You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@openmeetings.apache.org by so...@apache.org on 2016/03/06 08:41:59 UTC
svn commit: r1733793 - in /openmeetings/application:
branches/3.1.x/openmeetings-server/src/site/xdoc/ReleaseGuide.xml
branches/3.1.x/pom.xml
trunk/openmeetings-server/src/site/xdoc/ReleaseGuide.xml trunk/pom.xml
Author: solomax
Date: Sun Mar 6 07:41:59 2016
New Revision: 1733793
URL: http://svn.apache.org/viewvc?rev=1733793&view=rev
Log:
[OPENMEETINGS-1343] signatures are being created automatically
Modified:
openmeetings/application/branches/3.1.x/openmeetings-server/src/site/xdoc/ReleaseGuide.xml
openmeetings/application/branches/3.1.x/pom.xml
openmeetings/application/trunk/openmeetings-server/src/site/xdoc/ReleaseGuide.xml
openmeetings/application/trunk/pom.xml
Modified: openmeetings/application/branches/3.1.x/openmeetings-server/src/site/xdoc/ReleaseGuide.xml
URL: http://svn.apache.org/viewvc/openmeetings/application/branches/3.1.x/openmeetings-server/src/site/xdoc/ReleaseGuide.xml?rev=1733793&r1=1733792&r2=1733793&view=diff
==============================================================================
--- openmeetings/application/branches/3.1.x/openmeetings-server/src/site/xdoc/ReleaseGuide.xml (original)
+++ openmeetings/application/branches/3.1.x/openmeetings-server/src/site/xdoc/ReleaseGuide.xml Sun Mar 6 07:41:59 2016
@@ -126,39 +126,9 @@ svn copy -r1453158 https://svn.apache.or
<p>Update versions of all modules</p>
<source>mvn versions:set -DgenerateBackupPoms=false -DnewVersion=3.1.0</source>
<p>Run the command: </p>
- <source>mvn clean install</source>
+ <source>mvn clean install -Prelease</source>
<p>Test building the source on windows and OSx or Linux</p>
<p>Test running the binary's</p>
- <p>Create sha256sum checksums</p>
- <source>
-#On OSX you might use this command to make a SHA checksum and store it to a file
-shasum -a 256 -r apache-openmeetings-XXX-src.zip >apache-openmeetings-XXX-src.zip.sha
- </source>
- <source>
-<![CDATA[
-#To create SHA hashes On Ubuntu:
-for f in `ls -1 *.tar.gz *.zip`; do sha256sum $f > $f.sha; done
-
-#To check SHA hashes On Ubuntu:
-for f in `ls -1 *.tar.gz *.zip`; do sha256sum -c $f.sha; done
-]]>
- </source>
- <p>
- Create signatures with the your KEY for every file, the KEY must be available at:<br />
- <a href="https://svn.apache.org/repos/asf/openmeetings/project/KEYS">
- https://svn.apache.org/repos/asf/openmeetings/project/KEYS
- </a>
- </p>
- <source>
-<![CDATA[
-#To create signatures On Ubuntu:
-for f in `ls -1 *.tar.gz *.zip`; do gpg --armor --output $f.asc --detach-sig $f; done
-
-#To check signatures On Ubuntu:
-for f in `ls -1 *.tar.gz *.zip`; do gpg --verify $f.asc; done
-]]>
- </source>
-
<p>
Commit artifacts you have created with KEYS file to the
<tt>https://dist.apache.org/repos/dist/dev/openmeetings/</tt>
@@ -219,23 +189,63 @@ for f in `ls -1 *.tar.gz *.zip`; do gpg
<p>If VOTEs positive: Sign screen sharing web application and re-pack the release</p>
<ul>
<li>Go to the folder you check out: https://svn.apache.org/repos/asf/openmeetings/application/tags/$BRANCHORTAG/</li>
- <li>Unarchive <tt>openmeetings-server/target/openmeetings-server-$BRANCHORTAG.tgz</tt></li>
- <li>Run following command: <tt>ant repackWebStartJars</tt></li>
+ <li>
+ Unarchive <tt>openmeetings-server/target/apache-openmeetings-$BRANCHORTAG.tar.gz</tt>
+ <source>
+cd openmeetings-server/target
+mkdir apache-openmeetings
+cd apache-openmeetings
+tar -xzf ../apache-openmeetings-$BRANCHORTAG.tar.gz
+cd webapps/openmeetings/screenshare/
+mvn org.codehaus.mojo:webstart-maven-plugin:1.0-beta-8-SNAPSHOT:unsign -Dmaven.jar.unsign.jarpath=.
