Hi, This lays out the steps needed to migrate to our new infrastructure with the new SSL certs. It is a short-term plan, but it should be compatible with moving to gradle and signed jars for validation of downloads (instead of sha1 files).
If you find any problem in this plan, please say so — ideally with a suggested fix! If there’s something missing, please do likewise! You can find a live-version of this plan on https://titanpad.com/yKe1kGH902 Basics: The new repo should be compatible with both plain file storage and retrieving and verifying dependencies from maven via gradle. I suggest a maven structure, but we won’t be able to push that to maven central without changing our package to org.freenetproject — which would break all plugins and scripts and pull requests (which I think it’s a no-go¹). Nextgens is preparing an S3 bucket at mvn.freenetproject.org. We’ll start by uploading the binaries there, as https://mvn.freenetproject.org/org/freenetproject/fred/<#>/fred-<#>.jar{,.sha1,.sig} Our package stays freenet. We advertise the build number as version. Tasks: - release a new build to the new and the existing infrastructure: - adjusted paths in updater.sh, updater.cmd, sha1test.jar and fred. - adjusted release scripts to upload fred and plugin release files to the new repo (and create the directories as needed). - adjusted gradle to allow publishing to the new repo (with full maven metadata) - adjust download paths on the website - ... ? paths: https://mvn.freenetproject.org/org/freenetproject/fred/<#>/fred-<#>.jar{,.sha1,.sig} ¹: it took us more than one year to partially recover from the db4o purge. We still have plugins which aren’t adjusted to working without db4o, so I don’t think we’re currently in a position to do large refactoring with side-effects like that. Best wishes, Arne -- Unpolitisch sein heißt politisch sein ohne es zu merken
signature.asc
Description: PGP signature