You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tuscany.apache.org by Jeremy Boynes <jb...@apache.org> on 2007/03/16 01:07:03 UTC
Re: [VOTE] Approve release of SCA specification APIs by Tuscany project
On Mar 15, 2007, at 3:49 PM, robert burrell donkin wrote:
> On 3/13/07, Jeremy Boynes <jb...@apache.org> wrote:
>> The Tuscany community recently voted to release version 1.0-
>> incubating of our implementation of the API classes for the OSOA
>> specification V1.0:
>> http://mail-archives.apache.org/mod_mbox/ws-tuscany-dev/200703.mbox/%
>> 3c2BAE6905-FBDA-4788-A01D-E135733A0D1B@apache.org%3e
>>
>> The source archives and RAT reports can be found at:
>> http://people.apache.org/~jboynes/sca-api-r1.0-1.0-incubating
>> and the binary in the Maven repo at:
>> http://people.apache.org/repo/m2-incubating-repository/org/osoa/
>> sca-api-r1.0/1.0-incubating
>
> ok except for the signature issue
>
> major issues
> ==========
>
> gpg --verify sca-api-r1.0-1.0-incubating.jar.asc sca-api-r1.0-1.0-
> incubating.jar
> gpg: Signature made Sun Mar 4 01:53:25 2007 GMT using DSA key ID
> 11007026
> gpg: BAD signature from "Jeremy Boynes <je...@boynes.com>"
>
> MD5 sums look right
There appears to be a bug in the gpg plugin for mvn. When I did this
release I used gpg:sign as a goal on the command line and that
consistently generates invalid keys for all except the last artifact
(in this case the JavaDoc) even in the local repo. When I did the
kernel modules I added a profile to the build which includes gpg:sign
and for those all artifacts seem to have valid signatures.
Rather than resign the deployed artifacts (just in case there is
something squiffy going on), I'll pull them down, add a profile to
the pom and then redeploy them.
--
Jeremy
---------------------------------------------------------------------
To unsubscribe, e-mail: tuscany-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: tuscany-dev-help@ws.apache.org
Re: [VOTE] Approve release of SCA specification APIs by Tuscany project
Posted by Jeremy Boynes <jb...@apache.org>.
This may have been lost in the flood of other release mails - so far
was have +1's from Robert and Dims but still need a third.
Thanks
Jeremy
On Mar 18, 2007, at 11:12 AM, Davanum Srinivas wrote:
> +1
>
> On 3/18/07, robert burrell donkin <ro...@gmail.com>
> wrote:
>> On 3/16/07, Jeremy Boynes <jb...@apache.org> wrote:
>> > On Mar 15, 2007, at 5:07 PM, Jeremy Boynes wrote:
>> >
>> > > On Mar 15, 2007, at 3:49 PM, robert burrell donkin wrote:
>> > >
>> > >> On 3/13/07, Jeremy Boynes <jb...@apache.org> wrote:
>> > >>> The Tuscany community recently voted to release version 1.0-
>> > >>> incubating of our implementation of the API classes for the
>> OSOA
>> > >>> specification V1.0:
>> > >>> http://mail-archives.apache.org/mod_mbox/ws-tuscany-dev/
>> > >>> 200703.mbox/%
>> > >>> 3c2BAE6905-FBDA-4788-A01D-E135733A0D1B@apache.org%3e
>> > >>>
>> > >>> The source archives and RAT reports can be found at:
>> > >>> http://people.apache.org/~jboynes/sca-api-r1.0-1.0-
>> incubating
>> > >>> and the binary in the Maven repo at:
>> > >>> http://people.apache.org/repo/m2-incubating-repository/
>> org/osoa/
>> > >>> sca-api-r1.0/1.0-incubating
>> > >>
>> > >> ok except for the signature issue
>> > >>
>> > >> major issues
>> > >> ==========
>> > >>
>> > >> gpg --verify sca-api-r1.0-1.0-incubating.jar.asc sca-api-
>> r1.0-1.0-
>> > >> incubating.jar
>> > >> gpg: Signature made Sun Mar 4 01:53:25 2007 GMT using DSA
>> key ID
>> > >> 11007026
>> > >> gpg: BAD signature from "Jeremy Boynes <je...@boynes.com>"
>> > >>
>> > >> MD5 sums look right
>> >
>> > I added the profile (r518844), redeployed all the artifacts and
>> > replaced the source distributions to include the change. Due to a
>> > issue with the gpg plugin I signed the POM in the repo manually.
