You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@jackrabbit.apache.org by Konrad Windszus <ko...@gmx.de> on 2020/01/08 09:50:38 UTC
[VOTE] Release Apache Jackrabbit Filevault 3.4.2 and Filevault
Package Maven Plugin 1.1.0
Hi,
A candidate for the Jackrabbit Filevault 3.4.2 release is available at:
https://dist.apache.org/repos/dist/dev/jackrabbit/filevault/3.4.2/
The release candidate is a zip archive of the sources in:
https://svn.apache.org/repos/asf/jackrabbit/commons/filevault/tags/jackrabbit-filevault-3.4.2/
The SHA1 checksum of the archive is 5a4b4714387e9195bed13aa79d2659f67958a73b.
The command for running automated checks against this release candidate is:
$ sh check-release.sh filevault 3.4.2 5a4b4714387e9195bed13aa79d2659f67958a73b
A candidate for the Jackrabbit Filevault Package Maven Plugin 1.1.0 release is available at:
https://dist.apache.org/repos/dist/dev/jackrabbit/filevault-package-maven-plugin/1.1.0/
The release candidate is a zip archive of the sources in:
https://svn.apache.org/repos/asf/jackrabbit/commons/filevault-package-maven-plugin/tags/filevault-package-maven-plugin-1.1.0/
The SHA1 checksum of the archive is
4c8679b67b7d10ecc6ff7869f028ee872a6ee941
The command for running automated checks against this release candidate is:
$ sh check-release.sh filevault-plugin 1.1.0 4c8679b67b7d10ecc6ff7869f028ee872a6ee941
A staged Maven repository for both is available for review at:
https://repository.apache.org/content/repositories/orgapachejackrabbit-1477
Please vote on releasing these packages
The vote is open for a minimum of 72 hours during business days and passes
if a majority of at least three +1 Jackrabbit PMC votes are cast.
The vote fails if not enough votes are cast after 1 week (5 business days).
[ ] +1 Release these packages as "Apache Jackrabbit Filevault 3.4.2" and "Apache Jackrabbit Filevault Package Maven Plugin 1.1.0"
[ ] -1 Do not release these packages because...
Thanks,
Konrad
Re: [VOTE] Release Apache Jackrabbit Filevault 3.4.2 and Filevault
Package Maven Plugin 1.1.0
Posted by Konrad Windszus <ko...@gmx.de>.
Hi Toby,
indeed the maven plugin depends on Filevault 3.4.2, therefore the VOTE on both.
Konrad
> On 9. Jan 2020, at 02:42, Tobias Bocanegra <tr...@adobe.com> wrote:
>
> Hi Konrad,
> Thanks for the releases..are the 2 releases dependent on each other? Otherwise I would create 2 vote requests
> In order to reduce the chance that if 1 release gets rejected, the other is also invalid.
>
> Regards, Toby
>
>> On 8 Jan 2020, at 18:50, Konrad Windszus <ko...@gmx.de> wrote:
>>
>> Hi,
>> A candidate for the Jackrabbit Filevault 3.4.2 release is available at:
>>
>> https://dist.apache.org/repos/dist/dev/jackrabbit/filevault/3.4.2/
>>
>> The release candidate is a zip archive of the sources in:
>>
>> https://svn.apache.org/repos/asf/jackrabbit/commons/filevault/tags/jackrabbit-filevault-3.4.2/
>>
>> The SHA1 checksum of the archive is 5a4b4714387e9195bed13aa79d2659f67958a73b.
>>
>> The command for running automated checks against this release candidate is:
>> $ sh check-release.sh filevault 3.4.2 5a4b4714387e9195bed13aa79d2659f67958a73b
>>
>> A candidate for the Jackrabbit Filevault Package Maven Plugin 1.1.0 release is available at:
>> https://dist.apache.org/repos/dist/dev/jackrabbit/filevault-package-maven-plugin/1.1.0/
>>
>> The release candidate is a zip archive of the sources in:
>> https://svn.apache.org/repos/asf/jackrabbit/commons/filevault-package-maven-plugin/tags/filevault-package-maven-plugin-1.1.0/
>>
>> The SHA1 checksum of the archive is
>> 4c8679b67b7d10ecc6ff7869f028ee872a6ee941
>>
>> The command for running automated checks against this release candidate is:
>> $ sh check-release.sh filevault-plugin 1.1.0 4c8679b67b7d10ecc6ff7869f028ee872a6ee941
>>
>> A staged Maven repository for both is available for review at:
>> https://repository.apache.org/content/repositories/orgapachejackrabbit-1477
>>
>> Please vote on releasing these packages
>> The vote is open for a minimum of 72 hours during business days and passes
>> if a majority of at least three +1 Jackrabbit PMC votes are cast.
>> The vote fails if not enough votes are cast after 1 week (5 business days).
>>
>> [ ] +1 Release these packages as "Apache Jackrabbit Filevault 3.4.2" and "Apache Jackrabbit Filevault Package Maven Plugin 1.1.0"
>> [ ] -1 Do not release these packages because...
>>
>>
>> Thanks,
>> Konrad
>
check-release.sh bug (was: [VOTE] Release Apache Jackrabbit Filevault
3.4.2 and Filevault Package Maven Plugin 1.1.0)
Posted by Tobias Bocanegra <tr...@adobe.com>.
