You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@poi.apache.org by "Allison, Timothy B." <ta...@mitre.org> on 2013/09/06 19:39:12 UTC

help with publishing 3.10-beta2 to maven

All,
  The vote passed, and I'm trying to publish to maven.  I'm running into some roadblocks.  Any help would be much appreciated (I'll modify the release-guide.txt to ensure the next newbie doesn't run into these issues!).  Questions in >>

Guide (http://svn.apache.org/repos/asf/poi/tags/REL_3_9/src/documentation/release-guide.txt):

(III) After the vote:

Log-in on people.apache.org



deploy Maven artifacts

{code}

cd build/dist

./mvn-deploy.sh

{code}

>>According to mvn-deploy.sh, I have to have a link to my private key and enter my passphrase in the clear in xml on the people.apache.org server.  Is this my pgp/gpg signing key or a different key?  If pgp, doesn't this conflict with guidance of key security from Apache?  If not, apologies for my denseness.



 2. Make sure that the files are owned by the unix group apcvs and that they are writable by this group.
>> I'm not a member of apcvs and I can't find apcvs in /etc/group.  Is this direction still valid?


Best,

      Tim

RE: help with publishing 3.10-beta2 to maven

Posted by "Allison, Timothy B." <ta...@mitre.org>.

Thank you, Nick!

-----Original Message-----
From: Nick Burch [mailto:apache@gagravarr.org] 
Sent: Tuesday, September 10, 2013 6:11 AM
To: POI Developers List
Subject: RE: help with publishing 3.10-beta2 to maven

On Tue, 10 Sep 2013, Allison, Timothy B. wrote:
> I don't seem to have permissions to commit to the dist directory...could 
> be typo on my part though and I could be hitting the wrong directory...
>
> Evidence:
> 1) I can't delete:
> tallison@minotaur:~/poi-dist$ svn delete https://dist.apache.org/repos/dist/release/poi/dev/bin --message "deleting dist bin for 3.10-beta1"
> Authentication realm: <https://dist.apache.org:443> ASF Committers
> Password for 'tallison':
> svn: E175013: Access to '/repos/dist/!svn/ver/2356/release/poi/dev' forbidden

You're in the unix group for pmc, but not in the committee group, which I 
suspect is why it isn't going through

Yegor - any chance you could update board/committee-info.txt with the 
recent additions to the committee, then log into people.apache.org and use 
modify_committee.pl to record that in LDAP? (Only PMC chairs have karma to 
do that)

> I notice that the files in /dist/poi/dev all have user/group of 
> svnwc....is this what the "apcvs" should be in the release guide?

Ah, actually, the whole bit on groups can go!

Now that we store the release artifacts in svn, we no longer directly 
deploy the files ourselves, so we don't need to worry about permissions. 
Once you commit a file to the dist area of svn, another system will notice 
and automatically do a "svn up" in the right place for the web servers and 
mirrors to see. That is the thing that does permissions, and we no longer 
need to worry about it

Nick

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@poi.apache.org
For additional commands, e-mail: dev-help@poi.apache.org

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@poi.apache.org
For additional commands, e-mail: dev-help@poi.apache.org

RE: help with publishing 3.10-beta2 to maven

Posted by Nick Burch <ap...@gagravarr.org>.

On Tue, 10 Sep 2013, Allison, Timothy B. wrote:
> I don't seem to have permissions to commit to the dist directory...could 
> be typo on my part though and I could be hitting the wrong directory...
>
> Evidence:
> 1) I can't delete:
> tallison@minotaur:~/poi-dist$ svn delete https://dist.apache.org/repos/dist/release/poi/dev/bin --message "deleting dist bin for 3.10-beta1"
> Authentication realm: <https://dist.apache.org:443> ASF Committers
> Password for 'tallison':
> svn: E175013: Access to '/repos/dist/!svn/ver/2356/release/poi/dev' forbidden

You're in the unix group for pmc, but not in the committee group, which I 
suspect is why it isn't going through

Yegor - any chance you could update board/committee-info.txt with the 
recent additions to the committee, then log into people.apache.org and use 
modify_committee.pl to record that in LDAP? (Only PMC chairs have karma to 
do that)

> I notice that the files in /dist/poi/dev all have user/group of 
> svnwc....is this what the "apcvs" should be in the release guide?