>> > Hopefully, that takes care of this one :-)
>>
>> +1
>>
>> - robert
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
>> For additional commands, e-mail: general-help@incubator.apache.org
>>
>>
>
>
> --
> Davanum Srinivas :: http://wso2.org/ :: Oxygen for Web Services
> Developers
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> For additional commands, e-mail: general-help@incubator.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
Re: [VOTE] Approve release of SCA specification APIs by Tuscany project
Posted by Davanum Srinivas <da...@gmail.com>.
+1
On 3/18/07, robert burrell donkin <ro...@gmail.com> wrote:
> On 3/16/07, Jeremy Boynes <jb...@apache.org> wrote:
> > On Mar 15, 2007, at 5:07 PM, Jeremy Boynes wrote:
> >
> > > On Mar 15, 2007, at 3:49 PM, robert burrell donkin wrote:
> > >
> > >> On 3/13/07, Jeremy Boynes <jb...@apache.org> wrote:
> > >>> The Tuscany community recently voted to release version 1.0-
> > >>> incubating of our implementation of the API classes for the OSOA
> > >>> specification V1.0:
> > >>> http://mail-archives.apache.org/mod_mbox/ws-tuscany-dev/
> > >>> 200703.mbox/%
> > >>> 3c2BAE6905-FBDA-4788-A01D-E135733A0D1B@apache.org%3e
> > >>>
> > >>> The source archives and RAT reports can be found at:
> > >>> http://people.apache.org/~jboynes/sca-api-r1.0-1.0-incubating
> > >>> and the binary in the Maven repo at:
> > >>> http://people.apache.org/repo/m2-incubating-repository/org/osoa/
> > >>> sca-api-r1.0/1.0-incubating
> > >>
> > >> ok except for the signature issue
> > >>
> > >> major issues
> > >> ==========
> > >>
> > >> gpg --verify sca-api-r1.0-1.0-incubating.jar.asc sca-api-r1.0-1.0-
> > >> incubating.jar
> > >> gpg: Signature made Sun Mar 4 01:53:25 2007 GMT using DSA key ID
> > >> 11007026
> > >> gpg: BAD signature from "Jeremy Boynes <je...@boynes.com>"
> > >>
> > >> MD5 sums look right
> >
> > I added the profile (r518844), redeployed all the artifacts and
> > replaced the source distributions to include the change. Due to a
> > issue with the gpg plugin I signed the POM in the repo manually.
> > Hopefully, that takes care of this one :-)
>
> +1
>
> - robert
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> For additional commands, e-mail: general-help@incubator.apache.org
>
>
--
Davanum Srinivas :: http://wso2.org/ :: Oxygen for Web Services Developers
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
Re: [VOTE] Approve release of SCA specification APIs by Tuscany project
Posted by robert burrell donkin <ro...@gmail.com>.