+ </source>
+ </li>
<li>Check any jar in <tt>webapps/openmeetings/screenshare/</tt>: Its META-INF/MANIFEST.MF file should NOT contain <tt>SHA1-Digest</tt> entries for classes</li>
<li>Go to <a href="https://securesigning.websecurity.symantec.com/csportal/">https://securesigning.websecurity.symantec.com/csportal/</a></li>
<li>Select "Signing Sets"</li>
<li>Select "Add signing set"</li>
- <li>Enter "Signing set name" (must include "Apache Openmeetings" and version) for ex. "Apache Openmeetings 3.0.4-RELEASE"</li>
- <li>Enter "Version" for ex. "3.0.4-RELEASE"</li>
+ <li>Enter "Signing set name" (must include "Apache Openmeetings" and version) for ex. "Apache Openmeetings 3.1.0-RELEASE"</li>
+ <li>Enter "Version" for ex. "3.1.0-RELEASE"</li>
<li>Select "Java Signing" as "Signing service"</li>
- <li>Select "Upload files" and add all <b>jar</b> files from <tt>dist/red5/webapps/openmeetings/screensharing/</tt></li>
+ <li>Select "Upload files" and add all <b>jar</b> files from <tt>openmeetings-server/target/apache-openmeetings/webapps/openmeetings/screenshare</tt></li>
<li>Select "Sign now"</li>
<li>Select "Type of signing" -> "Production"</li>
<li>Select "Sign"</li>
<li>Select "Download set"</li>
<li>Open binary artifacts of OM created on previous step (both <b>tar.gz</b> and <b>zip</b>)</li>
<li>Replace jar files inside artifacts <tt>webapps/openmeetings/screenshare</tt> with the signed ones</li>
- <li>Re-create artifact signatures</li>
+ <li>
+ Re-create artifact signatures
+ <p>Create sha256sum checksums</p>
+ <source>
+#On OSX you might use this command to make a SHA checksum and store it to a file
+shasum -a 256 -r apache-openmeetings-XXX-src.zip >apache-openmeetings-XXX-src.zip.sha256
+ </source>
+ <source>
+<![CDATA[
+#To create SHA hashes On Ubuntu:
+for f in `ls -1 *.tar.gz *.zip`; do sha256sum $f > $f.sha256; done
+
+#To check SHA hashes On Ubuntu:
+for f in `ls -1 *.tar.gz *.zip`; do sha256sum -c $f.sha256; done
+]]>
+ </source>
+ <p>
+ Create signatures with the your KEY for every file, the KEY must be available at:<br />
+ <a href="https://svn.apache.org/repos/asf/openmeetings/project/KEYS">
+ https://svn.apache.org/repos/asf/openmeetings/project/KEYS
+ </a>
+ </p>
+ <source>
+<![CDATA[
+#To create signatures On Ubuntu:
+for f in `ls -1 *.tar.gz *.zip`; do gpg --armor --output $f.asc --detach-sig $f; done
+
+#To check signatures On Ubuntu:
+for f in `ls -1 *.tar.gz *.zip`; do gpg --verify $f.asc; done
+]]>
+ </source>
+ </li>
</ul>
<p>NOTE: "Type of signing" can be selected as "Test" to check everything works as expected</p>
Modified: openmeetings/application/branches/3.1.x/pom.xml
URL: http://svn.apache.org/viewvc/openmeetings/application/branches/3.1.x/pom.xml?rev=1733793&r1=1733792&r2=1733793&view=diff
==============================================================================
--- openmeetings/application/branches/3.1.x/pom.xml (original)
+++ openmeetings/application/branches/3.1.x/pom.xml Sun Mar 6 07:41:59 2016
@@ -108,6 +108,43 @@
</pluginManagement>
</build>
</profile>
+ <profile>
+ <id>release</id>
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>net.ju-n.maven.plugins</groupId>
+ <artifactId>checksum-maven-plugin</artifactId>
+ <version>1.3</version>
+ <executions>
+ <execution>
+ <goals>
+ <goal>artifacts</goal>
+ </goals>