Ah, actually, the whole bit on groups can go!

Now that we store the release artifacts in svn, we no longer directly 
deploy the files ourselves, so we don't need to worry about permissions. 
Once you commit a file to the dist area of svn, another system will notice 
and automatically do a "svn up" in the right place for the web servers and 
mirrors to see. That is the thing that does permissions, and we no longer 
need to worry about it

Nick

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@poi.apache.org
For additional commands, e-mail: dev-help@poi.apache.org

RE: help with publishing 3.10-beta2 to maven

Posted by "Allison, Timothy B." <ta...@mitre.org>.

Thank you, Nick.  3.10-beta2 is in the Maven repository now. 

I don't seem to have permissions to commit to the dist directory...could be typo on my part though and I could be hitting the wrong directory...

Evidence:
1) I can't delete:
tallison@minotaur:~/poi-dist$ svn delete https://dist.apache.org/repos/dist/release/poi/dev/bin --message "deleting dist bin for 3.10-beta1"
Authentication realm: <https://dist.apache.org:443> ASF Committers
Password for 'tallison':
svn: E175013: Access to '/repos/dist/!svn/ver/2356/release/poi/dev' forbidden

2) And when I try to co, add files and then commit:
co https://dist.apache.org/repos/dist/release/poi/dev
...copy files...
svn commit --message "trying to add dist for 3.10-beta2"
Adding  (bin)  bin/poi-bin-3.10-beta2-20130904.tar.gz
svn: E195023: Commit failed (details follow):
svn: E195023: Changing file '/x1/home/tallison/poi-dist/bin/poi-bin-3.10-beta2-20130904.tar.gz' is forbidden by the server
svn: E175013: Access to '/repos/dist/!svn/ver/2356/release/poi/dev/bin' forbidden

I notice that the files in /dist/poi/dev all have user/group of svnwc....is this what the "apcvs" should be in the release guide?

-----Original Message-----
From: Nick Burch [mailto:apache@gagravarr.org] 
Sent: Friday, September 06, 2013 2:14 PM
To: POI Developers List
Subject: Re: help with publishing 3.10-beta2 to maven

On Fri, 6 Sep 2013, Allison, Timothy B. wrote:
> Log-in on people.apache.org
>
> deploy Maven artifacts
>
> {code}
> cd build/dist
> ./mvn-deploy.sh
> {code}
>
>>> According to mvn-deploy.sh, I have to have a link to my private key 
>>> and enter my passphrase in the clear in xml on the people.apache.org 
>>> server.  Is this my pgp/gpg signing key or a different key?  If pgp, 
>>> doesn't this conflict with guidance of key security from Apache?  If 
>>> not, apologies for my denseness.

I think you can do that step on your local machine, not on 
people.apache.org . That way, your gpg key remains safe on your local box 
not shared

The artifacts, once signed, get pushed via people.apache.org, but I don't 
think the script should be run there

> 2. Make sure that the files are owned by the unix group apcvs and that 
> they are writable by this group.

That should be "unix group poi"

Nick

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@poi.apache.org
For additional commands, e-mail: dev-help@poi.apache.org

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@poi.apache.org
For additional commands, e-mail: dev-help@poi.apache.org

Re: help with publishing 3.10-beta2 to maven

Posted by Nick Burch <ap...@gagravarr.org>.

On Fri, 6 Sep 2013, Allison, Timothy B. wrote:
> Log-in on people.apache.org
>
> deploy Maven artifacts
>
> {code}
> cd build/dist
> ./mvn-deploy.sh
> {code}
>
>>> According to mvn-deploy.sh, I have to have a link to my private key 
>>> and enter my passphrase in the clear in xml on the people.apache.org 
>>> server.  Is this my pgp/gpg signing key or a different key?  If pgp, 
>>> doesn't this conflict with guidance of key security from Apache?  If 
>>> not, apologies for my denseness.

I think you can do that step on your local machine, not on 
people.apache.org . That way, your gpg key remains safe on your local box 
not shared

The artifacts, once signed, get pushed via people.apache.org, but I don't 
think the script should be run there

> 2. Make sure that the files are owned by the unix group apcvs and that 
> they are writable by this group.

That should be "unix group poi"

Nick

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@poi.apache.org
For additional commands, e-mail: dev-help@poi.apache.org