On 3/16/07, Jeremy Boynes <jb...@apache.org> wrote:
> On Mar 15, 2007, at 5:07 PM, Jeremy Boynes wrote:
>
> > On Mar 15, 2007, at 3:49 PM, robert burrell donkin wrote:
> >
> >> On 3/13/07, Jeremy Boynes <jb...@apache.org> wrote:
> >>> The Tuscany community recently voted to release version 1.0-
> >>> incubating of our implementation of the API classes for the OSOA
> >>> specification V1.0:
> >>> http://mail-archives.apache.org/mod_mbox/ws-tuscany-dev/
> >>> 200703.mbox/%
> >>> 3c2BAE6905-FBDA-4788-A01D-E135733A0D1B@apache.org%3e
> >>>
> >>> The source archives and RAT reports can be found at:
> >>> http://people.apache.org/~jboynes/sca-api-r1.0-1.0-incubating
> >>> and the binary in the Maven repo at:
> >>> http://people.apache.org/repo/m2-incubating-repository/org/osoa/
> >>> sca-api-r1.0/1.0-incubating
> >>
> >> ok except for the signature issue
> >>
> >> major issues
> >> ==========
> >>
> >> gpg --verify sca-api-r1.0-1.0-incubating.jar.asc sca-api-r1.0-1.0-
> >> incubating.jar
> >> gpg: Signature made Sun Mar 4 01:53:25 2007 GMT using DSA key ID
> >> 11007026
> >> gpg: BAD signature from "Jeremy Boynes <je...@boynes.com>"
> >>
> >> MD5 sums look right
>
> I added the profile (r518844), redeployed all the artifacts and
> replaced the source distributions to include the change. Due to a
> issue with the gpg plugin I signed the POM in the repo manually.
> Hopefully, that takes care of this one :-)
+1
- robert
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
Re: [VOTE] Approve release of SCA specification APIs by Tuscany project
Posted by Jeremy Boynes <jb...@apache.org>.
On Mar 15, 2007, at 5:07 PM, Jeremy Boynes wrote:
> On Mar 15, 2007, at 3:49 PM, robert burrell donkin wrote:
>
>> On 3/13/07, Jeremy Boynes <jb...@apache.org> wrote:
>>> The Tuscany community recently voted to release version 1.0-
>>> incubating of our implementation of the API classes for the OSOA
>>> specification V1.0:
>>> http://mail-archives.apache.org/mod_mbox/ws-tuscany-dev/
>>> 200703.mbox/%
>>> 3c2BAE6905-FBDA-4788-A01D-E135733A0D1B@apache.org%3e
>>>
>>> The source archives and RAT reports can be found at:
>>> http://people.apache.org/~jboynes/sca-api-r1.0-1.0-incubating
>>> and the binary in the Maven repo at:
>>> http://people.apache.org/repo/m2-incubating-repository/org/osoa/
>>> sca-api-r1.0/1.0-incubating
>>
>> ok except for the signature issue
>>
>> major issues
>> ==========
>>
>> gpg --verify sca-api-r1.0-1.0-incubating.jar.asc sca-api-r1.0-1.0-
>> incubating.jar
>> gpg: Signature made Sun Mar 4 01:53:25 2007 GMT using DSA key ID
>> 11007026
>> gpg: BAD signature from "Jeremy Boynes <je...@boynes.com>"
>>
>> MD5 sums look right
I added the profile (r518844), redeployed all the artifacts and
replaced the source distributions to include the change. Due to a
issue with the gpg plugin I signed the POM in the repo manually.
Hopefully, that takes care of this one :-)
--
Jeremy
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
Re: [VOTE] Approve release of SCA specification APIs by Tuscany project
Posted by Jeremy Boynes <jb...@apache.org>.
On Mar 15, 2007, at 5:43 PM, Daniel Kulp wrote:
> On Thursday 15 March 2007 20:07, Jeremy Boynes wrote:
>> There appears to be a bug in the gpg plugin for mvn. When I did this
>> release I used gpg:sign as a goal on the command line and that
>> consistently generates invalid keys for all except the last artifact
>> (in this case the JavaDoc) even in the local repo. When I did the
>> kernel modules I added a profile to the build which includes gpg:sign
>> and for those all artifacts seem to have valid signatures.
>>
>> Rather than resign the deployed artifacts (just in case there is
>> something squiffy going on), I'll pull them down, add a profile to
>> the pom and then redeploy them.
>
> I don't think there's a way to get the gpg:sign stuff to work
> outside of
> a profile and have it install/deploy correctly. You MIGHT be able to
> get it to work on the command line via:
>
> mvn verify gpg:sign install:install deploy:deploy
>
> Basically, gpg:sign will sign the artifacts that are attached to the
> lifecycle at the point in the lifecycle that it runs. (default is
> verify phase) install/deploy then deploys those things.
