> On Jan. 15, 2016, 5:46 p.m., Nitin Lamba wrote: > > Just noticed in the repo [1] that even PGP armor (.asc) files have md5 and > > sha1 hashes (*.asc.md5 and *.asc.sha1). Is that intentional? It seems > > something changed last night which is generating these additional files. > > > > [1] > > https://repository.apache.org/content/repositories/snapshots/org/apache/geode/gemfire-common/1.0.0-incubating-SNAPSHOT/ > > Anthony Baker wrote: > The md5 / sha1 files are automatically generated by maven for every file. > > We were testing the `gradle uploadArchives` task yesterday which > generated new snapshot versions in the snapshot repo. > > Nitin Lamba wrote: > Thanks Anthony; makes sense. > > Is there a file filter to ignore a file type? From my recollection of the > checksum requirement or few other repos I did a spotcheck on, '.asc' files > are neither posted nor have those extensions. This would just make the repo > file list smaller/ cleaner.
To clarify, asc files are generated by signing a build. Normally, our snapshots won't be signed since they're generated by Jenkins. We have to sign release builds and publish signatures AFAIK. I did see a lot of variation even on the published snapshots: Signed: https://repository.apache.org/content/groups/snapshots/org/apache/hbase/hbase-common/2.0.0-SNAPSHOT/ https://repository.apache.org/content/groups/snapshots/org/apache/samza/samza-api/0.10.1-SNAPSHOT/ https://repository.apache.org/content/groups/snapshots/org/apache/kafka/kafka-hadoop-consumer/0.8.2-SNAPSHOT/ Not signed: https://repository.apache.org/content/groups/snapshots/org/apache/maven/apache-maven/3.4.0-SNAPSHOT/ https://repository.apache.org/content/groups/snapshots/org/apache/httpcomponents/httpclient/4.4-beta2-SNAPSHOT/ - Anthony ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/42333/#review114725 ----------------------------------------------------------- On Jan. 15, 2016, 1:02 a.m., Anthony Baker wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/42333/ > ----------------------------------------------------------- > > (Updated Jan. 15, 2016, 1:02 a.m.) > > > Review request for geode, Dick Cavender, Mark Bretl, and Dan Smith. > > > Repository: geode > > > Description > ------- > > The maven-publish plugin does not grok signature nor sign pom > files. These are needed for publishing release versions on Maven > Central. Switching over to the nexus plugin simplified signing, > generation of javadoc / sources jars, and publishing. > > To publish to the local maven repository (~/.m2/repository): > gradle install > > To publish to the snapshot / release repositories: > gradle uploadArtifacts > > Signatures will only be created if the following properties are set > in ~/.gradle.properties: > signing.keyId > signing.secretKeyRingFile > signing.password > > To upload the artifacts to Maven, you will need to set the following > properties in ~/.gradle/gradle.properties: > nexusUsername > nexusPassword > > > Diffs > ----- > > build.gradle bd0ec18fa9eadc09b0c43c453a488b32291d7327 > gemfire-assembly/build.gradle 75805878d8d5c990af316cbb69ecdf8b1559aea3 > gemfire-core/build.gradle 7639aa4e3b7834699969e4159969e4d6e3e2291c > gemfire-web-api/build.gradle 81eec6dd4b805a8e82ee24340f2bc1a764d1e242 > gemfire-web/build.gradle 27292d5632cbb97c19b31cad5011e3ab52498bea > gradle/dependency-versions.properties PRE-CREATION > > Diff: https://reviews.apache.org/r/42333/diff/ > > > Testing > ------- > > Tested local builds, publishing to local maven, and snapshot repo. > > Thanks to Sean Goller and DickC for all the help. > > > Thanks, > > Anthony Baker > >
