver >> > (and what a mission it was to figure out which of the 5 versions of >> Plexus >> > Archiver in my Maven repository is the one used...) does generate those >> > other files, but doesn't sign them. >> > >> > 4. My attempts to manually sign the .jar file, or its md5 or sha1 hash, >> > with gpg, generate different checksums than those generated by Maven. >> Thus >> > I cannot manually sign the zip/tar files. How is signing supposed to >> work, >> > what gets signed and how? >> > >> > 5. "mvn release" is so badly documented that I am scared to use it. When >> I >> > run it with -DdryRun=true, it hangs on [gpg:sign {execution: >> > sign-artifacts}]. The child process launched by "mvn release:prepare" is >> > launched without this parameter, and strace shows it stuck in read() on >> fd >> > 0 (stdin). Typing the passphrase and pressing enter does nothing. >> > Redirecting stdin from a file with the passphrase also does nothing. >> > Attempts to use -Dgpg.passphrase=... also do nothing, whether passed to >> > directly "mvn" or quoted inside the -Darguments or both, and "ps fax" >> shows >> > that it isn't passed to the child process. >> > >> > Please help? >> > >> > Thank you >> > Damjan >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org >> For additional commands, e-mail: dev-h...@commons.apache.org >> >> --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org For additional commands, e-mail: dev-h...@commons.apache.org