Alex,
I just pushed changes to the script and was able to generate on windows
signed artifacts! Now I can somehow build dmg on Mac. I hope that signing I
will be able to do on Windows, cause don't want to go through some
configuration for signing there.
I'm definitely not a Mac user.
Many
Hi Piotr,
In flex-utilities/flex-installer/build.xml, the "release" Ant target
should take you through signing. GPG is not used to generate the sha512
checksums, the Ant checksum task is instead and you will have to modify
those tasks in build.xml not only with the new algorithm but also the
Hi Alex,
I decided revoke my old key and created new one. I signed releases once,
but now I cannot find myself with that. In the Apache resources there
suggestion how to configure gpg in order to have SHA-512 [1]. I did it but
I'm not sure if I do this archives will be signed appropriately.
gpg
Hi Piotr,
I don't see any way to recover your passphrase. The advice I see is to
keep trying to remember what it was.
Otherwise, the advice says to create a new key and revoke the old one. I
could sign this release, but you might as well take the time to either
remember the passphrase or
Unfortunately I did not remeber may passphrase for signing files. I have
private key, revoking keys, but don't know how to actually use it to
recover it. I did search some way, but cannot find straight instruction.
Can someone sign for me that release or pass some help on that ?
Thanks,
Piotr
Hi Alex,
I think it is a good idea to have 3.3.1 instead 3.4.
Thanks,
Piotr
2018-04-12 17:16 GMT+02:00 Alex Harui :
> Hi Piotr,
>
> I think I didn't use the right certificate for 3.2 so folks moving to 3.3
> had a problem. As long as you use the right certificates
Hi Piotr,
I think I didn't use the right certificate for 3.2 so folks moving to 3.3
had a problem. As long as you use the right certificates for 3.4 there
shouldn't be a problem.
It occurs to me that we might want to call this release 3.3.1 instead of
3.4 since it is a single bug fix release,
Hi Alex,
IMO something rings into my head that we have had some problems with sign
certificates last time. Do you recall something ?
Thanks,
Piotr
2018-04-12 10:25 GMT+02:00 Alex Harui :
> I would skip last call and cut the RC. But yes, use SHA512 with a .sha512
>
I would skip last call and cut the RC. But yes, use SHA512 with a .sha512
suffix.
My 2 cents,
-Alex
On 4/12/18, 12:48 AM, "Piotr Zarzycki" wrote:
>Hi Guys,
>
>Since I was able to fix issue with OSMF I would like to prepare release
>candidate. Should I go through the
Hi Guys,
Since I was able to fix issue with OSMF I would like to prepare release
candidate. Should I go through the LAST CALL ? Can I omit it and just
prepare RC1 ?
I should also sign sources by SH1 yes ?
Thanks,
--
Piotr Zarzycki
Patreon: *https://www.patreon.com/piotrzarzycki
10 matches
Mail list logo