Re: Release META File?

Mon, 25 Jun 2018 09:34:09 -0700 



On 25/06/18 17:03, Rob Vesse wrote:

Andy

If you do have updated Javadoc scripts that would be useful though not urgent 
like you say


Done.



Note that I did have to update the chksum script slightly for OS X environments 
in order to generate SHA512 sum's so extra scrutiny on those when reviewing to 
make sure I got that right. (Aside - basically the openssl tools output sums in 
a slightly different format so I did some massaging in the script to align with 
the sha512sum output from a Linux distro which I looked at by running a Docker 
container)



FWIW "openssl sha512" exists on my machine as well. Sample output: (all 
one line):



SHA512(D.ttl)= 
c043661aa7ff9534c15d09544f36f69394d532357fcd5573acc1212e2c7dd64aea132063dde8ac7528677767ab18ac22f4eb60afeca052611c4e59debdc2d6fb



That is the same as "sha512sum --tag" which is described as 'create a 
BSD-style checksum'. The  "| awk '{print $2}'" works.


        Andy



Rob

On 25/06/2018, 16:58, "Andy Seaborne" <[email protected]> wrote:

     Rob,

     
     I have updated META and META.asc files ready + dist.sh script for

     dist-tools - let me know if you want to be "svn commit" them.

     
     Looking at the dist-tools area, I foudn an updated prepare-javadoc

     script as well which includes TDB2, and copes with the different index
     files we have. Do you want me to commit these updated prepare-javadoc +
     the mdtext files for the indexes as well? Or I can do this after the
     release - it's the javadoc for the website so async to the release proper.

     
          Andy
     
     On 25/06/18 15:40, Andy Seaborne wrote:

     > Rob,
     >
     > The META file is part of the chain of trust, starting with the Apache
     > root. The META file is delegated to the project chair so I need to add
     > you to that file and be the one to sign it.
     >
     > What I don't know is whether the fact, in the KEYS file, you have short
     > fingerprint will make any difference but if META is incomplete or wrong,
     > nothing breaks. At the moment, checker.ao is reporting the chain of
     > trust, not taking action on it.
     >
     > The chair does updates to META that without needing to couple it to the
     > release cycle.
     >
     >      Andy
     >
     > https://checker.apache.org/t
     >
     > On 25/06/18 14:14, Rob Vesse wrote:
     >> Andy
     >>
     >>
     >> The release process notes don’t have any detail on how to update the
     >> new META file in the staging repo.  The format looks fairly obvious
     >> but it isn’t clear to me what command(s) are needed to get the key
     >> fingerprint that is embedded in that file?
     >>
     >>
     >> Also what do I need to do to sign the META file after I have
     >> appropriately modified it?
     >>
     >>
     >> Rob
     >>
     >>

     



























					Reply via email to