On Sunday, November 18, 2012 4:46:51 PM UTC-5, Sean Corfield wrote:
>
> On Sun, Nov 18, 2012 at 5:56 AM, Phil Hagelberg
> > wrote:
>
>> If you don't have a key yet, generate one with `gpg --gen-key`. The
>> default settings are pretty good, though I'd recommend making it expire
>> in a year or two
> Sorry for the inconvenience.
>
No problem at all Phil. You're doing us all a huge service with all your
work on this; teething issues are to be expected. Just wanted to suggest
library authors proceed cautiously for now to avoid unknowingly
breaking dependents in the wild.
--
You receive
Peter Taoussanis writes:
> I'd caution anyone against trying to redeploy their libraries right
> now since there seems to be some serious unresolved issues. I just
> tried a redeploy myself and am also getting the
> "ReasonPhrase:Forbidden" error.
Sorry about this. We've tracked it down to concu
Wes Freeman writes:
> Can you give some example syntax for :repositories and ":sign-releases
> false" specifically for clojars? I was hoping to test deploy without
> signing and then try again with signing, to see if that fixes my
> project.
Sure; it would just be something like this:
:repo
Ok, if you do a signed deploy, you can scp the pom and jar over to get it
working, directly after.
Like:
scp pom.xml target/clojurithms-0.1.0.jar cloj...@clojars.org:
/repo/clojurithms/clojurithms/0.1.0/
On Tue, Nov 20, 2012 at 7:10 PM, Wes Freeman wrote:
> On Monday, November 19, 2012 12:53:32
On Monday, November 19, 2012 12:53:32 PM UTC-5, Phil Hagelberg wrote:
>
> If you turn off :sign-releases inside your :repositories entry when
> deploying libraries everything will work for you as before. But your
> libraries won't qualify for the Releases repo in this case. So once your
> users
+1 on the checksum validation error and ReasonPhrase:Forbidden on the pom.
Using leiningen preview10. I updated my version number to not have
SNAPSHOT, so maybe that's why it's not working, compared to Sean's?
Regardless of the current bug, thanks for working on this functionality,
Phil (and whoev
BTW for those of you running into the ReasonPhrase:Forbidden error, it
seems as if the old lein-clojars can be used to restore a repo to a working
(unsigned) state.
--
You received this message because you are subscribed to the Google
Groups "Clojure" group.
To post to this group, send email to
I removed congomongo completely from my local repo and lein repl seemed to
pull it back down with no problems. Tested it on two machines. So it seems
the repo on Clojars is OK for me - except that I can't redeploy the POM?
On Tue, Nov 20, 2012 at 12:22 AM, Peter Taoussanis wrote:
> I'd caution a
I'd caution anyone against trying to redeploy their libraries right now
since there seems to be some serious unresolved issues. I just tried a
redeploy myself and am also getting the "ReasonPhrase:Forbidden" error.
Unfortunately this seems to leave the repo in a bad state, since dependency
pull
On Mon, Nov 19, 2012 at 10:32 PM, Phil Hagelberg wrote:
> Someone who writes software for a living
> without understanding how to securely share secrets over email *and is
> perfectly happy with that fact* is doing something wrong.
Thanx for that clarification :)
> That's actually illegal to
Sean Corfield writes:
> Are you saying that all those people who don't have gpg or similar
> installed are unprofessional? It seems that such a statement would
> insult a very large number of software developers.
It's one thing to not have gotten around to learning something; it's
another thing
FWIW, after setting up a public key etc and using lein deploy clojars to
push congomongo 0.3.3 (successfully with one key), I am also getting the
error about transferring the POM:
Sending congomongo/congomongo/0.3.3/congomongo-0.3.3.pom.asc (1k)
to https://clojars.org/repo/
Sending congomongo/
On Mon, Nov 19, 2012 at 2:28 PM, Phil Hagelberg wrote:
> Yeah, we intended to use that originally, but Bouncy Castle's PGP
> support is awful beyond words. It's effectively undocumented, and the
> classes it exposes really only make sense if you have the OpenPGP RFC
> memorized.
>
Ugh! :( And th
Nurullah Akkaya writes:
> Is there a particular reason for not using Bouncy Castle[1]. Instead
> of forcing users to install gpg lein can generate and/or upload the
> key.
Yeah, we intended to use that originally, but Bouncy Castle's PGP
support is awful beyond words. It's effectively undocument
Is there a particular reason for not using Bouncy Castle[1]. Instead of
forcing users to install gpg lein can generate and/or upload the key.
