You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@subversion.apache.org by Julian Foad <ju...@apache.org> on 2019/10/25 09:49:11 UTC

Subversion 1.13.0 up for testing/signing

The 1.13.0 release artifacts are now available for testing/signing.
Please get the tarballs from
   https://dist.apache.org/repos/dist/dev/subversion
and add your signatures there.

*** There is no change from 1.13.0-rc1 except version number and date of 
rolling. If you wish, you may consider that checking the tarballs are 
correctly formed and have just that diff against -rc1 is sufficient to 
sign them.

Thanks!

Re: Subversion 1.13.0 up for testing/signing

Posted by Stefan Sperling <st...@apache.org>.

On Fri, Oct 25, 2019 at 10:49:11AM +0100, Julian Foad wrote:
> The 1.13.0 release artifacts are now available for testing/signing.
> Please get the tarballs from
>   https://dist.apache.org/repos/dist/dev/subversion
> and add your signatures there.
> 
> *** There is no change from 1.13.0-rc1 except version number and date of
> rolling. If you wish, you may consider that checking the tarballs are
> correctly formed and have just that diff against -rc1 is sufficient to sign
> them.
> 
> Thanks!
 

Summary: +1 to release

Tested: [bdb | fsfs] x [ra_local | ra_svn | ra_serf]
        swig bindings
        javahl bindings

Test results: All passed.

Platform: OpenBSD 6.6 amd64

Dependencies:
bdb:        4.7.25
GNU-iconv:  1.15
apr:        1.5.2
apr-util:   1.5.4
httpd:      2.4.37
serf:       1.3.9
cyrus-sasl: 2.1.25
sqlite:     3160200
lz4:        1.7.5
libssl:     LibreSSL 3.0.2
swig:       3.0.12
python:     2.7.13
perl:       5.28.2
ruby:       2.4.4
java:       1.8.0_222

Signatures:

subversion-1.13.0.tar.gz
-----BEGIN PGP SIGNATURE-----

iQEbBAABAgAGBQJdsyLmAAoJEE99uqmaWblzRZcH+K/7sy29HTccHAyaCgyWKxI+
n3exwwn32YhVJ9UGUaBw36c2g1oQ7eHwvIQKXJXE9y06msQwZQ0JBUbODiOEeeLE
mgm5MELFqNIqyhWgkHVxyuNeZ8OsgsLM5TXlc5fqp47FCKcIPElnUzflCjy4yqJm
zZLuqZI1fMj3L0C2y+kgLInjR58Uy+AQNdO4g+YLfAgRx3zMpft/QPL1yzgxksHI
HQkUqnCWka1tDmggLKbQ8vOhUqv07q3S8v3KED9Quy/EPy4UntVAWV3gtEDis84d
tmR6d8riDEky/bS1MSZq6juUu4fBN0yJfl8FoIABVWFqmOLvJIz0vbC/oezd8Q==
=2GHF
-----END PGP SIGNATURE-----

subversion-1.13.0.tar.bz2
-----BEGIN PGP SIGNATURE-----

iQEcBAABAgAGBQJdsyLpAAoJEE99uqmaWblzAjsH/iMeXNPszI4DskyZMcn2k0Ls
WtV2bRzy1V3O1AIK8zUrOCT65HDMrAUj1gEjvjg5Nl/Agb2GagbQkg8kMK8RiC/Y
jTQRC4xc/iVJ4uk5FO2lJ/Fa3PtwcC1SDvbsx170B+a/gF/hZxWXVe/pOPVczG5a
ZuQCZYN7R6P+PxwxfVrL+0xF3aDVDOi1qII9Feg8wvRSLBMBJekzxQL9cYEloYie
p2cpLTcs3/gGzpwmXPDyro2xODNqQlHazH6Z7PI45BVPr1rgnRLgz9OJ0F26p2KX
LZEM1wcS3Zfn5H3bNXcBUOHzwYzOZGQHMVcXC4r0z+CmyyWPdFABtWLpaXM8U0c=
=6vmB
-----END PGP SIGNATURE-----

Re: Subversion 1.13.0 up for testing/signing

Posted by Branko Čibej <br...@apache.org>.

