Also, I have several issues with the check:
[ERROR] NOT OK: Tagged sources are different from those in the archive
Only in ./target/jackrabbit-filevault-3.4.2/svn/jackrabbit-filevault-3.4.2:
.gitattributes
When I remove the . gitattributes from the checkout, I get the following error:
[ERROR] Failed to execute goal
org.apache.felix:maven-bundle-plugin:4.2.1:baseline (baseline) on project
org.apache.jackrabbit.vault: Baseline failed, see generated report -> [Help 1]
[ERROR]
Then a problem with the script itself:
[INFO] 3. Verify checksums and signatures
[INFO]
[INFO] Verifying jackrabbit-filevault-3.4.2-src.zip...
gpg: assuming signed data in
'./filevault/3.4.2/jackrabbit-filevault-3.4.2-src.zip'
gpg: Signature made Wed Jan 8 18:03:46 2020 JST
gpg: using RSA key D7742D58455ECC7C
gpg: Good signature from "Konrad Windszus
<[email protected]<mailto:[email protected]>>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: B91A B7D2 121D C6B0 A61A A182 D774 2D58 455E CC7C
[INFO] OK: jackrabbit-filevault-3.4.2-src.zip.asc
So, although the verification failed, the script reports OK (same for sha1).
Note, after importing your key, the verification succeeds.
----
As for the plugin:
The 1.0.4 release notes are included:
https://dist.apache.org/repos/dist/dev/jackrabbit/filevault-package-maven-plugin/1.1.0/RELEASE-NOTES.md
The the same problem with he gitattributes:
Only in
./target/filevault-package-maven-plugin-1.1.0/svn/filevault-package-maven-plugin-1.1.0/src/test/resources/test-projects/filtering-tests:
.gitattributes
[ERROR] NOT OK: Tagged sources are different from those in the archive
---
So:
-1 Do not release these packages because, the baseline check of filevault
fails, and the release notes in the plugin are wrong.
Regards, Toby
On 9 Jan 2020, at 10:42, Tobias Bocanegra
<[email protected]<mailto:[email protected]>> wrote:
Hi Konrad,
Thanks for the releases..are the 2 releases dependent on each other? Otherwise
I would create 2 vote requests
In order to reduce the chance that if 1 release gets rejected, the other is
also invalid.
Regards, Toby
On 8 Jan 2020, at 18:50, Konrad Windszus
<[email protected]<mailto:[email protected]>> wrote:
Hi,
A candidate for the Jackrabbit Filevault 3.4.2 release is available at:
https://dist.apache.org/repos/dist/dev/jackrabbit/filevault/3.4.2/
The release candidate is a zip archive of the sources in:
https://svn.apache.org/repos/asf/jackrabbit/commons/filevault/tags/jackrabbit-filevault-3.4.2/
The SHA1 checksum of the archive is 5a4b4714387e9195bed13aa79d2659f67958a73b.
The command for running automated checks against this release candidate is:
$ sh check-release.sh filevault 3.4.2 5a4b4714387e9195bed13aa79d2659f67958a73b
A candidate for the Jackrabbit Filevault Package Maven Plugin 1.1.0 release is
available at:
https://dist.apache.org/repos/dist/dev/jackrabbit/filevault-package-maven-plugin/1.1.0/
The release candidate is a zip archive of the sources in:
https://svn.apache.org/repos/asf/jackrabbit/commons/filevault-package-maven-plugin/tags/filevault-package-maven-plugin-1.1.0/
The SHA1 checksum of the archive is
4c8679b67b7d10ecc6ff7869f028ee872a6ee941
The command for running automated checks against this release candidate is:
$ sh check-release.sh filevault-plugin 1.1.0
4c8679b67b7d10ecc6ff7869f028ee872a6ee941
A staged Maven repository for both is available for review at:
https://repository.apache.org/content/repositories/orgapachejackrabbit-1477
Please vote on releasing these packages
The vote is open for a minimum of 72 hours during business days and passes
if a majority of at least three +1 Jackrabbit PMC votes are cast.
The vote fails if not enough votes are cast after 1 week (5 business days).
[ ] +1 Release these packages as "Apache Jackrabbit Filevault 3.4.2" and
"Apache Jackrabbit Filevault Package Maven Plugin 1.1.0"
[ ] -1 Do not release these packages because...
Thanks,
Konrad
