Re: Release Apache Flex Installer 3.4

Alex, I just pushed changes to the script and was able to generate on windows signed artifacts! Now I can somehow build dmg on Mac. I hope that signing I will be able to do on Windows, cause don't want to go through some configuration for signing there. I'm definitely not a Mac user. Many

Re: Release Apache Flex Installer 3.4

Hi Piotr, In flex-utilities/flex-installer/build.xml, the "release" Ant target should take you through signing. GPG is not used to generate the sha512 checksums, the Ant checksum task is instead and you will have to modify those tasks in build.xml not only with the new algorithm but also the

Re: Release Apache Flex Installer 3.4

Hi Alex, I decided revoke my old key and created new one. I signed releases once, but now I cannot find myself with that. In the Apache resources there suggestion how to configure gpg in order to have SHA-512 [1]. I did it but I'm not sure if I do this archives will be signed appropriately. gpg

Re: Release Apache Flex Installer 3.4

Hi Piotr, I don't see any way to recover your passphrase. The advice I see is to keep trying to remember what it was. Otherwise, the advice says to create a new key and revoke the old one. I could sign this release, but you might as well take the time to either remember the passphrase or

Re: Release Apache Flex Installer 3.4

Unfortunately I did not remeber may passphrase for signing files. I have private key, revoking keys, but don't know how to actually use it to recover it. I did search some way, but cannot find straight instruction. Can someone sign for me that release or pass some help on that ? Thanks, Piotr

Re: Release Apache Flex Installer 3.4

Hi Alex, I think it is a good idea to have 3.3.1 instead 3.4. Thanks, Piotr 2018-04-12 17:16 GMT+02:00 Alex Harui : > Hi Piotr, > > I think I didn't use the right certificate for 3.2 so folks moving to 3.3 > had a problem. As long as you use the right certificates

Re: Release Apache Flex Installer 3.4

Hi Piotr, I think I didn't use the right certificate for 3.2 so folks moving to 3.3 had a problem. As long as you use the right certificates for 3.4 there shouldn't be a problem. It occurs to me that we might want to call this release 3.3.1 instead of 3.4 since it is a single bug fix release,

Re: Release Apache Flex Installer 3.4

Hi Alex, IMO something rings into my head that we have had some problems with sign certificates last time. Do you recall something ? Thanks, Piotr 2018-04-12 10:25 GMT+02:00 Alex Harui : > I would skip last call and cut the RC. But yes, use SHA512 with a .sha512 >

Re: Release Apache Flex Installer 3.4

I would skip last call and cut the RC. But yes, use SHA512 with a .sha512 suffix. My 2 cents, -Alex On 4/12/18, 12:48 AM, "Piotr Zarzycki" wrote: >Hi Guys, > >Since I was able to fix issue with OSMF I would like to prepare release >candidate. Should I go through the

Release Apache Flex Installer 3.4

Hi Guys, Since I was able to fix issue with OSMF I would like to prepare release candidate. Should I go through the LAST CALL ? Can I omit it and just prepare RC1 ? I should also sign sources by SH1 yes ? Thanks, -- Piotr Zarzycki Patreon: *https://www.patreon.com/piotrzarzycki