Author: gk
Date: Wed Sep 27 14:16:47 2017
New Revision: 1809849
URL: http://svn.apache.org/viewvc?rev=1809849&view=rev
Log:
- update dependencies
- update howto in README.txt
- add optional wasp dependency check plugin
- remove profile from yaafi as it is moved to turbine parent 4 (same id)
Modified:
turbine/fulcrum/trunk/README.txt
turbine/fulcrum/trunk/crypto/NOTICE.txt
turbine/fulcrum/trunk/crypto/pom.xml
turbine/fulcrum/trunk/pom.xml
turbine/fulcrum/trunk/upload/pom.xml
turbine/fulcrum/trunk/yaafi/pom.xml
Modified: turbine/fulcrum/trunk/README.txt
URL:
http://svn.apache.org/viewvc/turbine/fulcrum/trunk/README.txt?rev=1809849&r1=1809848&r2=1809849&view=diff
==============================================================================
--- turbine/fulcrum/trunk/README.txt (original)
+++ turbine/fulcrum/trunk/README.txt Wed Sep 27 14:16:47 2017
@@ -34,24 +34,28 @@ More Information
Steps
1) Local Testing
- // Verify gpg.homedir, gpg.useagent, gpg.passphrase. Check, if
-Dgpg.useagent=false is needed
+ // Verify gpg.homedir, gpg.useagent, gpg.passphrase. Check, if
-Dgpg.useagent=false is needed, see below comment to pinentry.
mvn clean site install -Papache-release -Dgpg.passphrase=<xx>
// multi module
mvn release:prepare -DdryRun=true -DautoVersionSubmodules=true
-Papache-release
// single
mvn release:prepare -DdryRun=true -Papache-release
+ //
mvn release:clean
2) Remote Testing
+ // explicit authentication with -Dusername=<username> -Dpassword=<pw>
// multi module
- mvn release:prepare -DautoVersionSubmodules=true -P apache-release
-Dusername=<username> -Dpassword=<pw>
+ mvn release:prepare -DautoVersionSubmodules=true -P apache-release
+ // success will be on the master build, the others are skipped
// single
- mvn release:prepare -P apache-release -Dusername=<username> -Dpassword=<pw>
+ mvn release:prepare -P apache-release
// Helpful hint from Apache Website: If you're located in Europe then
release:prepare may fail with 'Unable to tag SCM' and ' svn: No such revision X
'. Wait 10 seconds and run mvn release:prepare again.
4) Release Preparing
// performs an upload to
repository.apache.org/service/local/staging/deploy/maven2/
- // Hint: Add -Dgpg.useagent=false helps, if running from a windows machine
to avoid hanging while gpg plugin signing process ..
+ // Hint: Add -Dgpg.useagent=false helps, if running from a windows machine
to avoid hanging while gpg plugin signing process
+ // .. this may happen, if you do not define the pinentry-program in
gpg-agent.conf correctly ..
mvn release:perform
// You could find more Information here:
http://www.sonatype.com/books/nexus-book/reference/staging.html
@@ -67,7 +71,8 @@ Steps
7) Either Promote / Publish or Drop and Restage
// http://www.apache.org/dev/publishing-maven-artifacts.html#promote
// http://www.apache.org/dev/publishing-maven-artifacts.html#drop
- // After Drop "reverse merge the release prepare, manually delete tag in svn
repo and drop staged repository in nexus and start again with step 1.
+ // After Drop "reverse merge the release prepare (i.e. mvn release:rollback
if possible),
+ // manually delete tag in svn repo (svn delete ..) and drop staged
repository in nexus and start again with step 1.
8) Stage the latest documentation
//
http://maven.apache.org/developers/website/deploy-component-reference-documentation.html
Modified: turbine/fulcrum/trunk/crypto/NOTICE.txt
URL:
http://svn.apache.org/viewvc/turbine/fulcrum/trunk/crypto/NOTICE.txt?rev=1809849&r1=1809848&r2=1809849&view=diff
==============================================================================
--- turbine/fulcrum/trunk/crypto/NOTICE.txt (original)
+++ turbine/fulcrum/trunk/crypto/NOTICE.txt Wed Sep 27 14:16:47 2017
@@ -1,5 +1,5 @@
-Turbine Fulcrum YAAFI
-Copyright 2002-2007 The Apache Software Foundation.
+Turbine Fulcrum Crypto
+Copyright 2002-2017 The Apache Software Foundation.
