Den fre 8 juli 2022 kl 22:47 skrev <dsahlb...@apache.org>: > Author: dsahlberg > Date: Fri Jul 8 20:47:42 2022 > New Revision: 1902582 > > URL: http://svn.apache.org/viewvc?rev=1902582&view=rev > Log: > ASF no longer provide a aggregated KEYS file, so we need to construct it > ourselves using the make-keys.sh script. > > * tools/dist/release.py > (roll_tarballs): Call make-keys.sh to create the KEYS file > (get_keys): Call make-keys.sh to create the KEYS file > > Modified: > subversion/trunk/tools/dist/release.py > > Modified: subversion/trunk/tools/dist/release.py > URL: > http://svn.apache.org/viewvc/subversion/trunk/tools/dist/release.py?rev=1902582&r1=1902581&r2=1902582&view=diff > > ============================================================================== > --- subversion/trunk/tools/dist/release.py (original) > +++ subversion/trunk/tools/dist/release.py Fri Jul 8 20:47:42 2022 > @@ -98,7 +98,6 @@ dist_release_url = dist_repos + '/releas > dist_archive_url = 'https://archive.apache.org/dist/subversion' > buildbot_repos = os.getenv('SVN_RELEASE_BUILDBOT_REPOS', > ' > https://svn.apache.org/repos/infra/infrastructure/buildbot/aegis/buildmaster > ') > -KEYS = 'https://people.apache.org/keys/group/subversion.asc' > extns = ['zip', 'tar.gz', 'tar.bz2'] > > > @@ -980,7 +979,12 @@ def roll_tarballs(args): > # from a committer's LDAP profile down the road) > basename = 'subversion-%s.KEYS' % (str(args.version),) > filepath = os.path.join(get_tempdir(args.base_dir), basename) > - download_file(KEYS, filepath, None) > + # The following code require release.py to be executed within a > + # complete wc, not a shallow wc as indicated in HACKING as one > option. > + # We /could/ download COMMITTERS from /trunk if it doesn't > exist... > + subprocess.check_call([os.path.dirname(__file__) + > '/make-keys.sh', > + '-c', os.path.dirname(__file__) + '/../..', > + '-o', filepath]) > shutil.move(filepath, get_target(args)) >
I have tested the above part but NOT within the full roll_tarballs codepath since I'm not sure if I might cause changes in the repository. I believe the change is correct and I don't think things will be worse than trying to download a non-existing URL but I would appreciate the help from someone experienced in the release process to review or at least give me the confidence to roll a tarball locally. Kind regards, Daniel > # And we're done! > @@ -1465,12 +1469,11 @@ def check_sigs(args): > > def get_keys(args): > 'Import the LDAP-based KEYS file to gpg' > - # We use a tempfile because urlopen() objects don't have a .fileno() > - with tempfile.SpooledTemporaryFile() as fd: > - fd.write(urlopen(KEYS).read()) > - fd.flush() > - fd.seek(0) > - subprocess.check_call(['gpg', '--import'], stdin=fd) > + with tempfile.NamedTemporaryFile(delete=False) as tmpfile: > + keyspath = tmpfile.name > + subprocess.check_call([os.path.dirname(__file__) + '/make-keys.sh', > '-c', os.path.dirname(__file__) + '/../..', '-o', keyspath]) > + subprocess.check_call(['gpg', '--import', keyspath]) > + os.remove(keyspath) > > def add_to_changes_dict(changes_dict, audience, section, change, > revision): > # Normalize arguments > > >