Thanks Greg! On Mon, Apr 28, 2014 at 12:06 PM, Gregory Chanan <[email protected]>wrote:
> I was trying to match up the git tag vs the released artifact, but didn't > know a standard way of doing that. As I mentioned in the original e-mail, > I wasn't sure if what I did was correct, but it was sufficient for my > purposes since it helped me find the discrepancy. > > Running diff -rq on the untared release artifact and the source as of the > git tag sounds sufficient. It sounds like I can get the source as of the > git tag either via git archive or via maven, since they produce the same > tree, as you mentioned. If someone knows a better way, I'd love to hear > it. > > I use diff -rq as well and seems to work fine. But would love to hear if there is a standard way. > FWIW I chose "git archive" rather than mvn because we are doing a source > release and git understands what is source. Invoking mvn seemed like a > "bad" idea, because: > 1) it invokes the build, but we are doing a source release that should be > independent of the build. > 2) it will pull in files that are not in the source, e.g. the .iml files > generated by eclipse or even files generated via the build itself > I see that the how-to-release page lists using mvn to generate the source > artifact ( > https://cwiki.apache.org/confluence/display/SENTRY/How+to+Release), > but for the reasons above it seems like we should replace this with using > git archive. > > I agree that, we should use git archive instead, as we are only releasing src artifacts. Unless there was a reason for using maven to generate src artifacts. > Thoughts? > Greg > > > I think we should update the sentry how to release page. Also having a voting checklist would help. So that the release manager and the voters have one way of verifying things. > On Mon, Apr 28, 2014 at 11:51 AM, Sravya Tirukkovalur > <[email protected]>wrote: > > > On Mon, Apr 28, 2014 at 11:32 AM, Sravya Tirukkovalur > > <[email protected]>wrote: > > > > > > > > > > > > > > On Mon, Apr 28, 2014 at 9:15 AM, karthik ramachandran < > > > [email protected]> wrote: > > > > > >> All, > > >> > > >> To fix the discrepancies between what is in the RC and the tag, I > > pulled a > > >> fresh version of code from git and ran: > > >> > > >> git checkout release-1.3.0-rc2 > > >> mvn package -DskipTests > > >> > > >> I then re-signed and created new hashes for the resulting gzip and > > >> uploaded > > >> those artifacts to > > >> http://people.apache.org/~kramachandran/sentry-1.3.0-rc2/ > > >> > > >> When I run diff -r incubator-sentry/ > apache-sentry-1.3.0-incubating-src/ > > >> the diff comes back clean. In this case incubator-sentry is yet > another > > >> clean pull of the release-1.3.0-rc2 tag (sha > > >> : 31c8aca46c060685bd5a01f7706e2adab78a20d8); and > > >> apache-sentry-1.3.0-incubating-src is the uncompressed version of the > > tar > > >> built in the previous step. > > >> > > >> However, when I try to generate a tar using git archive --format=tar > > >> --prefix=apache-sentry-1.3.0-incubating-src/ HEAD | gzip > > > >> apache-sentry-1.3.0-incubating.tar.gz the resulting sha does not match > > the > > >> sha of the artifact generated by maven. When I unzip the resulting tar > > and > > >> diff it with the tar generated by maven the diff does come back clean. > > >> Does anyone have any thoughts on what I might be doing wrong here? > > >> > > >> > > > I verified that the sha1 and md5 are different for tar.gz produced by > > > maven versus git archive, although the contents are the same if I untar > > the > > > artifacts(diff -rq). My guess is they compress differently? @Greg, is > > there > > > a reason you used git archive rather than maven package? > > > > > > Ah never mind, checksums will be different for two different tar balls, > > even if they are made from the same source. So we shouldn't really be > > comparing checksums of two different tar balls to make sure their > contents > > match. Although we need to make sure the SHA and MD5 specified in the > > release candidate match with SHA/MD5 of the tar. Does that sound right, > > @Patrick, @Greg? > > > > > > Also, as matter of voting protocol do we need to call a new vote or can > we > > >> continue to leave the existing vote open? > > >> > > >> Thanks, > > >> Karthik > > >> > > >> > > >> > > >> On Fri, Apr 25, 2014 at 10:24 AM, Joe Brockmeier <[email protected]> > > wrote: > > >> > > >> > -----BEGIN PGP SIGNED MESSAGE----- > > >> > Hash: SHA1 > > >> > > > >> > On 04/21/2014 11:33 PM, Patrick Hunt wrote: > > >> > > I think Greg is right. It mostly looks good however there are a > > >> > > number of significant differences between what's in the rc and > > >> > > what's in the tag. Here's the diff output btw the untar'd rc and > > >> > > what's in the tag in git (mostly iml files, but also some > > >> > > directories, e.g. sentry-provider-db). > > >> > > > > >> > > I'm -1 at the moment. > > >> > > > >> > I've been hoping for some feedback from the release manager on these > > >> > questions before proceeding to review the artifacts. Any progress, > > >> > Karthik? > > >> > > > >> > Best, > > >> > > > >> > jzb > > >> > - -- > > >> > Joe Brockmeier > > >> > [email protected] > > >> > Twitter: @jzb > > >> > http://www.dissociatedpress.net/ > > >> > -----BEGIN PGP SIGNATURE----- > > >> > Version: GnuPG v1 > > >> > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > >> > > > >> > iQEcBAEBAgAGBQJTWpppAAoJEKbW5zOgIHzUHfEH/3sSme6MLfTkU76fNJ4YKnFH > > >> > Tlz6GCF+BrXruM+NRn1YtmaypM/briZK+pa9OIiH5kVNJ4w59VXgxQP8RPUnyAcm > > >> > u7ZETekt6ioM8hUX71s/b7GPXceAhA6ZW3nzZSMbntdONsacjRMkwiCJ3Fz5buL8 > > >> > fmfx8ew0Zt7qrOYus0liwHZuE6CoTCu/a1nTTFZBPGpUr8ArsirO6mvcffK4YMX6 > > >> > /p6zAZgoOB1cc9bzQcdaMT79Hg7671HVsArY2I8XeG+g6kSPVYCsonDL/Kw1VHZw > > >> > i41BulVIj/NU0HmPGRn65HIwdQHqbrakGjbVl9z9lCkyQ1QDtcVvUIj5B6iuabk= > > >> > =nA9Z > > >> > -----END PGP SIGNATURE----- > > >> > > > >> > > >> > > >> > > >> -- > > >> Karthik Ramachandran > > >> Mobile: 412-606-8981 > > >> > > > > > > > > > > > > -- > > > Sravya Tirukkovalur > > > > > > > > > > > -- > > Sravya Tirukkovalur > > > -- Sravya Tirukkovalur
