Also, does anyone know if it's possible to use empty-passphrase keys
with maven-gpg-plugin?
-Patrick
On May 14, 2008, at 11:37 AM, Patrick Linskey wrote:
Hi,
I've had some troubles getting this patch working:
1. with the <parent> section enabled, I get errors about not finding
a ../pom.xml file. Do we need to make other environmental changes
for that to work?
2. with the maven-gpg-plugin, I get an error when signing one of the
release artifacts:
[INFO] [gpg:sign {execution: default}]
gpg: can't create `/Users/pcl/src/openjpa/branches/1.1.0/openjpa-
project/target/gpg/../target/site/downloads/apache-openjpa-1.1.0-
binary.zip.asc': No such file or directory
Note that there is no 'gpg' directory in openjpa-project/target. The
correct path should probably be /Users/pcl/src/openjpa/branches/
1.1.0/openjpa-project/target/../target/site/downloads/apache-
openjpa-1.1.0-binary.zip.asc
Any idea why that extra 'gpg' directory would insinuate itself into
the patch? Any suggestions about how to get rid of it?
Other than that, there are tons of new .asc and .md5 files created
for all sorts of intermediate artifacts, so the plugin is probably
working for the most part.
-Patrick
On Apr 8, 2008, at 8:30 AM, Wendy Smoak wrote:
On Fri, Apr 4, 2008 at 12:40 PM, Wendy Smoak <[EMAIL PROTECTED]>
wrote:
Please review the release process to make sure that detached
signatures (.asc files) are produced for all artifacts in the Maven
repo, as well for as the normal release distributions.
Hello again. I met up with Craig at the AC EU hackathon and took a
look at http://openjpa.apache.org/releasing-openjpa.html and the
build.
Here's what I've got so far for the top-level pom. This adds the ASF
organizational pom as a parent, and configures the GPG plugin to sign
the artifacts. Unfortunately I'm not set up to build the entire
thing
with the release profile enabled, so I can't be sure this doesn't
break anything else...
Index: pom.xml
===================================================================
--- pom.xml (revision 645306)
+++ pom.xml (working copy)
@@ -22,6 +22,11 @@
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/maven-v4_0_0.xsd";>
<modelVersion>4.0.0</modelVersion>
+ <parent>
+ <groupId>org.apache</groupId>
+ <artifactId>apache</artifactId>
+ <version>4</version>
+ </parent>
<prerequisites>
<maven>2.0.4</maven>
</prerequisites>
@@ -104,6 +109,25 @@
<modules>
<module>openjpa-project</module>
</modules>
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-gpg-plugin</artifactId>
+ <version>1.0-alpha-4</version>
+ <configuration>
+ <passphrase>${gpg.passphrase}</passphrase>
+ </configuration>
+ <executions>
+ <execution>
+ <goals>
+ <goal>sign</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </build>
</profile>
<!--
After this, you should be able to remove the Antrun plugin config
that's doing the signatures in the openjpa-project module.
(Signatures for the artifacts in the central repo are my main
concern,
but if there is interest in reducing the number of steps involved in
the release process, I can make some suggestions.)
--
Wendy
--
Patrick Linskey
202 669 5907
--
Patrick Linskey
202 669 5907