Hi,
Then a problem with the script itself:
[INFO] 3. Verify checksums and signatures
[INFO]
[INFO] Verifying jackrabbit-filevault-3.4.2-src.zip...
gpg: assuming signed data in './filevault/3.4.2/jackrabbit-filevault-3.4.2-src.zip'
gpg: Signature made Wed Jan 8 18:03:46 2020 JST
gpg: using RSA key D7742D58455ECC7C
gpg: Good signature from "Konrad Windszus <kw...@apache.org>>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: B91A B7D2 121D C6B0 A61A A182 D774 2D58 455E CC7C
[INFO] OK: jackrabbit-filevault-3.4.2-src.zip.asc
How do you usually sign keys?
I added mine to https://dist.apache.org/repos/dist/release/jackrabbit/KEYS, is there anything more to do? I thought this would be enough for verification that the key belongs to me. Are the steps from https://jackrabbit.apache.org/jcr/creating-releases.html#Appendix_A:_Create_and_add_your_key_to_the_Jackrabbit_KEYS_file not enough? I am wondering why this hasn't been an issue with the last release...
So, although the verification failed, the script reports OK (same for sha1).
Note, after importing your key, the verification succeeds.
I don't think this is a problem on your side, but I didn't have your key in my keyring when executing the script:
gpg: Good signature from "Konrad Windszus <kw...@apache.org>>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
I would have expected the script to fail.... But maybe this is not a problem.
Regards, toby
Re: [VOTE] Release Apache Jackrabbit Filevault 3.4.2 and Filevault
Package Maven Plugin 1.1.0
Posted by Konrad Windszus <ko...@gmx.de>.
I figured it out.
Was just a wrong configuration of the maven-bundle-plugin.
https://github.com/apache/jackrabbit-filevault/blob/0b5716a2ffd3390731d7a3949e00dccf2e37b29a/parent/pom.xml#L193 <https://github.com/apache/jackrabbit-filevault/blob/0b5716a2ffd3390731d7a3949e00dccf2e37b29a/parent/pom.xml#L193> incorrectly took the last version as baseline (even a SNAPSHOT) (a regression of https://github.com/apache/jackrabbit-filevault/commit/de88f25ce2128b43781c1a25e57b8899c4f106b0 <https://github.com/apache/jackrabbit-filevault/commit/de88f25ce2128b43781c1a25e57b8899c4f106b0>).
Sticking to the default is much more reasonable: https://felix.apache.org/components/bundle-plugin/baseline-mojo.html#comparisonVersion <https://felix.apache.org/components/bundle-plugin/baseline-mojo.html#comparisonVersion>
Fixed in http://svn.apache.org/viewvc?view=revision&revision=1872563 <http://svn.apache.org/viewvc?view=revision&revision=1872563>.
Konrad
> On 9. Jan 2020, at 16:57, Konrad Windszus <ko...@gmx.de> wrote:
>
>
>
>>>
>>> When I remove the . gitattributes from the checkout, I get the following error:
>>>
>>> [ERROR] Failed to execute goal org.apache.felix:maven-bundle-plugin:4.2.1:baseline (baseline) on project org.apache.jackrabbit.vault: Baseline failed, see generated report -> [Help 1]
>>> [ERROR]
>>>
>> I cannot reproduce, can you share the report?
>
> Ok, I see what the issue is:
> For me it says:
>
> [INFO] --- maven-bundle-plugin:4.2.1:baseline (baseline) @ org.apache.jackrabbit.vault ---
> [INFO] Baseline Report - Generated by Apache Felix Maven Bundle Plugin on 2020-01-09T16:45Z based on Bnd - see http://www.aqute.biz/Bnd/Bnd
> [INFO] Comparing bundle org.apache.jackrabbit.vault version 3.4.1-SNAPSHOT to version 3.4.1-SNAPSHOT
> [INFO]
> [INFO] PACKAGE_NAME DELTA CUR_VER BASE_VER REC_VER WARNINGS
> [INFO] = ================================================== ========== ========== ========== ========== ==========
> [INFO] org.apache.jackrabbit.vault.fs unchanged 2.4.0 2.4.0 2.4.0 -
> [INFO] -----------------------------------------------------------------------------------------------------------
> [INFO] org.apache.jackrabbit.vault.fs.api unchanged 2.7.1 2.7.1 2.7.1 -
> [INFO] -----------------------------------------------------------------------------------------------------------
> [INFO] org.apache.jackrabbit.vault.fs.config unchanged 2.6.1 2.6.1 2.6.1 -
> [INFO] -----------------------------------------------------------------------------------------------------------
> [INFO] org.apache.jackrabbit.vault.fs.filter unchanged 2.4.0 2.4.0 2.4.0 -
> [INFO] -----------------------------------------------------------------------------------------------------------
> [INFO] org.apache.jackrabbit.vault.fs.io unchanged 2.9.1 2.9.1 2.9.1 -
> [INFO] -----------------------------------------------------------------------------------------------------------
> [INFO] org.apache.jackrabbit.vault.fs.spi unchanged 2.4.0 2.4.0 2.4.0 -
> [INFO] -----------------------------------------------------------------------------------------------------------
> [INFO] org.apache.jackrabbit.vault.packaging unchanged 2.10.1 2.10.1 2.10.1 -
> [INFO] -----------------------------------------------------------------------------------------------------------
> [INFO] org.apache.jackrabbit.vault.packaging.events unchanged 1.0.1 1.0.1 1.0.1 -
> [INFO] -----------------------------------------------------------------------------------------------------------
> [INFO] org.apache.jackrabbit.vault.packaging.registry unchanged 1.3.0 1.3.0 1.3.0 -
> [INFO] -----------------------------------------------------------------------------------------------------------
> [INFO] org.apache.jackrabbit.vault.util unchanged 2.4.0 2.4.0 2.4.0 -
> [INFO] -----------------------------------------------------------------------------------------------------------
> [INFO] org.apache.jackrabbit.vault.util.xml.serialize unchanged 2.5.0 2.5.0 2.5.0 -
> [INFO] -----------------------------------------------------------------------------------------------------------
> [INFO] Baseline analysis complete, 0 error(s), 0 warning(s)
>
> So obviously an incorrect version has been taken as baseline.