>
> It you tried it with:
> mvn package gpg:sign deploy
> that won't work. The "package" will run a lifecycle up to
> package, then
> run gpg:sign signing those artifacts, but the deploy would then start
> another complete lifecycle which would rebuild the jars causing the
> signature to be invalid. The pom doesn't change in the second build
> which is why that sig is OK.
>
> I'll try and update the gpg docs tomorrow.
This seems counter-intuitive - is there some reason why mvn can't
merge goals into one lifecycle (specifically when the plugin is just
attaching and not forking another one)? Guess this discussion should
be moved to dev@maven :-)
BTW the sig on the POM is also borked but that might be because the
pom is being regenerated.
--
Jeremy
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
Re: [VOTE] Approve release of SCA specification APIs by Tuscany project
Posted by Daniel Kulp <da...@iona.com>.
On Thursday 15 March 2007 20:07, Jeremy Boynes wrote:
> There appears to be a bug in the gpg plugin for mvn. When I did this
> release I used gpg:sign as a goal on the command line and that
> consistently generates invalid keys for all except the last artifact
> (in this case the JavaDoc) even in the local repo. When I did the
> kernel modules I added a profile to the build which includes gpg:sign
> and for those all artifacts seem to have valid signatures.
>
> Rather than resign the deployed artifacts (just in case there is
> something squiffy going on), I'll pull them down, add a profile to
> the pom and then redeploy them.
I don't think there's a way to get the gpg:sign stuff to work outside of
a profile and have it install/deploy correctly. You MIGHT be able to
get it to work on the command line via:
mvn verify gpg:sign install:install deploy:deploy
Basically, gpg:sign will sign the artifacts that are attached to the
lifecycle at the point in the lifecycle that it runs. (default is
verify phase) install/deploy then deploys those things.
It you tried it with:
mvn package gpg:sign deploy
that won't work. The "package" will run a lifecycle up to package, then
run gpg:sign signing those artifacts, but the deploy would then start
another complete lifecycle which would rebuild the jars causing the
signature to be invalid. The pom doesn't change in the second build
which is why that sig is OK.
I'll try and update the gpg docs tomorrow.
--
J. Daniel Kulp
Principal Engineer
IONA
P: 781-902-8727 C: 508-380-7194
daniel.kulp@iona.com
http://www.dankulp.com/blog
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org
Re: [VOTE] Approve release of SCA specification APIs by Tuscany project
Posted by Daniel Kulp <da...@iona.com>.
On Thursday 15 March 2007 20:07, Jeremy Boynes wrote:
> There appears to be a bug in the gpg plugin for mvn. When I did this
> release I used gpg:sign as a goal on the command line and that
> consistently generates invalid keys for all except the last artifact
> (in this case the JavaDoc) even in the local repo. When I did the
> kernel modules I added a profile to the build which includes gpg:sign
> and for those all artifacts seem to have valid signatures.
>
> Rather than resign the deployed artifacts (just in case there is
> something squiffy going on), I'll pull them down, add a profile to
> the pom and then redeploy them.
I don't think there's a way to get the gpg:sign stuff to work outside of
a profile and have it install/deploy correctly. You MIGHT be able to
get it to work on the command line via:
mvn verify gpg:sign install:install deploy:deploy
Basically, gpg:sign will sign the artifacts that are attached to the
lifecycle at the point in the lifecycle that it runs. (default is
verify phase) install/deploy then deploys those things.
It you tried it with:
mvn package gpg:sign deploy
that won't work. The "package" will run a lifecycle up to package, then
run gpg:sign signing those artifacts, but the deploy would then start
another complete lifecycle which would rebuild the jars causing the
signature to be invalid. The pom doesn't change in the second build
which is why that sig is OK.
I'll try and update the gpg docs tomorrow.
--
J. Daniel Kulp
Principal Engineer
IONA
P: 781-902-8727 C: 508-380-7194
daniel.kulp@iona.com
http://www.dankulp.com/blog
---------------------------------------------------------------------
To unsubscribe, e-mail: tuscany-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: tuscany-dev-help@ws.apache.org