You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@flex.apache.org by Alex Harui <ah...@adobe.com> on 2013/12/16 20:39:15 UTC
[DISCUSS] Discuss Release Apache Flex PixelBender Package 1.0
Please use this thread for discussion.
Thanks,
-Alex
Re: [DISCUSS] Discuss Release Apache Flex PixelBender Package 1.0
Posted by Alex Harui <ah...@adobe.com>.
Crud. Will fix, and therefore supply a custom read me as Tom suggested.
On 12/17/13 6:28 AM, "Maurice Amsellem" <ma...@systar.com>
wrote:
>In the README, it still says:
>
>" No Pixel Bender Toolkit for Linux exists but the compiled Pixel Bender
>files
> can be downloaded from:
>
>https://builds.apache.org/pview/job/flex-sdk_pixelbender/lastSuccessfulBui
>ld/artifact/out/pb.tar.gz"
>
>I thought that flex_sdk_pixelbender upstream job was obsolete now, and
>should be removed ?
>
>NB: although the job builds successfully, the artifact is not valid (no
>PBJ).
>
>Maurice
>
>-----Message d'origine-----
>De : Alex Harui [mailto:aharui@adobe.com]
>Envoyé : mardi 17 décembre 2013 15:20
>À : dev@flex.apache.org
>Objet : Re: [DISCUSS] Discuss Release Apache Flex PixelBender Package 1.0
>
>
>
>On 12/17/13 3:10 AM, "Tom Chiverton" <tc...@extravision.com> wrote:
>
>>The README only talks about Apache Flex, I think it should probably be
>>rewriten for PixelBender ?
>>
>>Minor thing though...
>I considered that. Let's see if others agree.
>
>-Alex
>
RE: [DISCUSS] Discuss Release Apache Flex PixelBender Package 1.0
Posted by Maurice Amsellem <ma...@systar.com>.
I downloaded the sources and tried to compile the pixel_bender package release, as stated in the ASF guidelines.
- However, it's not clear from the README how it should be compiled and what target needs to be called in the build.xml?
( I supposed it's " release-pixelbender" but this should be stated in the README).
Nevertheless, I set the launched " ant release-pixel-bender" from the src directory and got the following error:
BUILD FAILED
D:\ApacheFlex\git_source\flex-pixel_bender\src\build.xml:1138: The following err
or occurred while executing this line:
java.io.FileNotFoundException: D:\ApacheFlex\git_source\flex-pixel_bender\src\frameworks\projects\framework\build.xml (File not found)
In effect, framework/build.xml is not included in the sources.
So does it mean that the pixel-bender package soruces must be merged to an existing flex SDK source in order to be built ?
Regards,
Maurice
RE: [DISCUSS] Discuss Release Apache Flex PixelBender Package 1.0
Posted by Maurice Amsellem <ma...@systar.com>.
In the README, it still says:
" No Pixel Bender Toolkit for Linux exists but the compiled Pixel Bender files
can be downloaded from:
https://builds.apache.org/pview/job/flex-sdk_pixelbender/lastSuccessfulBuild/artifact/out/pb.tar.gz"
I thought that flex_sdk_pixelbender upstream job was obsolete now, and should be removed ?
NB: although the job builds successfully, the artifact is not valid (no PBJ).
Maurice
-----Message d'origine-----
De : Alex Harui [mailto:aharui@adobe.com]
Envoyé : mardi 17 décembre 2013 15:20
À : dev@flex.apache.org
Objet : Re: [DISCUSS] Discuss Release Apache Flex PixelBender Package 1.0
On 12/17/13 3:10 AM, "Tom Chiverton" <tc...@extravision.com> wrote:
>The README only talks about Apache Flex, I think it should probably be
>rewriten for PixelBender ?
>
>Minor thing though...
I considered that. Let's see if others agree.
-Alex
Re: [DISCUSS] Discuss Release Apache Flex PixelBender Package 1.0
Posted by Alex Harui <ah...@adobe.com>.
On 12/17/13 3:10 AM, "Tom Chiverton" <tc...@extravision.com> wrote:
>The README only talks about Apache Flex, I think it should probably be
>rewriten for PixelBender ?
>
>Minor thing though...
I considered that. Let's see if others agree.
-Alex
Re: [DISCUSS] Discuss Release Apache Flex PixelBender Package 1.0
Posted by Tom Chiverton <tc...@extravision.com>.
The README only talks about Apache Flex, I think it should probably be
rewriten for PixelBender ?
Minor thing though...
Tom
Re: [DISCUSS] Discuss Release Apache Flex PixelBender Package 1.0
Posted by Alex Harui <ah...@adobe.com>.
I think too late. I copied the revoked key to the MIT server. But I
couldn't figure out how to just revoke the sub key so maybe it will just
be less hassle to start over with a new key :-(
On 12/17/13 2:55 AM, "Tom Chiverton" <tc...@extravision.com> wrote:
>On 17/12/2013 07:14, Alex Harui wrote:
>> revoke the sub key and ended up revoking both the sub key and primary
>>key.
>Might be too late now, but as long as you didn't publish the revoke you
>can just restore a previous version of the .gpg folder.