>
> After manually executing "mvn org.apache.felix:maven-bundle-plugin:4.2.1:baseline"
> I now get
>
> [INFO] --- maven-bundle-plugin:4.2.1:baseline (default-cli) @ org.apache.jackrabbit.vault ---
> [INFO] artifact org.apache.jackrabbit.vault:org.apache.jackrabbit.vault: checking for updates from nexus
> [INFO] Baseline Report - Generated by Apache Felix Maven Bundle Plugin on 2020-01-09T16:54Z based on Bnd - see http://www.aqute.biz/Bnd/Bnd
> [INFO] Comparing bundle org.apache.jackrabbit.vault version 3.4.1-SNAPSHOT to version 3.4.0
>
> Anyone ever observed this?
> Thanks,
> Konrad
>
Re: [VOTE] Release Apache Jackrabbit Filevault 3.4.2 and Filevault
Package Maven Plugin 1.1.0
Posted by Konrad Windszus <ko...@gmx.de>.
>>
>> When I remove the . gitattributes from the checkout, I get the following error:
>>
>> [ERROR] Failed to execute goal org.apache.felix:maven-bundle-plugin:4.2.1:baseline (baseline) on project org.apache.jackrabbit.vault: Baseline failed, see generated report -> [Help 1]
>> [ERROR]
>>
> I cannot reproduce, can you share the report?
Ok, I see what the issue is:
For me it says:
[INFO] --- maven-bundle-plugin:4.2.1:baseline (baseline) @ org.apache.jackrabbit.vault ---
[INFO] Baseline Report - Generated by Apache Felix Maven Bundle Plugin on 2020-01-09T16:45Z based on Bnd - see http://www.aqute.biz/Bnd/Bnd
[INFO] Comparing bundle org.apache.jackrabbit.vault version 3.4.1-SNAPSHOT to version 3.4.1-SNAPSHOT
[INFO]
[INFO] PACKAGE_NAME DELTA CUR_VER BASE_VER REC_VER WARNINGS
[INFO] = ================================================== ========== ========== ========== ========== ==========
[INFO] org.apache.jackrabbit.vault.fs unchanged 2.4.0 2.4.0 2.4.0 -
[INFO] -----------------------------------------------------------------------------------------------------------
[INFO] org.apache.jackrabbit.vault.fs.api unchanged 2.7.1 2.7.1 2.7.1 -
[INFO] -----------------------------------------------------------------------------------------------------------
[INFO] org.apache.jackrabbit.vault.fs.config unchanged 2.6.1 2.6.1 2.6.1 -
[INFO] -----------------------------------------------------------------------------------------------------------
[INFO] org.apache.jackrabbit.vault.fs.filter unchanged 2.4.0 2.4.0 2.4.0 -
[INFO] -----------------------------------------------------------------------------------------------------------
[INFO] org.apache.jackrabbit.vault.fs.io unchanged 2.9.1 2.9.1 2.9.1 -
[INFO] -----------------------------------------------------------------------------------------------------------
[INFO] org.apache.jackrabbit.vault.fs.spi unchanged 2.4.0 2.4.0 2.4.0 -
[INFO] -----------------------------------------------------------------------------------------------------------
[INFO] org.apache.jackrabbit.vault.packaging unchanged 2.10.1 2.10.1 2.10.1 -
[INFO] -----------------------------------------------------------------------------------------------------------
[INFO] org.apache.jackrabbit.vault.packaging.events unchanged 1.0.1 1.0.1 1.0.1 -
[INFO] -----------------------------------------------------------------------------------------------------------
[INFO] org.apache.jackrabbit.vault.packaging.registry unchanged 1.3.0 1.3.0 1.3.0 -
[INFO] -----------------------------------------------------------------------------------------------------------
[INFO] org.apache.jackrabbit.vault.util unchanged 2.4.0 2.4.0 2.4.0 -
[INFO] -----------------------------------------------------------------------------------------------------------
[INFO] org.apache.jackrabbit.vault.util.xml.serialize unchanged 2.5.0 2.5.0 2.5.0 -
[INFO] -----------------------------------------------------------------------------------------------------------
[INFO] Baseline analysis complete, 0 error(s), 0 warning(s)
So obviously an incorrect version has been taken as baseline.