+ </execution>
+ </executions>
+ <configuration>
+ <algorithms>
+ <algorithm>SHA-256</algorithm>
+ </algorithms>
+ </configuration>
+ </plugin>
+ <plugin>
+ <artifactId>maven-gpg-plugin</artifactId>
+ <version>1.6</version>
+ <executions>
+ <execution>
+ <id>sign-artifacts</id>
+ <phase>verify</phase>
+ <goals>
+ <goal>sign</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </build>
+ </profile>
</profiles>
<url>http://openmeetings.apache.org</url>
<inceptionYear>2012</inceptionYear>
Modified: openmeetings/application/trunk/openmeetings-server/src/site/xdoc/ReleaseGuide.xml
URL: http://svn.apache.org/viewvc/openmeetings/application/trunk/openmeetings-server/src/site/xdoc/ReleaseGuide.xml?rev=1733793&r1=1733792&r2=1733793&view=diff
==============================================================================
--- openmeetings/application/trunk/openmeetings-server/src/site/xdoc/ReleaseGuide.xml (original)
+++ openmeetings/application/trunk/openmeetings-server/src/site/xdoc/ReleaseGuide.xml Sun Mar 6 07:41:59 2016
@@ -126,39 +126,9 @@ svn copy -r1453158 https://svn.apache.or
<p>Update versions of all modules</p>
<source>mvn versions:set -DgenerateBackupPoms=false -DnewVersion=3.1.0</source>
<p>Run the command: </p>
- <source>mvn clean install</source>
+ <source>mvn clean install -Prelease</source>
<p>Test building the source on windows and OSx or Linux</p>
<p>Test running the binary's</p>
- <p>Create sha256sum checksums</p>
- <source>
-#On OSX you might use this command to make a SHA checksum and store it to a file
-shasum -a 256 -r apache-openmeetings-XXX-src.zip >apache-openmeetings-XXX-src.zip.sha
- </source>
- <source>
-<![CDATA[
-#To create SHA hashes On Ubuntu:
-for f in `ls -1 *.tar.gz *.zip`; do sha256sum $f > $f.sha; done
-
-#To check SHA hashes On Ubuntu:
-for f in `ls -1 *.tar.gz *.zip`; do sha256sum -c $f.sha; done
-]]>
- </source>
- <p>
- Create signatures with the your KEY for every file, the KEY must be available at:<br />
- <a href="https://svn.apache.org/repos/asf/openmeetings/project/KEYS">
- https://svn.apache.org/repos/asf/openmeetings/project/KEYS
- </a>
- </p>
- <source>
-<![CDATA[
-#To create signatures On Ubuntu:
-for f in `ls -1 *.tar.gz *.zip`; do gpg --armor --output $f.asc --detach-sig $f; done
-
-#To check signatures On Ubuntu:
-for f in `ls -1 *.tar.gz *.zip`; do gpg --verify $f.asc; done
-]]>
- </source>
-
<p>
Commit artifacts you have created with KEYS file to the
<tt>https://dist.apache.org/repos/dist/dev/openmeetings/</tt>
@@ -219,23 +189,63 @@ for f in `ls -1 *.tar.gz *.zip`; do gpg
<p>If VOTEs positive: Sign screen sharing web application and re-pack the release</p>
<ul>
<li>Go to the folder you check out: https://svn.apache.org/repos/asf/openmeetings/application/tags/$BRANCHORTAG/</li>
- <li>Unarchive <tt>openmeetings-server/target/openmeetings-server-$BRANCHORTAG.tgz</tt></li>
- <li>Run following command: <tt>ant repackWebStartJars</tt></li>
+ <li>
+ Unarchive <tt>openmeetings-server/target/apache-openmeetings-$BRANCHORTAG.tar.gz</tt>
+ <source>
+cd openmeetings-server/target
+mkdir apache-openmeetings
+cd apache-openmeetings
+tar -xzf ../apache-openmeetings-$BRANCHORTAG.tar.gz
+cd webapps/openmeetings/screenshare/
+mvn org.codehaus.mojo:webstart-maven-plugin:1.0-beta-8-SNAPSHOT:unsign -Dmaven.jar.unsign.jarpath=.