On 26.10.2019 11:13, Julian Foad wrote:
>  Branko Čibej wrote:
>> Possibly you indeed did change something of how '--target' works.
>> Actually you seem to have changed how argument parsing works in general,
>> because I have to move the --target argument before the check-sigs
>> command to make this work again. It used to works so that options could
>> be interspersed with commands in any order.
>>
>> Well ... not that important to fix, but it's sort of unexpected.
>  
> Ah yes... I did indeed change that, on purpose. I want the general config options to be common to all subcommands. Previously --target was specific to certain subcommands and had to come after the subcommand. (It wasn't free placement before.) Sorry for the inconvenience in finding it had unexpectedly changed.

No worries. I was just surprised why my tarball verification scripts
suddenly started failing. :)

-- Brane

Re: Subversion 1.13.0 up for testing/signing

Posted by Julian Foad <ju...@foad.me.uk>.

 Branko Čibej wrote:
> Possibly you indeed did change something of how '--target' works.
> Actually you seem to have changed how argument parsing works in general,
> because I have to move the --target argument before the check-sigs
> command to make this work again. It used to works so that options could
> be interspersed with commands in any order.
> 
> Well ... not that important to fix, but it's sort of unexpected.

Ah yes... I did indeed change that, on purpose. I want the general config options to be common to all subcommands. Previously --target was specific to certain subcommands and had to come after the subcommand. (It wasn't free placement before.) Sorry for the inconvenience in finding it had unexpectedly changed.

- Julian

Re: Subversion 1.13.0 up for testing/signing

Posted by Branko Čibej <br...@apache.org>.

On 25.10.2019 11:49, Julian Foad wrote:
> The 1.13.0 release artifacts are now available for testing/signing.
> Please get the tarballs from
>   https://dist.apache.org/repos/dist/dev/subversion
> and add your signatures there.
>
> *** There is no change from 1.13.0-rc1 except version number and date
> of rolling. If you wish, you may consider that checking the tarballs
> are correctly formed and have just that diff against -rc1 is
> sufficient to sign them.

[From IRC]

(brane)	JulianF: 'release.py check-sigs' no longer works as it used to. it just exits with no output.
(brane)	it used to print the names of the files and a summary of all the signatures found
(JulianF)	brane: It needs to find the right files in the right place...
(JulianF)	brane: It looks in 'deploy' subdir of '.' by default. Use '--base-dir' or '--target' otherwise.
(JulianF)	Works for me.
(JulianF)	Possibly I changed something of how '--base-dir' or '--target' works in one of the latest few changes to it. Not sure.

[From my laptop]

brane@zulu:~/src/svn/rel/dist-dev$ ../../repos/trunk/tools/dist/release.py check-sigs 1.13.0 --target .
usage: release.py [-h] [--clean] [--verbose] [--base-dir BASE_DIR]
                  [--target TARGET] [--branch BRANCH] [--username USERNAME]
                  {build-env,create-release-branch,write-release-notes,roll,sign-candidates,post-candidates,create-tag,bump-versions-on-branch,clean-dist,move-to-dist,write-news,write-announcement,write-downloads,check-sigs,get-keys,clean,write-changelog}
                  ...
release.py: error: unrecognized arguments: --target .

[Summary]

Possibly you indeed did change something of how '--target' works.
Actually you seem to have changed how argument parsing works in general,
because I have to move the --target argument before the check-sigs
command to make this work again. It used to works so that options could
be interspersed with commands in any order.

Well ... not that important to fix, but it's sort of unexpected.

-- Brane

Re: Subversion 1.13.0 up for testing/signing

Posted by Johan Corveleyn <jc...@gmail.com>.

On Mon, Oct 28, 2019 at 11:06 AM Julian Foad <ju...@apache.org> wrote:
>
> Julian Foad wrote:
> > The 1.13.0 release artifacts are now available for testing/signing.
>
> Just one Windows signature needed now.

Here it is:

Summary
-------
+1 to release

Platform
--------
Windows 7 SP1 (x64)
Microsoft Visual Studio 2017

Verified
--------
Signature and sha512 for subversion-1.13.0.zip.

Contents are identical to subversion-1.13.0-rc1.zip,
except for expected changes to svn_version.h, and
a new POT-Creation-Date in subversion/po/subversion.pot.