After manually executing "mvn org.apache.felix:maven-bundle-plugin:4.2.1:baseline"
I now get
[INFO] --- maven-bundle-plugin:4.2.1:baseline (default-cli) @ org.apache.jackrabbit.vault ---
[INFO] artifact org.apache.jackrabbit.vault:org.apache.jackrabbit.vault: checking for updates from nexus
[INFO] Baseline Report - Generated by Apache Felix Maven Bundle Plugin on 2020-01-09T16:54Z based on Bnd - see http://www.aqute.biz/Bnd/Bnd
[INFO] Comparing bundle org.apache.jackrabbit.vault version 3.4.1-SNAPSHOT to version 3.4.0
Anyone ever observed this?
Thanks,
Konrad
Re: Cancel: [VOTE] Release Apache Jackrabbit Filevault 3.4.2 and
Filevault Package Maven Plugin 1.1.0
Posted by Julian Reschke <ju...@gmx.de>.
On 09.01.2020 14:45, Konrad Windszus wrote:
> Is that still compatible with older AEM releases?
It is supposed to be. (We are talking about remoting over WebDAV/HTTP,
right?).
> ...
Best regards, Julian
Re: Cancel: [VOTE] Release Apache Jackrabbit Filevault 3.4.2 and
Filevault Package Maven Plugin 1.1.0
Posted by Konrad Windszus <ko...@gmx.de>.
Is that still compatible with older AEM releases?
I once asked about the dependency policy of Filevault in https://lists.apache.org/thread.html/96fd489ff06b12e58c5e43bde1d803f6d927524611f86c947efafb53%40%3Cdev.jackrabbit.apache.org%3E <https://lists.apache.org/thread.html/96fd489ff06b12e58c5e43bde1d803f6d927524611f86c947efafb53@%3Cdev.jackrabbit.apache.org%3E> but never received any answer.
Right now we have a very high chance that with every dependency update we may break compatibility with older Sling/AEM distributions. Not everyone is running Filevault on the latest Oak/Jackrabbit.
Are there any other opinions about backwards-compatibility?
> On 9. Jan 2020, at 14:40, Julian Reschke <ju...@gmx.de> wrote:
>
> On 09.01.2020 14:31, Konrad Windszus wrote:
>> Cancelling these two releases due to the findings from Toby.
> > ...
>
> Could you please also update the Jackrabbit dependency to 2.20.0?
>
> Best regards, Julian
Re: Cancel: [VOTE] Release Apache Jackrabbit Filevault 3.4.2 and
Filevault Package Maven Plugin 1.1.0
Posted by Julian Reschke <ju...@gmx.de>.
On 09.01.2020 14:31, Konrad Windszus wrote:
> Cancelling these two releases due to the findings from Toby.
> ...
Could you please also update the Jackrabbit dependency to 2.20.0?
Best regards, Julian
Cancel: [VOTE] Release Apache Jackrabbit Filevault 3.4.2 and
Filevault Package Maven Plugin 1.1.0
Posted by Konrad Windszus <ko...@gmx.de>.
Cancelling these two releases due to the findings from Toby.
Konrad
> On 9. Jan 2020, at 09:09, Konrad Windszus <ko...@gmx.de> wrote:
>
> Thanks for the feedback and sorry for not being diligent enough with this release.
>
>> On 9. Jan 2020, at 03:08, Tobias Bocanegra <tripod@adobe.com <ma...@adobe.com>> wrote:
>>
>> Also, I have several issues with the check:
>>
>> [ERROR] NOT OK: Tagged sources are different from those in the archive
>> Only in ./target/jackrabbit-filevault-3.4.2/svn/jackrabbit-filevault-3.4.2: .gitattributes
>
> I am gonna fix this.
>>
>> When I remove the . gitattributes from the checkout, I get the following error:
>>
>> [ERROR] Failed to execute goal org.apache.felix:maven-bundle-plugin:4.2.1:baseline (baseline) on project org.apache.jackrabbit.vault: Baseline failed, see generated report -> [Help 1]
>> [ERROR]
>>
> I cannot reproduce, can you share the report?
>>
>> Then a problem with the script itself:
>>
>> [INFO] 3. Verify checksums and signatures
>> [INFO]
>> [INFO] Verifying jackrabbit-filevault-3.4.2-src.zip...
>> gpg: assuming signed data in './filevault/3.4.2/jackrabbit-filevault-3.4.2-src.zip'
>> gpg: Signature made Wed Jan 8 18:03:46 2020 JST
>> gpg: using RSA key D7742D58455ECC7C
>> gpg: Good signature from "Konrad Windszus <kwin@apache.org <ma...@apache.org>>" [unknown]
>> gpg: WARNING: This key is not certified with a trusted signature!
>> gpg: There is no indication that the signature belongs to the owner.
>> Primary key fingerprint: B91A B7D2 121D C6B0 A61A A182 D774 2D58 455E CC7C
>> [INFO] OK: jackrabbit-filevault-3.4.2-src.zip.asc
> How do you usually sign keys?