+ </source>
+ </li>
<li>Check any jar in <tt>webapps/openmeetings/screenshare/</tt>: Its META-INF/MANIFEST.MF file should NOT contain <tt>SHA1-Digest</tt> entries for classes</li>
<li>Go to <a href="https://securesigning.websecurity.symantec.com/csportal/">https://securesigning.websecurity.symantec.com/csportal/</a></li>
<li>Select "Signing Sets"</li>
<li>Select "Add signing set"</li>
- <li>Enter "Signing set name" (must include "Apache Openmeetings" and version) for ex. "Apache Openmeetings 3.0.4-RELEASE"</li>
- <li>Enter "Version" for ex. "3.0.4-RELEASE"</li>
+ <li>Enter "Signing set name" (must include "Apache Openmeetings" and version) for ex. "Apache Openmeetings 3.1.0-RELEASE"</li>
+ <li>Enter "Version" for ex. "3.1.0-RELEASE"</li>
<li>Select "Java Signing" as "Signing service"</li>
- <li>Select "Upload files" and add all <b>jar</b> files from <tt>dist/red5/webapps/openmeetings/screensharing/</tt></li>
+ <li>Select "Upload files" and add all <b>jar</b> files from <tt>openmeetings-server/target/apache-openmeetings/webapps/openmeetings/screenshare</tt></li>
<li>Select "Sign now"</li>
<li>Select "Type of signing" -> "Production"</li>
<li>Select "Sign"</li>
<li>Select "Download set"</li>
<li>Open binary artifacts of OM created on previous step (both <b>tar.gz</b> and <b>zip</b>)</li>
<li>Replace jar files inside artifacts <tt>webapps/openmeetings/screenshare</tt> with the signed ones</li>
- <li>Re-create artifact signatures</li>
+ <li>
+ Re-create artifact signatures
+ <p>Create sha256sum checksums</p>
+ <source>
+#On OSX you might use this command to make a SHA checksum and store it to a file
+shasum -a 256 -r apache-openmeetings-XXX-src.zip >apache-openmeetings-XXX-src.zip.sha256
+ </source>
+ <source>
+<![CDATA[
+#To create SHA hashes On Ubuntu:
+for f in `ls -1 *.tar.gz *.zip`; do sha256sum $f > $f.sha256; done
+
+#To check SHA hashes On Ubuntu:
+for f in `ls -1 *.tar.gz *.zip`; do sha256sum -c $f.sha256; done
+]]>
+ </source>
+ <p>
+ Create signatures with the your KEY for every file, the KEY must be available at:<br />
+ <a href="https://svn.apache.org/repos/asf/openmeetings/project/KEYS">
+ https://svn.apache.org/repos/asf/openmeetings/project/KEYS
+ </a>
+ </p>
+ <source>
+<![CDATA[
+#To create signatures On Ubuntu:
+for f in `ls -1 *.tar.gz *.zip`; do gpg --armor --output $f.asc --detach-sig $f; done
+
+#To check signatures On Ubuntu:
+for f in `ls -1 *.tar.gz *.zip`; do gpg --verify $f.asc; done
+]]>
+ </source>
+ </li>
</ul>
<p>NOTE: "Type of signing" can be selected as "Test" to check everything works as expected</p>
Modified: openmeetings/application/trunk/pom.xml
URL: http://svn.apache.org/viewvc/openmeetings/application/trunk/pom.xml?rev=1733793&r1=1733792&r2=1733793&view=diff
==============================================================================
--- openmeetings/application/trunk/pom.xml (original)
+++ openmeetings/application/trunk/pom.xml Sun Mar 6 07:41:59 2016
@@ -108,6 +108,43 @@
</pluginManagement>
</build>
</profile>
+ <profile>
+ <id>release</id>
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>net.ju-n.maven.plugins</groupId>
+ <artifactId>checksum-maven-plugin</artifactId>
+ <version>1.3</version>
+ <executions>
+ <execution>
+ <goals>
+ <goal>artifacts</goal>
+ </goals>
+ </execution>
+ </executions>
+ <configuration>
+ <algorithms>
+ <algorithm>SHA-256</algorithm>
+ </algorithms>
+ </configuration>
+ </plugin>
+ <plugin>
+ <artifactId>maven-gpg-plugin</artifactId>
+ <version>1.6</version>
+ <executions>
+ <execution>
+ <id>sign-artifacts</id>
+ <phase>verify</phase>
+ <goals>
+ <goal>sign</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </build>
+ </profile>
</profiles>
<url>http://openmeetings.apache.org</url>
<inceptionYear>2012</inceptionYear>