Re: problematic CalendarTag <-> WeblogPlugin interaction

[Ulf Dittmer]

Rull request created: https://github.com/apache/jspwiki/pull/350

On Sun, Jun 23, 2024 at 12:43 PM Ulf Dittmer 
wrote:

> Thanks Dirk, I wasn't aware of the findFreeEntry method. It basically
> confirms that there is no built-in method to search for pages by pattern,
> and that a linear search must be employed. Practically, I think checking
> the first 10 or so would be sufficient, as it would be highly unusual to
> write more than 10 blog entries on any given day, and then to delete most
> of them.
>
> I'll see what I can come up with.
>
> Ulf
>
> On Sat, Jun 22, 2024 at 10:35 PM Dirk Frederickx <
> dirk.frederi...@gmail.com> wrote:
>
>> Ulf,
>>
>> The problem seems to be in o.a.w.tags/CalenderTag.java  in getDayLink().
>>
>> It only checks for the page with the pattern
>> ${param.page}_blogentry_'ddMMyy'_1
>> ;  which has the suffix "_1".
>>
>> I guess it should actually also check for the existence of pages with a
>> higher _nn.
>> It should stop at MAX_BLOG_ENTRIES (now set tot 10_000), but that would be
>> performance wise not realistic.
>> Better would be to check for the existence of pages starting with the
>> pattern ${param.page}_blogentry_'ddMMyy'_ followed by a /\d+/.
>> Possibly you can find inspiration in  o.a.w.plugin/WeblogEntryPlugin in
>> findFreeEntry()   which is used to create new entries.
>>
>>
>> Grtz
>>   dirk
>>
>> On Fri, Jun 21, 2024 at 10:15 AM Ulf Dittmer
>>  wrote:
>>
>> > The CalendarTag, when deciding whether to link a particular day, assumes
>> > that the presence or absence of a page "..._blogentry_'ddMMyy'_1'
>> indicates
>> > whether there are weblog entries for a given day (this is in
>> Sidebar.jsp).
>> >
>> > The problem is, if the first entry on that day (the one with ..._1) is
>> > deleted, others on that day (..._2 etc.) are not checked, and so that
>> day
>> > is not linked.
>> >
>> > You can see this on
>> >
>> https://jspwiki-wiki.apache.org/Wiki.jsp?page=Haddock%20Weblog%20Example
>> > I created two blog entries, and then deleted the first one. Today's date
>> > (June 21) should still be highlighted and linked because of the second
>> > entry, but it isn't.
>> >
>> > I'm not asking for this to be fixed, I'm just looking for advice on what
>> > the best approach would be. If there's a reasonable solution, I'd be
>> happy
>> > to work on that and contribute it.
>> >
>> > Ulf
>> >
>>
>

Re: Bad signature for jspwiki-wikipages-de-2.12.2.zip

[Arturo Bernal]

Hi all,

I've reviewed the .war and source files, and they appear to be in order.
However, I'm unsure what might have caused the GPG signature to be invalid.

To resolve this issue comprehensively, I propose generating a new version
from scratch. I will prepare a version 2.12.3 that addresses all potential
issues.

what do you think?

Best regards,

Arturo


On Sat, Jun 22, 2024 at 6:05 PM Arturo Bernal  wrote:

> Hi,
>
> Let me check.
>
> Cheers
>
>
> Arturo
>
>
> On Sat, Jun 22, 2024 at 6:03 PM Florian Preinstorfer <
> lists-jspw...@nblock.org> wrote:
>
>> Hi,
>> it seems the GPG signature for jspwiki-wikipages-de-2.12.2.zip is
>> invalid:
>>
>>wget -q
>> https://archive.apache.org/dist/jspwiki/2.12.2/wikipages/jspwiki-wikipages-de-2.12.2.zip
>>wget -q
>> https://archive.apache.org/dist/jspwiki/2.12.2/wikipages/jspwiki-wikipages-de-2.12.2.zip.asc
>>
>>gpg --verify jspwiki-wikipages-de-2.12.2.zip.asc
>>gpg: assuming signed data in 'jspwiki-wikipages-de-2.12.2.zip'
>>gpg: Signature made Wed Jun 12 21:52:44 2024 CEST
>>gpg:using RSA key
>> C650FF7A0C0817441BAC320743B5E9442D51AAC6
>>gpg: BAD signature from "Arturo Bernal " [unknown]
>>
>> Best,
>> Florian
>>
>

Re: Bad signature for jspwiki-wikipages-de-2.12.2.zip

[Juan Pablo Santos Rodríguez]

Hi,

I did try yesterday and got "Can't check signature: public key not found"
(the artifacts are signed with RSA ID 2D51AAC6). Did you send your GPG key
to the default gpg server? Perhaps doing

gpg --send-key 2D51AAC6

is enough to solve the issue? Same thing happens when checking 2.12.1
artifacts, so not sure that a new release will be enough to fix this
problem :-?