> I added mine to https://dist.apache.org/repos/dist/release/jackrabbit/KEYS <https://dist.apache.org/repos/dist/release/jackrabbit/KEYS>, is there anything more to do? I thought this would be enough for verification that the key belongs to me. Are the steps from https://jackrabbit.apache.org/jcr/creating-releases.html#Appendix_A:_Create_and_add_your_key_to_the_Jackrabbit_KEYS_file <https://jackrabbit.apache.org/jcr/creating-releases.html#Appendix_A:_Create_and_add_your_key_to_the_Jackrabbit_KEYS_file> not enough? I am wondering why this hasn't been an issue with the last release...
>
>>
>> So, although the verification failed, the script reports OK (same for sha1).
>> Note, after importing your key, the verification succeeds.
>>
>> ----
>> As for the plugin:
>> The 1.0.4 release notes are included:
>> https://dist.apache.org/repos/dist/dev/jackrabbit/filevault-package-maven-plugin/1.1.0/RELEASE-NOTES.md <https://dist.apache.org/repos/dist/dev/jackrabbit/filevault-package-maven-plugin/1.1.0/RELEASE-NOTES.md>
> Indeed, I am gonna fix
>>
>>
>> The the same problem with he gitattributes:
>>
>> Only in ./target/filevault-package-maven-plugin-1.1.0/svn/filevault-package-maven-plugin-1.1.0/src/test/resources/test-projects/filtering-tests: .gitattributes
>> [ERROR] NOT OK: Tagged sources are different from those in the archive
>>
>> ---
>>
>> So:
>>
>> -1 Do not release these packages because, the baseline check of filevault fails, and the release notes in the plugin are wrong.
>>
>> Regards, Toby
>>
>>
>>> On 9 Jan 2020, at 10:42, Tobias Bocanegra <tripod@adobe.com <ma...@adobe.com>> wrote:
>>>
>>> Hi Konrad,
>>> Thanks for the releases..are the 2 releases dependent on each other? Otherwise I would create 2 vote requests
>>> In order to reduce the chance that if 1 release gets rejected, the other is also invalid.
>>>
>>> Regards, Toby
>>>
>>>> On 8 Jan 2020, at 18:50, Konrad Windszus <konrad_w@gmx.de <ma...@gmx.de>> wrote:
>>>>
>>>> Hi,
>>>> A candidate for the Jackrabbit Filevault 3.4.2 release is available at:
>>>>
>>>> https://dist.apache.org/repos/dist/dev/jackrabbit/filevault/3.4.2/ <https://dist.apache.org/repos/dist/dev/jackrabbit/filevault/3.4.2/>
>>>>
>>>> The release candidate is a zip archive of the sources in:
>>>>
>>>> https://svn.apache.org/repos/asf/jackrabbit/commons/filevault/tags/jackrabbit-filevault-3.4.2/ <https://svn.apache.org/repos/asf/jackrabbit/commons/filevault/tags/jackrabbit-filevault-3.4.2/>
>>>>
>>>> The SHA1 checksum of the archive is 5a4b4714387e9195bed13aa79d2659f67958a73b.
>>>>
>>>> The command for running automated checks against this release candidate is:
>>>> $ sh check-release.sh filevault 3.4.2 5a4b4714387e9195bed13aa79d2659f67958a73b
>>>>
>>>> A candidate for the Jackrabbit Filevault Package Maven Plugin 1.1.0 release is available at:
>>>> https://dist.apache.org/repos/dist/dev/jackrabbit/filevault-package-maven-plugin/1.1.0/ <https://dist.apache.org/repos/dist/dev/jackrabbit/filevault-package-maven-plugin/1.1.0/>
>>>>
>>>> The release candidate is a zip archive of the sources in:
>>>> https://svn.apache.org/repos/asf/jackrabbit/commons/filevault-package-maven-plugin/tags/filevault-package-maven-plugin-1.1.0/ <https://svn.apache.org/repos/asf/jackrabbit/commons/filevault-package-maven-plugin/tags/filevault-package-maven-plugin-1.1.0/>
>>>>
>>>> The SHA1 checksum of the archive is
>>>> 4c8679b67b7d10ecc6ff7869f028ee872a6ee941
>>>>
>>>> The command for running automated checks against this release candidate is:
>>>> $ sh check-release.sh filevault-plugin 1.1.0 4c8679b67b7d10ecc6ff7869f028ee872a6ee941
>>>>
>>>> A staged Maven repository for both is available for review at:
>>>> https://repository.apache.org/content/repositories/orgapachejackrabbit-1477 <https://repository.apache.org/content/repositories/orgapachejackrabbit-1477>
>>>>
>>>> Please vote on releasing these packages
>>>> The vote is open for a minimum of 72 hours during business days and passes
>>>> if a majority of at least three +1 Jackrabbit PMC votes are cast.
>>>> The vote fails if not enough votes are cast after 1 week (5 business days).
>>>>
>>>> [ ] +1 Release these packages as "Apache Jackrabbit Filevault 3.4.2" and "Apache Jackrabbit Filevault Package Maven Plugin 1.1.0"
>>>> [ ] -1 Do not release these packages because...