I previously tested and signed 1.13.0-rc1 with the results listed below:

Tested
------
[ Release build x86 ] x [ fsfs ] x [ file | svn | http ]
javahl
swig-python

Results
-------
All tests pass.

Dependencies
------------
Httpd 2.4.29 (pcre 8.41, apr 1.6.3, apr-iconv 1.22, apr-util 1.6.1, expat 2.2.5)
Apr 1.6.3
Apr-Util 1.6.1
OpenSSL 1.0.2n
Serf 1.3.9
SQLite 3.22.0.0
ZLib 1.2.11

Other tools
-----------
Perl 5.20 (Strawberry Perl)
Python 2.7.16
Swig 3.0.12
Oracle JDK 11.0.1
JUnit 4.12

Signature
---------

subversion-1.13.0.zip:
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAABCgAGBQJdtu/XAAoJELWc5tYBDIqtI8kP/j0MT4/HgkdtGtjEQxnmUeFa
MvDDZN8+dMnT6fD1sW7ZAupMuvrxLqNMIwYv+I9NZtZ7JA75nlA5u/JcAoThIQ+c
q3UPq2izimHw4cDW01+6KdK8iVaTJRzebas4bFSdku8aVCbialXTqkiZROXeN6MU
kEkdMm3x9cufZOl5zrAxuiWVJhv6tL0z7nSTEdwTv6YrbG+oxOrZ1jSyghuQoDsG
jXTQ1Gdb2mQYauj0efQX3bw9DfBRdYM661iOy6ZwliV9V9G8rOl1l20BFEfQIwEZ
LdWaIRlH5Tm6xD3Ljl7RUU6/Ln2lDBw5nO6cOYkl+Eo1z2UtkaREZKMHBc7oEljL
EGtV2zckrC6MB4B8hZPqX0Ic3mZT6+beWt8DQzvMWBp9YPWKvnwIQ10G8RSmBPyd
p0bvXQN9Y+JFeKALzc6vEikIwPzjvCmI5FPMQkDqwavy4nghU6FxRLODmKu8v1JV
rCjt6kwcOqqCP6DykUzlzPmFB6uJPAkQCyF72BS6MH8MxjJ0YhPcV7Bh/7B91sle
7Ssx7uOO9DCyb83ut6h6ZG6qPaFdPrR2wqUX+8aWC8y5jzfSq58dA90NDR3mzhFf
nID+brl856MCGL9Y92/iLAayIsFhbg/iDoRzzjh0bfwKahy1Q6AcWvBViDiRcCpM
TAuNe1EtG2rObLvKrCWO
=1Pcx
-----END PGP SIGNATURE-----

-- 
Johan

Re: Subversion 1.13.0 up for testing/signing

Posted by Julian Foad <ju...@apache.org>.

Julian Foad wrote:
> The 1.13.0 release artifacts are now available for testing/signing.

Just one Windows signature needed now. Thanks for the tests and sigs 
sent so far.

- Julian

Re: Subversion 1.13.0 up for testing/signing

Posted by Branko Čibej <br...@apache.org>.

Summary:

    +1 to release (Unix)

Verified:

  - Tarball contents and signatures
  - check ((fsfs, bdb) × (local, svnserve, dav))
  - check-all-javahl
  - check-swig-py
  - check-swig-rb
  - check-swig-pl

Known issues:

  - 'make check-swig-py' requires 'make install install-swig-py'.
  - 'make check-swig-rb' requires 'make install install-swig-rb'.

Platform

    macOS Mojave 10.14.6

    Standard dependencies:
      Apple clang version 11.0.0 (clang-1100.0.33.8)
      ruby 2.3.7p456 (2018-03-28 revision 63024)
      Python 2.7.10
      Cyrus SASL 2.1.26

    Dependencies from Homebrew:
      APR 1.7.0
      APR-Util 1.6.1
      httpd 2.4.41
      SQLite 3.29.0
      Serf 1.3.9
      OpenSSL 1.0.2t
      zlib 1.2.11
      LZ4 1.9.2
      utf8proc 2.4.0
      BDB 18.1.32
      Perl 5.30.0

    Other dependencies:
      Java 11 2018-09-25
      JUnit 4.11

GPG signatures committed to the dist/dev/subversion repository.

