I know... :-( The checksums are generated either by some Maven plugin or Nexus.
Gary On Sun, Jul 16, 2017 at 1:38 PM, Mikael Ståldal <[email protected]> wrote: > The md5sum and sha1sum tools are able to do the comparations themself if > the checksum file contains the filename, which those checksum files > doesn't. Why not? > > We need to automate this, it's tedious and error-prone to do all this > checksum verification manually. > > > > On 2017-07-16 22:29, Gary Gregory wrote: > >> On Sun, Jul 16, 2017 at 1:27 PM, Mikael Ståldal <[email protected]> wrote: >> >> Apache Maven 3.3.9 (bb52d8502b132ec0a5a3f4c09453c07478323dc5; >>> 2015-11-10T17:41:47+01:00) >>> Maven home: /opt/apache-maven-3.3.9 >>> Java version: 1.8.0_131, vendor: Oracle Corporation >>> Java home: /opt/jvm/jdk1.8.0_131/jre >>> Default locale: en_US, platform encoding: UTF-8 >>> OS name: "linux", version: "4.4.0-83-generic", arch: "amd64", family: >>> "unix" >>> >>> I did all three actions mentions in the BUINGING.md: >>> mvn apache-rat:check >>> mvn clean install >>> mvn site >>> >>> on both master and the 11.0-rc2 tag in Git. >>> >>> I also tried the artifacts published to the staging repository with a >>> test >>> project of mine. >>> >>> Not sure how I am supposed to check the ASC, MD5 and SHA1 files in a >>> convenient way. >>> >>> >> On Cygwin/Linux: >> >> md5sum <FILENAME> >> and compare the to contents of the .md5 file >> >> sha1sum <FILENAME> >> and compare the to contents of the .sha1 file >> >> Then: >> >> gpg --verify <ASC_FILE> <ZIP_FILE> >> >> and eyeball the output. >> >> Gary >> >> >> >>> Do we have a checklist of what we are supposed to do? >>> >>> >>> >>> On 2017-07-16 21:50, Gary Gregory wrote: >>> >>> As a PMC, we think we need to better document our "+1"s than "Everything >>>> seems fine." >>>> >>>> For example: Did you check the ASC, MD5 and SHA1 files? >>>> >>>> _How_ exactly does it "seem" fine? >>>> >>>> What JDK(s) did you use to build? What did you build? From what? The >>>> tag? >>>> The zip? >>>> >>>> And so on. >>>> >>>> Gary >>>> >>>> On Sun, Jul 16, 2017 at 12:04 PM, Mikael Ståldal <[email protected]> >>>> wrote: >>>> >>>> +1 >>>> >>>>> >>>>> Everything seems fine. >>>>> >>>>> >>>>> >>>>> On 2017-07-16 18:41, Matt Sicker wrote: >>>>> >>>>> Hello all, sorry for the delay between release candidates. This is a >>>>> vote >>>>> >>>>>> to release RC2 of Log4j Scala API 11.0, the first release of the new >>>>>> repository. The main features in this release are Scala 2.12 support >>>>>> and >>>>>> an >>>>>> API for manipulating the ThreadContext. >>>>>> >>>>>> Artifacts are available in this staging repository: < >>>>>> https://repository.apache.org/content/repositories/orgapache >>>>>> logging-1028/ >>>>>> >>>>>> . >>>>>>> >>>>>>> The site is on <https://rgoers.github.io/log4j-scala-site/> (though >>>>>> it's >>>>>> not appearing for me at the time of writing). Don't mind the styling >>>>>> issues >>>>>> in component pages as these will point to the correct paths when >>>>>> merged >>>>>> with the existing site. >>>>>> >>>>>> The artifacts are signed with my GPG key with the >>>>>> ID 748F15B2CF9BA8F024155E6ED7C92B70FA1C814D which is available in the >>>>>> Logging KEYS file. >>>>>> >>>>>> Artifacts can be downloaded using the following command: >>>>>> >>>>>> wget -e robots=off --cut-dirs=7 -nH -r -p -np --no-check-certificate >>>>>> https://repository.apache.org/content/repositories/orgapache >>>>>> logging-1028/org/apache/logging/log4j/ >>>>>> >>>>>> If that doesn't work, please let me know so I can note the correct >>>>>> command >>>>>> for future vote emails. >>>>>> >>>>>> >>>>>> >>>>>> >>>>> >>>> >>> >> >