>>>>
>>>>
>>>> Thanks,
>>>> Konrad
>>>
>>
>
Re: [VOTE] Release Apache Jackrabbit Filevault 3.4.2 and Filevault
Package Maven Plugin 1.1.0
Posted by Konrad Windszus <ko...@gmx.de>.
Thanks for the feedback and sorry for not being diligent enough with this release.
> On 9. Jan 2020, at 03:08, Tobias Bocanegra <tr...@adobe.com> wrote:
>
> Also, I have several issues with the check:
>
> [ERROR] NOT OK: Tagged sources are different from those in the archive
> Only in ./target/jackrabbit-filevault-3.4.2/svn/jackrabbit-filevault-3.4.2: .gitattributes
I am gonna fix this.
>
> When I remove the . gitattributes from the checkout, I get the following error:
>
> [ERROR] Failed to execute goal org.apache.felix:maven-bundle-plugin:4.2.1:baseline (baseline) on project org.apache.jackrabbit.vault: Baseline failed, see generated report -> [Help 1]
> [ERROR]
>
I cannot reproduce, can you share the report?
>
> Then a problem with the script itself:
>
> [INFO] 3. Verify checksums and signatures
> [INFO]
> [INFO] Verifying jackrabbit-filevault-3.4.2-src.zip...
> gpg: assuming signed data in './filevault/3.4.2/jackrabbit-filevault-3.4.2-src.zip'
> gpg: Signature made Wed Jan 8 18:03:46 2020 JST
> gpg: using RSA key D7742D58455ECC7C
> gpg: Good signature from "Konrad Windszus <kwin@apache.org <ma...@apache.org>>" [unknown]
> gpg: WARNING: This key is not certified with a trusted signature!
> gpg: There is no indication that the signature belongs to the owner.
> Primary key fingerprint: B91A B7D2 121D C6B0 A61A A182 D774 2D58 455E CC7C
> [INFO] OK: jackrabbit-filevault-3.4.2-src.zip.asc
How do you usually sign keys?
I added mine to https://dist.apache.org/repos/dist/release/jackrabbit/KEYS <https://dist.apache.org/repos/dist/release/jackrabbit/KEYS>, is there anything more to do? I thought this would be enough for verification that the key belongs to me. Are the steps from https://jackrabbit.apache.org/jcr/creating-releases.html#Appendix_A:_Create_and_add_your_key_to_the_Jackrabbit_KEYS_file <https://jackrabbit.apache.org/jcr/creating-releases.html#Appendix_A:_Create_and_add_your_key_to_the_Jackrabbit_KEYS_file> not enough? I am wondering why this hasn't been an issue with the last release...
>
> So, although the verification failed, the script reports OK (same for sha1).
> Note, after importing your key, the verification succeeds.
>
> ----
> As for the plugin:
> The 1.0.4 release notes are included:
> https://dist.apache.org/repos/dist/dev/jackrabbit/filevault-package-maven-plugin/1.1.0/RELEASE-NOTES.md <https://dist.apache.org/repos/dist/dev/jackrabbit/filevault-package-maven-plugin/1.1.0/RELEASE-NOTES.md>
Indeed, I am gonna fix
>
>
> The the same problem with he gitattributes:
>
> Only in ./target/filevault-package-maven-plugin-1.1.0/svn/filevault-package-maven-plugin-1.1.0/src/test/resources/test-projects/filtering-tests: .gitattributes
> [ERROR] NOT OK: Tagged sources are different from those in the archive
>
> ---
>
> So:
>
> -1 Do not release these packages because, the baseline check of filevault fails, and the release notes in the plugin are wrong.
>
> Regards, Toby
>
>
>> On 9 Jan 2020, at 10:42, Tobias Bocanegra <tripod@adobe.com <ma...@adobe.com>> wrote:
>>
>> Hi Konrad,
>> Thanks for the releases..are the 2 releases dependent on each other? Otherwise I would create 2 vote requests
>> In order to reduce the chance that if 1 release gets rejected, the other is also invalid.
>>
>> Regards, Toby
>>
>>> On 8 Jan 2020, at 18:50, Konrad Windszus <konrad_w@gmx.de <ma...@gmx.de>> wrote:
>>>
>>> Hi,
>>> A candidate for the Jackrabbit Filevault 3.4.2 release is available at:
>>>
>>> https://dist.apache.org/repos/dist/dev/jackrabbit/filevault/3.4.2/ <https://dist.apache.org/repos/dist/dev/jackrabbit/filevault/3.4.2/>
>>>
>>> The release candidate is a zip archive of the sources in:
>>>
>>> https://svn.apache.org/repos/asf/jackrabbit/commons/filevault/tags/jackrabbit-filevault-3.4.2/
>>>
>>> The SHA1 checksum of the archive is 5a4b4714387e9195bed13aa79d2659f67958a73b.
