Okay, I think I have everything set up properly, and I'm ready to commit the updated binaries to SVN. However, as a final test just to be sure, I tried to extract the new binary and manually run ant -f installer.xml. Unfortunately, it failed. I noticed that installer.xml still references 0.6.0, so it was trying to download the wrong files:
<property name="flexjs.version" value="0.6.0"/> <property name="falcon.version" value="0.6.0"/> If I manually change them to 0.7.0, the installation script finishes successfully. Should I update those values too, before I upload? By the way, I double-checked, and these values are incorrect in the 0.7.0 source packages too. I don't know how serious an issue that is. - Josh On Thu, Sep 8, 2016 at 9:15 PM, Alex Harui <[email protected]> wrote: > You will need a PGP key, if you don't have one already: > https://www.apache.org/dev/release-signing > > I would create an "out" folder in a flex-asjs working copy, and unzip the > binary package in there, then add the missing file. > > Then I would run: > ant binary-package-tgz binary-package-zip > > That should create a tar.gz and .zip file in the out folder. I would > copy the source packages into the out folder". > > Then: > ant create-md5 > > Then finally: > ant sign > > In theory, the -src.* files will be untouched and you will have new -bin.* > files. 6 of them to be exact. > > These files go up on dist.apache.org via SVN (not Git). The URL is: > https://dist.apache.org/repos/dist/release/flex/flexjs > > > > I can probably do it, but I'm hoping you will just so we have another PMC > member set up with the pieces to do releases. > > Thanks, > -Alex > > > > On 9/8/16, 5:48 PM, "Josh Tynjala" <[email protected]> wrote: > > >I can probably do that tomorrow. Can you point me to instructions? I don't > >know where to upload the updated binaries or what the Apache process is to > >do the signing. Is there an easy way to generate an md5 for a file on Mac? > > > >- Josh > > > >On Thu, Sep 8, 2016 at 5:24 PM, Alex Harui <[email protected]> wrote: > > > >> > >> > >> On 9/8/16, 4:12 PM, "Josh Tynjala" <[email protected]> wrote: > >> > >> >To avoid this issue in the future, whichever ant target is used to > >>create > >> >a > >> >binary release should probably clean everything first. Another > >>potential > >> >issue is that someone might modify their downloaded files to test > >> >something > >> >locally and forget to revert them. In other words, local modifications > >> >could end up in a binary release without any kind of warning. If the > >>full > >> >binary release build forced a clean and re-downloaded dependencies, > >>that > >> >would handle both issues. > >> > >> For me, the GCL files are outside the ant folders so a clean wouldn't > >> help. It is an interesting Apache-ism that they recommend building > >> artifacts locally. It would be way more safe IMO to just ship something > >> from the CI server. But that's also a reason that only the source > >> artifact is an official release. The binary artifacts are harder to > >> verify and thus aren't official releases, just a convenience. > >> > >> > > >> >Can we update the binary release of 0.7.0? Or do we need to do a > >>0.7.1? As > >> >far as I can tell, the source bits are fine because the downloads are > >>part > >> >of building from source. > >> > >> In this case, I think you can add that one file to the binary package, > >> update the md5 files and sign it and push it back up there. > >> > >> -Alex > >> > >> > >