Re: Subversion 1.13.0 up for testing/signing

Posted by Branko Čibej <br...@apache.org>.

On 25.10.2019 12:49, Branko Čibej wrote:
> On 25.10.2019 11:49, Julian Foad wrote:
>> The 1.13.0 release artifacts are now available for testing/signing.
>> Please get the tarballs from
>>   https://dist.apache.org/repos/dist/dev/subversion
>> and add your signatures there.
>>
>> *** There is no change from 1.13.0-rc1 except version number and date
>> of rolling. If you wish, you may consider that checking the tarballs
>> are correctly formed and have just that diff against -rc1 is
>> sufficient to sign them.
>
> I only now noticed that we're including gen-make.opts in the Unix
> bundles. We shouldn't; that file is generated by gen-make.py so that
> build script generation (for Windows) is easily repeatable.


FWIW: on Unix, autogen.sh takes care of the "repeatable" part. I can fix
this by simply not writing gen-make.opts if gen-make.py was invoked
through autogen.sh. Thoughts?

-- Brane

Re: Subversion 1.13.0 up for testing/signing

Posted by Branko Čibej <br...@apache.org>.

On 25.10.2019 11:49, Julian Foad wrote:
> The 1.13.0 release artifacts are now available for testing/signing.
> Please get the tarballs from
>   https://dist.apache.org/repos/dist/dev/subversion
> and add your signatures there.
>
> *** There is no change from 1.13.0-rc1 except version number and date
> of rolling. If you wish, you may consider that checking the tarballs
> are correctly formed and have just that diff against -rc1 is
> sufficient to sign them.


I only now noticed that we're including gen-make.opts in the Unix
bundles. We shouldn't; that file is generated by gen-make.py so that
build script generation (for Windows) is easily repeatable.

-- Brane

Fwd: Subversion 1.13.0 up for testing/signing

Posted by Nathan Hartman <ha...@gmail.com>.

Argh, forgot to 'reply all'...

---------- Forwarded message ---------
From: Nathan Hartman <ha...@gmail.com>
Date: Sun, Oct 27, 2019 at 10:00 PM
Subject: Re: Subversion 1.13.0 up for testing/signing
To: Julian Foad <ju...@apache.org>


On Fri, Oct 25, 2019 at 5:49 AM Julian Foad <ju...@apache.org> wrote:

> The 1.13.0 release artifacts are now available for testing/signing.
> Please get the tarballs from
>    https://dist.apache.org/repos/dist/dev/subversion
> and add your signatures there.
>
> *** There is no change from 1.13.0-rc1 except version number and date of
> rolling. If you wish, you may consider that checking the tarballs are
> correctly formed and have just that diff against -rc1 is sufficient to
> sign them.


Summary
=======

+1 to release (Unix: Debian, macOS)

Verified
========

1. Tarball signatures.
2. Tarball contents:
   * Contents of subversion-1.13.0.tar.bz2 and subversion-1.13.0.tar.gz
     are identical.
   * Contents of subversion-1.13.0.tar.bz2 are identical to those of
     the -rc1 tarball, subversion-1.13.0-rc1.tar.bz2, except for
     expected differences in version strings and/or date strings in:
     - subversion/bindings/swig/perl/native/core.c
     - subversion/bindings/swig/python/core.c
     - subversion/bindings/swig/ruby/core.c
     - subversion/include/svn_version.h
     - subversion/po/subversion.pot
3. Automated test suite(s) as detailed below.

Test details, Debian
====================

Debian GNU/Linux 10 "Buster"

Tested:
* [fsfs] x [ra_local | ra_svn | ra_serf]
* swig-pl
* swig-py

Dependencies:
* GCC 8.3.0
* GNU autoconf 2.69
* apr 1.6.5
* apr-util 1.6.1
* D-Bus 1.12.16
* lz4 1.8.3
* perl 5.28.1
* python 2.7.16
* serf 1.3.9
* sqlite amalgamation 3.8.11
* swig 3.0.12
* utf8proc 2.3.0
* zlib 1.2.11

Results: All tests pass.