>>>
>>> The command for running automated checks against this release candidate is:
>>> $ sh check-release.sh filevault 3.4.2 5a4b4714387e9195bed13aa79d2659f67958a73b
>>>
>>> A candidate for the Jackrabbit Filevault Package Maven Plugin 1.1.0 release is available at:
>>> https://dist.apache.org/repos/dist/dev/jackrabbit/filevault-package-maven-plugin/1.1.0/
>>>
>>> The release candidate is a zip archive of the sources in:
>>> https://svn.apache.org/repos/asf/jackrabbit/commons/filevault-package-maven-plugin/tags/filevault-package-maven-plugin-1.1.0/
>>>
>>> The SHA1 checksum of the archive is
>>> 4c8679b67b7d10ecc6ff7869f028ee872a6ee941
>>>
>>> The command for running automated checks against this release candidate is:
>>> $ sh check-release.sh filevault-plugin 1.1.0 4c8679b67b7d10ecc6ff7869f028ee872a6ee941
>>>
>>> A staged Maven repository for both is available for review at:
>>> https://repository.apache.org/content/repositories/orgapachejackrabbit-1477
>>>
>>> Please vote on releasing these packages
>>> The vote is open for a minimum of 72 hours during business days and passes
>>> if a majority of at least three +1 Jackrabbit PMC votes are cast.
>>> The vote fails if not enough votes are cast after 1 week (5 business days).
>>>
>>> [ ] +1 Release these packages as "Apache Jackrabbit Filevault 3.4.2" and "Apache Jackrabbit Filevault Package Maven Plugin 1.1.0"
>>> [ ] -1 Do not release these packages because...
>>>
>>>
>>> Thanks,
>>> Konrad
>>
>
Re: [VOTE] Release Apache Jackrabbit Filevault 3.4.2 and Filevault
Package Maven Plugin 1.1.0
Posted by Tobias Bocanegra <tr...@adobe.com>.
Hi Konrad,
I just built the trunk and it worked.
Ps: maybe we should add: `execute the check-release.sh` before sending the vote
To the releasing doc [0]
[0] https://jackrabbit.apache.org/filevault/howto_release.html
On 10 Jan 2020, at 06:06, Konrad Windszus <ko...@gmx.de>> wrote:
When I remove the . gitattributes from the checkout, I get the following error:
[ERROR] Failed to execute goal org.apache.felix:maven-bundle-plugin:4.2.1:baseline (baseline) on project org.apache.jackrabbit.vault: Baseline failed, see generated report -> [Help 1]
[ERROR]
@Toby: Can you check again in the latest trunk. I applied some fixes to ensure backwards compatibility and adjusted exported package versions accordingly.
Unfortunately the SVN->Git sync is broken (so Travis cannot verify), I opened https://issues.apache.org/jira/browse/INFRA-19690 to track that.
If you confirm I will respin the release tomorrow...
Thanks,
Konrad
Re: [VOTE] Release Apache Jackrabbit Filevault 3.4.2 and Filevault
Package Maven Plugin 1.1.0
Posted by Konrad Windszus <ko...@gmx.de>.
>
> When I remove the . gitattributes from the checkout, I get the following error:
>
> [ERROR] Failed to execute goal org.apache.felix:maven-bundle-plugin:4.2.1:baseline (baseline) on project org.apache.jackrabbit.vault: Baseline failed, see generated report -> [Help 1]
> [ERROR]
@Toby: Can you check again in the latest trunk. I applied some fixes to ensure backwards compatibility and adjusted exported package versions accordingly.
Unfortunately the SVN->Git sync is broken (so Travis cannot verify), I opened https://issues.apache.org/jira/browse/INFRA-19690 <https://issues.apache.org/jira/browse/INFRA-19690> to track that.
If you confirm I will respin the release tomorrow...
Thanks,
Konrad
Re: [VOTE] Release Apache Jackrabbit Filevault 3.4.2 and Filevault
Package Maven Plugin 1.1.0
Posted by Tobias Bocanegra <tr...@adobe.com>.
Also, I have several issues with the check:
[ERROR] NOT OK: Tagged sources are different from those in the archive
Only in ./target/jackrabbit-filevault-3.4.2/svn/jackrabbit-filevault-3.4.2: .gitattributes
When I remove the . gitattributes from the checkout, I get the following error:
[ERROR] Failed to execute goal org.apache.felix:maven-bundle-plugin:4.2.1:baseline (baseline) on project org.apache.jackrabbit.vault: Baseline failed, see generated report -> [Help 1]
[ERROR]
Then a problem with the script itself:
[INFO] 3. Verify checksums and signatures
[INFO]
[INFO] Verifying jackrabbit-filevault-3.4.2-src.zip...
gpg: assuming signed data in './filevault/3.4.2/jackrabbit-filevault-3.4.2-src.zip'
gpg: Signature made Wed Jan 8 18:03:46 2020 JST
gpg: using RSA key D7742D58455ECC7C
gpg: Good signature from "Konrad Windszus <kw...@apache.org>>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: B91A B7D2 121D C6B0 A61A A182 D774 2D58 455E CC7C
[INFO] OK: jackrabbit-filevault-3.4.2-src.zip.asc
So, although the verification failed, the script reports OK (same for sha1).
Note, after importing your key, the verification succeeds.
----
As for the plugin:
The 1.0.4 release notes are included:
https://dist.apache.org/repos/dist/dev/jackrabbit/filevault-package-maven-plugin/1.1.0/RELEASE-NOTES.md
The the same problem with he gitattributes:
Only in ./target/filevault-package-maven-plugin-1.1.0/svn/filevault-package-maven-plugin-1.1.0/src/test/resources/test-projects/filtering-tests: .gitattributes
[ERROR] NOT OK: Tagged sources are different from those in the archive
---
So:
-1 Do not release these packages because, the baseline check of filevault fails, and the release notes in the plugin are wrong.
