You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@iceberg.apache.org by GitBox <gi...@apache.org> on 2022/01/28 16:52:57 UTC

[GitHub] [iceberg] jackye1995 opened a new pull request #3999: Infra: fix release script signing and checksum commands

jackye1995 opened a new pull request #3999:
URL: https://github.com/apache/iceberg/pull/3999


   Fix 2 issues found during release:
   1. checksum uses absolute path, but should just use the relative path
   2. gpg command order is wrong, causing the key configuration to be not respected


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@iceberg.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@iceberg.apache.org
For additional commands, e-mail: issues-help@iceberg.apache.org

[GitHub] [iceberg] jackye1995 commented on a change in pull request #3999: Infra: fix release script signing and checksum commands

Posted by GitBox <gi...@apache.org>.

jackye1995 commented on a change in pull request #3999:
URL: https://github.com/apache/iceberg/pull/3999#discussion_r794685079



##########
File path: dev/source-release.sh
##########
@@ -113,8 +113,8 @@ git archive $release_hash --worktree-attributes --prefix $tag/ -o $projectdir/$t
 
 echo "Signing the tarball..."
 [[ -z "$keyid" ]] && keyopt="-u $keyid"
-gpg --detach-sig $keyopt --armor --output ${projectdir}/${tarball}.asc ${projectdir}/$tarball
-shasum -a 512 ${projectdir}/$tarball > ${projectdir}/${tarball}.sha512
+gpg $keyopt --armor --output ${projectdir}/${tarball}.asc --detach-sig ${projectdir}/$tarball
+shasum -a 512 $tarball > ${projectdir}/${tarball}.sha512

Review comment:
       Not sure if there is a better way to fix this, currently the script kind-of assumes you can run it not in the project root directory. But this would break that assumption. But I cannot find a way to avoid doing this. Maybe I just overlooked some flag?
   
   Another way is to create the file and then remove the `projectdir` part of the path. But that seems to be over-complicating things a lot.




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@iceberg.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@iceberg.apache.org
For additional commands, e-mail: issues-help@iceberg.apache.org

[GitHub] [iceberg] rdblue merged pull request #3999: Infra: fix release script signing and checksum commands

Posted by GitBox <gi...@apache.org>.

rdblue merged pull request #3999:
URL: https://github.com/apache/iceberg/pull/3999


   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@iceberg.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@iceberg.apache.org
For additional commands, e-mail: issues-help@iceberg.apache.org

[GitHub] [iceberg] rdblue commented on a change in pull request #3999: Infra: fix release script signing and checksum commands

Posted by GitBox <gi...@apache.org>.

rdblue commented on a change in pull request #3999:
URL: https://github.com/apache/iceberg/pull/3999#discussion_r794833581



##########
File path: dev/source-release.sh
##########
@@ -113,8 +113,8 @@ git archive $release_hash --worktree-attributes --prefix $tag/ -o $projectdir/$t
 
 echo "Signing the tarball..."
 [[ -z "$keyid" ]] && keyopt="-u $keyid"
-gpg --detach-sig $keyopt --armor --output ${projectdir}/${tarball}.asc ${projectdir}/$tarball
-shasum -a 512 ${projectdir}/$tarball > ${projectdir}/${tarball}.sha512
+gpg $keyopt --armor --output ${projectdir}/${tarball}.asc --detach-sig ${projectdir}/$tarball
+shasum -a 512 $tarball > ${projectdir}/${tarball}.sha512

Review comment:
       I think it's fine to run in the project root directory.




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@iceberg.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@iceberg.apache.org
For additional commands, e-mail: issues-help@iceberg.apache.org