HTH,
juan pablo

El lun, 24 jun 2024, 11:30, Arturo Bernal  escribió:

> Hi all,
>
> I've reviewed the .war and source files, and they appear to be in order.
> However, I'm unsure what might have caused the GPG signature to be invalid.
>
> To resolve this issue comprehensively, I propose generating a new version
> from scratch. I will prepare a version 2.12.3 that addresses all potential
> issues.
>
> what do you think?
>
> Best regards,
>
> Arturo
>
>
> On Sat, Jun 22, 2024 at 6:05 PM Arturo Bernal  wrote:
>
> > Hi,
> >
> > Let me check.
> >
> > Cheers
> >
> >
> > Arturo
> >
> >
> > On Sat, Jun 22, 2024 at 6:03 PM Florian Preinstorfer <
> > lists-jspw...@nblock.org> wrote:
> >
> >> Hi,
> >> it seems the GPG signature for jspwiki-wikipages-de-2.12.2.zip is
> >> invalid:
> >>
> >>wget -q
> >>
> https://archive.apache.org/dist/jspwiki/2.12.2/wikipages/jspwiki-wikipages-de-2.12.2.zip
> >>wget -q
> >>
> https://archive.apache.org/dist/jspwiki/2.12.2/wikipages/jspwiki-wikipages-de-2.12.2.zip.asc
> >>
> >>gpg --verify jspwiki-wikipages-de-2.12.2.zip.asc
> >>gpg: assuming signed data in 'jspwiki-wikipages-de-2.12.2.zip'
> >>gpg: Signature made Wed Jun 12 21:52:44 2024 CEST
> >>gpg:using RSA key
> >> C650FF7A0C0817441BAC320743B5E9442D51AAC6
> >>gpg: BAD signature from "Arturo Bernal "
> [unknown]
> >>
> >> Best,
> >> Florian
> >>
> >
>

Re: Bad signature for jspwiki-wikipages-de-2.12.2.zip

[Florian Preinstorfer]

Hi,
Am 2024-06-24 17:17, schrieb Juan Pablo Santos Rodríguez:
I did try yesterday and got "Can't check signature: public key not 
found" (the artifacts are signed with RSA ID 2D51AAC6). Did you send your GPG key

to the default gpg server? Perhaps doing

gpg --send-key 2D51AAC6

is enough to solve the issue? Same thing happens when checking 2.12.1
artifacts, so not sure that a new release will be enough to fix this
problem :-?


FTR: I used the same keyring to verify jspwiki-portable-2.12.2-woas.zip 
with jspwiki-portable-2.12.2-woas.zip.asc. There, verification worked.


Best,
Florian

Re: Bad signature for jspwiki-wikipages-de-2.12.2.zip

[Arturo Bernal]

  Hi,

The key is available (gpg --list-keys --fingerprint 2D51AAC6), but I don't
think that will solve the issue. It seems that I might have generated the
signature incorrectly.

I checked and, yes, there are binaries that were signed correctly.
Verification worked for jspwiki-portable-2.12.2-woas.zip with
jspwiki-portable-2.12.2-woas.zip.asc.



Best regards,

Re: Bad signature for jspwiki-wikipages-de-2.12.2.zip

[Juan Pablo Santos Rodríguez]

Hi!

my bad: gpg --keyserver hkps://pgp.mit.edu/ --recv-keys 2D51AAC6 did
not return the key, but gpg --keyserver hkps://keyserver.ubuntu.com
--recv-keys 2D51AAC6 did.

Done that, I've checked the sigs and basically the ones on the
wikipages folder are the ones giving trouble. In this release, the
name from the wikipages artifacts changed from
jspwiki-wikipages-$LANG-2.12.2.zip to
jspwiki-wikipages-$LANG-2.12.2-jspwiki.zip, so perhaps the name change
has to do with this error? Also the markdown zip don't contain the asc
files. I think they were added on a second pass during the release
vote, so maybe that's why there aren't the asc fils (if they aren't
b/c those zips get autogenerated we can fix that on the next release).
Also I copied a bunch of convenience jars on binaries/webapp that were
lacking their signatures. Also my bad for copying them without
checking first.

As for a new release, given that
./source/jspwiki-builder-2.12.2-source-release.zip contains a valid
signature I wouldn't go for a new release. This is *the* release file,
the important one, whereas the rest are just convenience binaries, so
I think is ok if we fix the sigs directly at svn. For the wikipages it
should be as easy as

git checkout 2.12.2
cd jspwiki-wikipages
mvn clean install gpg:sign

and then just copy the files and sigs. Same could be done for the
other convenience jars too

makes sense? Does anyone thinks that this should warrant a 2.12.3
release, just in any case? If anybody is uncomfortable with proceeding
like above we can always go with 2.12.3 and fix it there.


cheers,
juan pablo

On Mon, Jun 24, 2024 at 7:56 PM Arturo Bernal  wrote:
>
>   Hi,
>
> The key is available (gpg --list-keys --fingerprint 2D51AAC6), but I don't
> think that will solve the issue. It seems that I might have generated the
> signature incorrectly.
>
> I checked and, yes, there are binaries that were signed correctly.
> Verification worked for jspwiki-portable-2.12.2-woas.zip with
> jspwiki-portable-2.12.2-woas.zip.asc.
>
>
>
> Best regards,