Publishing sling debian releases via bintray, PMC approval?

Mon, 20 Apr 2015 08:25:41 -0700 

In an effort to get the debian packages built from contrib pushed into the 
publicly visible releases I've been looking into what other apache projects are 
doing in this respect.
The accepted solution appears to be bintray.org [1]
This began from research into getting the debian package published as part of 
normal release cycles [2]. Some nexus repos allow .deb artifacts, the apache 
one does not and I was referred to bintray.org as the preferred option.

Note that this solution is not limited to debian artifacts and could be used 
for any distributable artifacts.

This is at a point now that it requires signoff from a PMC member as it 
requires the sling signing keys. Specifically (from [1]):

If you want to publish a Debian repository, what I'd recommend is something 
like the Cassandra team did - build a repository locally using reprepro or 
other such tools, signing the repo/packages with your signing keys, and then 
uploading the resulting repository to the generic repository I'll create for 
you. The reasoning here is that Bintray is a bit weak on signing - it can't 
sign RPM repos at all, and it signs Debian repositories on the server side, so 
you have to upload your signing key (or pass it over the wire in an API call).

WRT the debian specifics, this also requires that the jdeb maven plugin that's 
building the .deb also be configured to sign the package. Docs here [3] for 
adding this to settings.xml:
  <settings>
    <profiles>
      <profile>
        <id>jdeb-signing</id>
        <properties>
          <jdeb.keyring>/home/user/.gnupg/secring.gpg</jdeb.keyring>
          <jdeb.key>8306FE21</jdeb.key>
          <jdeb.passphrase>abcdef</jdeb.passphrase>
        </properties>
      </profile>
    </profiles>
    <activeProfiles>
      <activeProfile>jdeb-signing</activeProfile>
    </activeProfiles>
  </settings>

That and "signPackage=true" needs to be added to the 
contrib/launchpad/debian/pom.xml jdeb config.

-Bruce

[1] https://issues.apache.org/jira/browse/INFRA-9419
[2] 
http://apache-sling.73963.n3.nabble.com/build-version-numbering-in-sling-jenkins-build-and-debian-package-version-number-tc4049048.html#none
[3] https://github.com/tcurdt/jdeb/blob/master/docs/maven.md

Reply via email to