On Mon, Apr 28, 2014 at 11:32 AM, Sravya Tirukkovalur <[email protected]>wrote:
> > > > On Mon, Apr 28, 2014 at 9:15 AM, karthik ramachandran < > [email protected]> wrote: > >> All, >> >> To fix the discrepancies between what is in the RC and the tag, I pulled a >> fresh version of code from git and ran: >> >> git checkout release-1.3.0-rc2 >> mvn package -DskipTests >> >> I then re-signed and created new hashes for the resulting gzip and >> uploaded >> those artifacts to >> http://people.apache.org/~kramachandran/sentry-1.3.0-rc2/ >> >> When I run diff -r incubator-sentry/ apache-sentry-1.3.0-incubating-src/ >> the diff comes back clean. In this case incubator-sentry is yet another >> clean pull of the release-1.3.0-rc2 tag (sha >> : 31c8aca46c060685bd5a01f7706e2adab78a20d8); and >> apache-sentry-1.3.0-incubating-src is the uncompressed version of the tar >> built in the previous step. >> >> However, when I try to generate a tar using git archive --format=tar >> --prefix=apache-sentry-1.3.0-incubating-src/ HEAD | gzip > >> apache-sentry-1.3.0-incubating.tar.gz the resulting sha does not match the >> sha of the artifact generated by maven. When I unzip the resulting tar and >> diff it with the tar generated by maven the diff does come back clean. >> Does anyone have any thoughts on what I might be doing wrong here? >> >> > I verified that the sha1 and md5 are different for tar.gz produced by > maven versus git archive, although the contents are the same if I untar the > artifacts(diff -rq). My guess is they compress differently? @Greg, is there > a reason you used git archive rather than maven package? > > Ah never mind, checksums will be different for two different tar balls, even if they are made from the same source. So we shouldn't really be comparing checksums of two different tar balls to make sure their contents match. Although we need to make sure the SHA and MD5 specified in the release candidate match with SHA/MD5 of the tar. Does that sound right, @Patrick, @Greg? Also, as matter of voting protocol do we need to call a new vote or can we >> continue to leave the existing vote open? >> >> Thanks, >> Karthik >> >> >> >> On Fri, Apr 25, 2014 at 10:24 AM, Joe Brockmeier <[email protected]> wrote: >> >> > -----BEGIN PGP SIGNED MESSAGE----- >> > Hash: SHA1 >> > >> > On 04/21/2014 11:33 PM, Patrick Hunt wrote: >> > > I think Greg is right. It mostly looks good however there are a >> > > number of significant differences between what's in the rc and >> > > what's in the tag. Here's the diff output btw the untar'd rc and >> > > what's in the tag in git (mostly iml files, but also some >> > > directories, e.g. sentry-provider-db). >> > > >> > > I'm -1 at the moment. >> > >> > I've been hoping for some feedback from the release manager on these >> > questions before proceeding to review the artifacts. Any progress, >> > Karthik? >> > >> > Best, >> > >> > jzb >> > - -- >> > Joe Brockmeier >> > [email protected] >> > Twitter: @jzb >> > http://www.dissociatedpress.net/ >> > -----BEGIN PGP SIGNATURE----- >> > Version: GnuPG v1 >> > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ >> > >> > iQEcBAEBAgAGBQJTWpppAAoJEKbW5zOgIHzUHfEH/3sSme6MLfTkU76fNJ4YKnFH >> > Tlz6GCF+BrXruM+NRn1YtmaypM/briZK+pa9OIiH5kVNJ4w59VXgxQP8RPUnyAcm >> > u7ZETekt6ioM8hUX71s/b7GPXceAhA6ZW3nzZSMbntdONsacjRMkwiCJ3Fz5buL8 >> > fmfx8ew0Zt7qrOYus0liwHZuE6CoTCu/a1nTTFZBPGpUr8ArsirO6mvcffK4YMX6 >> > /p6zAZgoOB1cc9bzQcdaMT79Hg7671HVsArY2I8XeG+g6kSPVYCsonDL/Kw1VHZw >> > i41BulVIj/NU0HmPGRn65HIwdQHqbrakGjbVl9z9lCkyQ1QDtcVvUIj5B6iuabk= >> > =nA9Z >> > -----END PGP SIGNATURE----- >> > >> >> >> >> -- >> Karthik Ramachandran >> Mobile: 412-606-8981 >> > > > > -- > Sravya Tirukkovalur > -- Sravya Tirukkovalur