Regards, Toby
On 9 Jan 2020, at 10:42, Tobias Bocanegra <tr...@adobe.com>> wrote:
Hi Konrad,
Thanks for the releases..are the 2 releases dependent on each other? Otherwise I would create 2 vote requests
In order to reduce the chance that if 1 release gets rejected, the other is also invalid.
Regards, Toby
On 8 Jan 2020, at 18:50, Konrad Windszus <ko...@gmx.de>> wrote:
Hi,
A candidate for the Jackrabbit Filevault 3.4.2 release is available at:
https://dist.apache.org/repos/dist/dev/jackrabbit/filevault/3.4.2/
The release candidate is a zip archive of the sources in:
https://svn.apache.org/repos/asf/jackrabbit/commons/filevault/tags/jackrabbit-filevault-3.4.2/
The SHA1 checksum of the archive is 5a4b4714387e9195bed13aa79d2659f67958a73b.
The command for running automated checks against this release candidate is:
$ sh check-release.sh filevault 3.4.2 5a4b4714387e9195bed13aa79d2659f67958a73b
A candidate for the Jackrabbit Filevault Package Maven Plugin 1.1.0 release is available at:
https://dist.apache.org/repos/dist/dev/jackrabbit/filevault-package-maven-plugin/1.1.0/
The release candidate is a zip archive of the sources in:
https://svn.apache.org/repos/asf/jackrabbit/commons/filevault-package-maven-plugin/tags/filevault-package-maven-plugin-1.1.0/
The SHA1 checksum of the archive is
4c8679b67b7d10ecc6ff7869f028ee872a6ee941
The command for running automated checks against this release candidate is:
$ sh check-release.sh filevault-plugin 1.1.0 4c8679b67b7d10ecc6ff7869f028ee872a6ee941
A staged Maven repository for both is available for review at:
https://repository.apache.org/content/repositories/orgapachejackrabbit-1477
Please vote on releasing these packages
The vote is open for a minimum of 72 hours during business days and passes
if a majority of at least three +1 Jackrabbit PMC votes are cast.
The vote fails if not enough votes are cast after 1 week (5 business days).
[ ] +1 Release these packages as "Apache Jackrabbit Filevault 3.4.2" and "Apache Jackrabbit Filevault Package Maven Plugin 1.1.0"
[ ] -1 Do not release these packages because...
Thanks,
Konrad
Re: [VOTE] Release Apache Jackrabbit Filevault 3.4.2 and Filevault
Package Maven Plugin 1.1.0
Posted by Tobias Bocanegra <tr...@adobe.com>.
Hi Konrad,
Thanks for the releases..are the 2 releases dependent on each other? Otherwise I would create 2 vote requests
In order to reduce the chance that if 1 release gets rejected, the other is also invalid.
Regards, Toby
> On 8 Jan 2020, at 18:50, Konrad Windszus <ko...@gmx.de> wrote:
>
> Hi,
> A candidate for the Jackrabbit Filevault 3.4.2 release is available at:
>
> https://dist.apache.org/repos/dist/dev/jackrabbit/filevault/3.4.2/
>
> The release candidate is a zip archive of the sources in:
>
> https://svn.apache.org/repos/asf/jackrabbit/commons/filevault/tags/jackrabbit-filevault-3.4.2/
>
> The SHA1 checksum of the archive is 5a4b4714387e9195bed13aa79d2659f67958a73b.
>
> The command for running automated checks against this release candidate is:
> $ sh check-release.sh filevault 3.4.2 5a4b4714387e9195bed13aa79d2659f67958a73b
>
> A candidate for the Jackrabbit Filevault Package Maven Plugin 1.1.0 release is available at:
> https://dist.apache.org/repos/dist/dev/jackrabbit/filevault-package-maven-plugin/1.1.0/
>
> The release candidate is a zip archive of the sources in:
> https://svn.apache.org/repos/asf/jackrabbit/commons/filevault-package-maven-plugin/tags/filevault-package-maven-plugin-1.1.0/
>
> The SHA1 checksum of the archive is
> 4c8679b67b7d10ecc6ff7869f028ee872a6ee941
>
> The command for running automated checks against this release candidate is:
> $ sh check-release.sh filevault-plugin 1.1.0 4c8679b67b7d10ecc6ff7869f028ee872a6ee941
>
> A staged Maven repository for both is available for review at:
> https://repository.apache.org/content/repositories/orgapachejackrabbit-1477
>
> Please vote on releasing these packages
> The vote is open for a minimum of 72 hours during business days and passes
> if a majority of at least three +1 Jackrabbit PMC votes are cast.
> The vote fails if not enough votes are cast after 1 week (5 business days).
>
> [ ] +1 Release these packages as "Apache Jackrabbit Filevault 3.4.2" and "Apache Jackrabbit Filevault Package Maven Plugin 1.1.0"
> [ ] -1 Do not release these packages because...
>
>
> Thanks,
> Konrad