This product includes software developed at
The Apache Software Foundation (http://www.apache.org/).
Modified: turbine/fulcrum/trunk/crypto/pom.xml
URL:
http://svn.apache.org/viewvc/turbine/fulcrum/trunk/crypto/pom.xml?rev=1809849&r1=1809848&r2=1809849&view=diff
==============================================================================
--- turbine/fulcrum/trunk/crypto/pom.xml (original)
+++ turbine/fulcrum/trunk/crypto/pom.xml Wed Sep 27 14:16:47 2017
@@ -20,6 +20,7 @@
<groupId>org.apache.turbine</groupId>
<artifactId>turbine-parent</artifactId>
<version>4</version>
+ <relativePath></relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
Modified: turbine/fulcrum/trunk/pom.xml
URL:
http://svn.apache.org/viewvc/turbine/fulcrum/trunk/pom.xml?rev=1809849&r1=1809848&r2=1809849&view=diff
==============================================================================
--- turbine/fulcrum/trunk/pom.xml (original)
+++ turbine/fulcrum/trunk/pom.xml Wed Sep 27 14:16:47 2017
@@ -59,6 +59,31 @@
<module>yaafi-crypto</module>
<module>yaafi</module>
</modules>
+
+ <build>
+ <plugins>
+ <!-- run optionally
+ mvn org.owasp:dependency-check-maven:aggregate
+ do not use it as reporting plugin, as it exposes file paths to
artifacts
+ check each possible vulnerability carefully, find more info about
how to read, false positives et al. here:
https://jeremylong.github.io/DependencyCheck/dependency-check-maven/plugin-info.html
+ -->
+ <plugin>
+ <groupId>org.owasp</groupId>
+ <artifactId>dependency-check-maven</artifactId>
+ <version>2.1.1</version>
+ <executions>
+ <execution>
+ <goals>
+ <goal>aggregate</goal>
+ </goals>
+ </execution>
+ </executions>
+ <!--configuration>
+ <suppressionFiles>true</suppressionFiles>
+ </configuration-->
+ </plugin>
+ </plugins>
+ </build>
</project>
Modified: turbine/fulcrum/trunk/upload/pom.xml
URL:
http://svn.apache.org/viewvc/turbine/fulcrum/trunk/upload/pom.xml?rev=1809849&r1=1809848&r2=1809849&view=diff
==============================================================================
--- turbine/fulcrum/trunk/upload/pom.xml (original)
+++ turbine/fulcrum/trunk/upload/pom.xml Wed Sep 27 14:16:47 2017
@@ -94,7 +94,7 @@
<dependency>
<groupId>commons-fileupload</groupId>
<artifactId>commons-fileupload</artifactId>
- <version>1.3.1</version>
+ <version>1.3.3</version>
</dependency>
<!-- testing dependencies -->
Modified: turbine/fulcrum/trunk/yaafi/pom.xml
URL:
http://svn.apache.org/viewvc/turbine/fulcrum/trunk/yaafi/pom.xml?rev=1809849&r1=1809848&r2=1809849&view=diff
==============================================================================
--- turbine/fulcrum/trunk/yaafi/pom.xml (original)
+++ turbine/fulcrum/trunk/yaafi/pom.xml Wed Sep 27 14:16:47 2017
@@ -19,7 +19,7 @@
-->
<project xmlns="http://maven.apache.org/POM/4.0.0";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/maven-v4_0_0.xsd";>
<parent>
- <artifactId>turbine-parent</artifactId>
+ <artifactId>turbine-parent</artifactId>
<groupId>org.apache.turbine</groupId>
<version>4</version>
</parent>
@@ -119,27 +119,4 @@
<!-- This bits are used for the staging directory -->
<turbine.site.path>fulcrum/fulcrum-yaafi</turbine.site.path>
</properties>
- <profiles>
- <profile>
- <!-- ignore doclint errors (should be warnings) -->
- <id>java8</id>
- <activation>
- <jdk>1.8</jdk>
- </activation>
- <build>
- <plugins>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-javadoc-plugin</artifactId>
- <configuration>
-
<additionalparam>-Xdoclint:none</additionalparam>
- </configuration>
- </plugin>
- </plugins>
- </build>
- <properties>
- <javadoc.opts>-Xdoclint:none</javadoc.opts>
- </properties>
- </profile>
- </profiles>
</project>
\ No newline at end of file