Test details, macOS
===================

macOS 10.13.6 "High Sierra"

Tested:
* [fsfs] x [ra_local | ra_svn]

Dependencies:
* Apple LLVM version 10.0.0 (clang-1000.10.44.4)
* GNU autoconf 2.69
* GNU libtool 2.4.6_1
* apr 1.7.0
* apr-util 1.6.1_3
* lz4 1.9.2
* perl 5.30.0
* python 2.7.10
* sqlite 3.29.0
* swig 4.0.1
* utf8proc 2.4.0
* zlib 1.2.11

Results: All tests pass.

GPG signatures
==============

Committed to the dist/dev/subversion repo in r36512:

subversion-1.13.0.tar.bz2.asc:
-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEP45GfLM2bjAT4RINWD8ArfmBw58FAl208h0ACgkQWD8ArfmB
w5/pYxAAi3dc8X0K8tJwX+4xlB9lRY9VXAKDOM4DVeVEd3DwySCt0THkgo0w1ogV
tZMvnHM/Sq/DY6Ma2ddkTMRrMHVxUAa2t7Twe5m8BFCZ6w5s8DdEoWjZo9oSlp1o
2WHDBgX4Siu08DAXT80/cbtU3j4+CXEjRNIoEQJq4t7rSkmQysX5fkxzlRUNMthY
oJplaJ3WpS8fvQtKEayJH+4gzCY6nO8hEoPFRrh6i+NSuGP7EJpXIXu/lqztTdG/
IViGod4Nz5kUpeXKml1Iv8Hg6On/4xZSlv5Y1nHsi0cFYx9tSDnQ0cZ9ykBHTlI5
lGq8EYLstaOqukz2ojAtP/edntBxihdN9c1sMUXqlRhENw4llktdqReZJXqHQFuR
p35MCRmr0hi1kDqiB4/BHz/GOkIwbcZnsq3bR4YYE0jLof3AddjIOggVlHDj9tEk
CjqU8hMgbXw4bmWOAqsd4/ddscYPh4g6fL8YHjaSjONbz1GA+Npp5jVLse0skwJ1
2yeLj9NijlB+ZxRdL4xPcqGVz+uiuzye77HKXIVsdQ4LRvwM2KpDlsySOy+VUjJy
Ezlnb+SmR9F0ADZ5z2QliKdMGI7l2GDAvYKWK7/x2r0fmK02XfcLI+Ui+YWXdWCm
x2ua8csnanKPIvDv5vZe8mHqiI966IAYJKODuLba0nUkx9TpyiU=
=inSe
-----END PGP SIGNATURE-----

subversion-1.13.0.tar.gz.asc:
-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEP45GfLM2bjAT4RINWD8ArfmBw58FAl208nUACgkQWD8ArfmB
w5+mpQ//ZGPgLKQiqh8hZB21gUpPznmCSuhynnJGmFduPJarggLjdCRx0kwAFGWn
MTeWOLmLZNu49rxGb0cq3zAFMNd49wkBJFfMTNNHEg0pNeNqdTvWtSWH9n7wVPwx
Y1xHQRVR71ayfAVBEALDTaU/C+zm8m6om4trD+MfxA+U9PNFCwPHQoUnec4OEGc1
23nAX9T3I6kXmulaOAYPjhVCtKgWbncPJAlTDTBbO7TfDcT4dBoSITxjaUI1rIS6
4NJi8Xi+KUlR5Or6HO4pAiXw9hLRywmLDbafJQQ+15RG2r/Xqw/qKig67zQJY8Jv
zfkLhd0Pu954E5adrs19Wt7iCzQ3SQX/PjkfZfo+gjgH05CIKuRfukGlcs9hZa14
VbDQZuil+0QhLDDPSQw0VY/qxtMVUw9qo956OvFICkFw565oZUKL/oLm/quVokqX
ElGOpwXw6qBlPKc2lWVOhTnO47ZUHlp6tz2bKvLl2K6ys34y96B79FoiiaORHqI5
HQ7Qd6H1UQ4V+ImlUZBE2rArzpLYyq+TbjbEY24/CO6Zhn0elktto0lQboXkJxoT
5XnVcvjedJsaui0YPaVzh9nz4OelKGhfUVYNvx8B/iNdIk2QLURpOAoVTrC0wVsK
eVFZcI6CijMfBJykEtXHgOwCmIIG+xfCRzY0hef9Bu58hME5vK8=
=OCEh
-----END PGP SIGNATURE-----