>
>Tom
Re: [DISCUSS] Discuss Release Apache Flex PixelBender Package 1.0
Posted by Tom Chiverton <tc...@extravision.com>.
On 17/12/2013 07:14, Alex Harui wrote:
> revoke the sub key and ended up revoking both the sub key and primary key.
Might be too late now, but as long as you didn't publish the revoke you
can just restore a previous version of the .gpg folder.
Tom
Re: [DISCUSS] Discuss Release Apache Flex PixelBender Package 1.0
Posted by Alex Harui <ah...@adobe.com>.
On 12/16/13 9:56 PM, "Justin Mclean" <ju...@classsoftware.com> wrote:
>Hi,
>
>> Interesting. I didn't notice that, but yeah, F8Š is a sub key. Do you
>> know the steps I need to take to fix all of this?
>At a guess:
>gpg --default-key C9383D43
Didn't seem to help
>
>
>> How do I update the KEYS file?
>To change you email address? I think you can add extra address but not
>modify an existing one without revoking your key. Anyone know anything
>different?
>
>gpg --edit-key
>
>Use with caution.
I found some information saying that my sub key was also marked for
signing and would always be used. I then followed other instructions to
revoke the sub key and ended up revoking both the sub key and primary key.
I think I have to start over with a new key. What a bunch of crap.
One whole evening wasted....
Re: [DISCUSS] Discuss Release Apache Flex PixelBender Package 1.0
Posted by Justin Mclean <ju...@classsoftware.com>.
Hi,
> Interesting. I didn't notice that, but yeah, F8Š is a sub key. Do you
> know the steps I need to take to fix all of this?
At a guess:
gpg --default-key C9383D43
> How do I update the KEYS file?
To change you email address? I think you can add extra address but not modify an existing one without revoking your key. Anyone know anything different?
gpg --edit-key
Use with caution.
Thanks,
Justin
Re: [DISCUSS] Discuss Release Apache Flex PixelBender Package 1.0
Posted by Alex Harui <ah...@adobe.com>.
On 12/16/13 7:15 PM, "Justin Mclean" <ju...@classsoftware.com> wrote:
>Hi,
>
>Have the releases been signed with a correct key?
Interesting. I didn't notice that, but yeah, F8Š is a sub key. Do you
know the steps I need to take to fix all of this? I've spent the past
hour trying to figure out what to do. Why did sign_and_hash.sh pick my
sub key?
How do I update the KEYS file?
Thanks,
-Alex
>
>
>Asking as [1] says this "It is recommended that your Apache email address
>is used as the primary User-ID for the code signing key". The artefacts
>are signed by aharui@adobe.com key F8502A44 which is obviously not an
>Apache email address.
>
>If you ignore [1] (it's only recommended) the KEYS file contains the key
>C9383D43 with a sub key of F8502A44. Looking up aharui@adobe.com here
>[2] gives me the id C9383D43 not F8502A44. So it looks like it been
>signed with the sub key and not the public key. My (limited)
>understanding was that pubic key are used for signing and sub keys for
>encryption. Does this matter? Not 100% sure but [3] + [4] seem to imply
>that there might be an issue here.
>
>Thanks,
>Justin
>
>1. http://www.apache.org/dev/release-signing.html#user-id
>2. http://pgp.mit.edu/pks/lookup?search=aharui%40adobe.com&op=index
>3. http://www.apache.org/dev/release-signing.html#subkey
>4. http://www.gnupg.org/faq/subkey-cross-certify.html
Re: [DISCUSS] Discuss Release Apache Flex PixelBender Package 1.0
Posted by Justin Mclean <ju...@classsoftware.com>.
Hi,
Forgot to say that you can verify the signature (using the KEYS file) with and the MD5 hashes are correct.
For example:
gpg: Signature made Fri 13 Dec 11:55:17 2013 EST using RSA key ID F8502A44
gpg: Good signature from "aharui <ah...@adobe.com>"
Thanks,
Justin
Re: [DISCUSS] Discuss Release Apache Flex PixelBender Package 1.0
Posted by Justin Mclean <ju...@classsoftware.com>.
Hi,
Have the releases been signed with a correct key?
Asking as [1] says this "It is recommended that your Apache email address is used as the primary User-ID for the code signing key". The artefacts are signed by aharui@adobe.com key F8502A44 which is obviously not an Apache email address.
If you ignore [1] (it's only recommended) the KEYS file contains the key C9383D43 with a sub key of F8502A44. Looking up aharui@adobe.com here [2] gives me the id C9383D43 not F8502A44. So it looks like it been signed with the sub key and not the public key. My (limited) understanding was that pubic key are used for signing and sub keys for encryption. Does this matter? Not 100% sure but [3] + [4] seem to imply that there might be an issue here.
Thanks,
Justin
1. http://www.apache.org/dev/release-signing.html#user-id
2. http://pgp.mit.edu/pks/lookup?search=aharui%40adobe.com&op=index
3. http://www.apache.org/dev/release-signing.html#subkey
4. http://www.gnupg.org/faq/subkey-cross-certify.html