[1] http://www.bouncycastle.org/
--
Nurullah Akkaya
http://nakkaya.com
On Mon, Nov 19, 2012 at 10:08 PM, Lee Hinman wrote:
>
> Jeff Heon writes:
>
> > A
I now have the same problem as Jim (with
https://clojars.org/strucjure/versions/0.3.2). I do have a gpg key set up
and previous deploys claimed to be signing (although they are list as
unsigned now).
What was the fix in this case?
On Sunday, 18 November 2012 11:27:36 UTC-5, Nelson Morris wrot
Jeff Heon writes:
> As a starting point, the gpg website features native installers for both
> Windows and Mac OS.
>
> http://www.gnupg.org
And for OSX:
https://www.gpgtools.org/
; Lee
--
You received this message because you are subscribed to the Google
Groups "Clojure" group.
To post to t
On Mon, Nov 19, 2012 at 9:51 AM, Phil Hagelberg wrote:
> Perhaps it would be helpful if you could explain in more detail what it
> is about the provided explanation that you found confusing?
>
In the first step you use an actual example, then switch to $KEY_ID without
explanation, instead of aga
As a starting point, the gpg website features native installers for both
Windows and Mac OS.
http://www.gnupg.org
--
You received this message because you are subscribed to the Google
Groups "Clojure" group.
To post to this group, send email to clojure@googlegroups.com
Note that posts from new
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Sean Corfield writes:
> Then you can show it with `gpg --export -a $KEY_ID`.
>
>
> $KEY_ID? (again, as I noted at the conj, without good documentation on
> the Leiningen site for this, folks won't necessarily know what this is
> or why they
On Sun, Nov 18, 2012 at 5:56 AM, Phil Hagelberg wrote:
> If you don't have a key yet, generate one with `gpg --gen-key`. The
> default settings are pretty good, though I'd recommend making it expire
> in a year or two. Next find your key ID. It's the 8-character part after
> the slash on the line
Yeah, i had checked the releases not expected the "classic" repo to
loose it. Fixed manually.
On Sun, Nov 18, 2012 at 10:20 AM, Jim - FooBar(); wrote:
> On 18/11/12 15:14, Nelson Morris wrote:
>>
>> enclog 0.5.8 appears in the releases repo, so everything is ok.
>
>
> No, unfortunately everythin
On 18/11/12 15:14, Nelson Morris wrote:
enclog 0.5.8 appears in the releases repo, so everything is ok.
No, unfortunately everything is not ok...fetching the jar from a project
results in:
Could not transfer artifact enclog:enclog:pom:0.5.8 from/to clojars
(https://clojars.org/repo/): Check
Yes that's obviously important because now I can't fetch the jar! Doing
lein2 repl in a project that depends on that jar gives me:
Could not transfer artifact enclog:enclog:pom:0.5.8 from/to clojars
(https://clojars.org/repo/): Checksum validation failed, no checksums
available from the repos
The "Invalid anti-forgery token" message is a unfortunate side effect
of interaction with sessions and restarting the server. It should
disappear if the profile page is refreshed.
enclog 0.5.8 appears in the releases repo, so everything is ok. I
have a theory as to why that message occurred and
Ok I managed to push my jar successfully, but i got this at the end:
Could not transfer artifact enclog:enclog:pom:0.5.8 from/to clojars
(https://clojars.org/repo/): Access denied to:
https://clojars.org/repo/enclog/enclog/0.5.8/enclog-0.5.8.pom,
ReasonPhrase:Forbidden.
Failed to deploy artifa
On 18/11/12 14:39, Nelson Morris wrote:
The previous one was a bit
strict on the whitespace
I just pasted the same with no wxtra white-space and now I'm getting
Invalid anti-forgery token
my god what is happening?
Jim
--
You received this message because you are subscribed to the Google
I've just deployed a new clojars version. The previous one was a bit
strict on the whitespace (thanks Lee Hinman).
Make sure to include both the "-BEGIN PGP PUBLIC KEY BLOCK-"
and "-END PGP PUBLIC KEY BLOCK-".
-
Nelson Morris
On Sun, Nov 18, 2012 at 8:21 AM, Jim - FooBar(); wro
Followed the instructions below exactly but clojars says 'Invalid PGP
public key'...
any clues?
Jim
On 18/11/12 13:56, Phil Hagelberg wrote:
If you don't have a key yet, generate one with `gpg --gen-key`. The
default settings are pretty good, though I'd recommend making it expire
in a year or
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello folks.
I'm happy to announce that the new Clojars releases repository is open
for business.
With the releases repository we are aiming for a middle ground in
between the anything-goes nature of the current repository and the
bureaucracy of the
31 matches
Mail list logo
