On 16 December 2011 06:27, Damjan Jovanovic <damjan....@gmail.com> wrote:
> Thank you, this seems like what I needed. It turns out gpg-agent has to be
> used to sign.
>
> Unfortunately the Internet bandwidth required to upload all the files is
> vast, so a Sanselan release is probably only going to happen in January.

Perhaps consider dropping the BZ2 format; only gz amd zip are generally needed.

Also, can some of the larger test files be compressed or replaced?
The source archive is much bigger than the binary - normally it's the
other way round

> In the meanwhile, does my key have to linked into the web of trust before I
> can make a release?

No.

> Damjan
>
> On Thu, Dec 15, 2011 at 7:05 PM, Simone Tripodi 
> <simonetrip...@apache.org>wrote:
>
>> Hi Damjan!
>>
>> I suggest you approaching the wiki page[1] first to see how components
>> are released in commons, at least the described method is the one I
>> follow when proposing RCs.
>>
>> HTH, have a nice day!
>> -Simo
>>
>> [1] http://wiki.apache.org/commons/CreatingReleases
>>
>> http://people.apache.org/~simonetripodi/
>> http://simonetripodi.livejournal.com/
>> http://twitter.com/simonetripodi
>> http://www.99soft.org/
>>
>>
>>
>> On Thu, Dec 15, 2011 at 5:58 PM, Damjan Jovanovic <damjan....@gmail.com>
>> wrote:
>> > Hi
>> >
>> > I promised to start the Sanselan release process early this week, but
>> I've
>> > been having problem after problem:
>> >
>> > 1. The instructions on http://commons.apache.org/releases/prepare.htmlsay
>> > that you run a variation of "mvn install" to build the release... but
>> this
>> > only generates the .jar files, not the src/bin zip/tar.gz/tar.bz2 files.
>> >
>> > 2. Running "mvn assembly:assembly" fails because my UTF-8 platform locale
>> > causes a multibyte bug in Plexus Archiver when writing a German sounding
>> > filename into the src tar file. I reported this 3 year old bug and
>> > submitted a patch (http://jira.codehaus.org/browse/PLXCOMP-195). How did
>> > you build Sanselan without this patch before?
>> >
>> > 3. Running "mvn assembly:assembly" with a manually patched Plexus
>> Archiver
>> > (and what a mission it was to figure out which of the 5 versions of
>> Plexus
>> > Archiver in my Maven repository is the one used...) does generate those
>> > other files, but doesn't sign them.
>> >
>> > 4. My attempts to manually sign the .jar file, or its md5 or sha1 hash,
>> > with gpg, generate different checksums than those generated by Maven.
>> Thus
>> > I cannot manually sign the zip/tar files. How is signing supposed to
>> work,
>> > what gets signed and how?
>> >
>> > 5. "mvn release" is so badly documented that I am scared to use it. When
>> I
>> > run it with -DdryRun=true, it hangs on [gpg:sign {execution:
>> > sign-artifacts}]. The child process launched by "mvn release:prepare" is
>> > launched without this parameter, and strace shows it stuck in read() on
>> fd
>> > 0 (stdin). Typing the passphrase and pressing enter does nothing.
>> > Redirecting stdin from a file with the passphrase also does nothing.
>> > Attempts to use -Dgpg.passphrase=... also do nothing, whether passed to
>> > directly "mvn" or quoted inside the -Darguments or both, and "ps fax"
>> shows
>> > that it isn't passed to the child process.
>> >
>> > Please help?
>> >
>> > Thank you
>> > Damjan
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org
>> For additional commands, e-mail: dev-h...@commons.apache.org
>>
>>

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org
For additional commands, e-mail: dev-h...@commons.apache.org

Reply via email to