What I saw is some of those staged artifacts were missing signatures.
Nexus works correctly, it only complained the missing ones, not all.
On Wed, Jan 13, 2010 at 2:32 PM, Stephen Connolly
stephen.alan.conno...@gmail.com wrote:
2010/1/13 Brian Fox bri...@infinity.nu:
We should definitely fix
For some reason the site descriptor does not get a signature generated
by the gpg plugin.
As r.a.o now requires all artifacts to be signed, it would appear to
be impossible to close a staged repository.
Or do other people have information to the contrary?
-Stephen
I've raised http://jira.codehaus.org/browse/MGPG-19 to track the root cause.
A temporary work around would be to disable GPG validation on r.a.o
-Stephen
P.S.
I'm blocked from releasing Surefire 2.5 due to this issue
2010/1/12 Stephen Connolly stephen.alan.conno...@gmail.com:
For some reason
Why does the site descriptor need to be released as part of the plugin? Why
not release surefire without it?
It's definitely a bug, but I'm failing to see why it's a blocker for now.
Dan
On Tue January 12 2010 11:56:28 am Stephen Connolly wrote:
I've raised
The site stuff needs to be completely decoupled from releases. It such a
horrible coupling and causes nothing but problems. Release and the
documentation that goes along with it are completely separate.
On 2010-01-12, at 12:08 PM, Daniel Kulp wrote:
Why does the site descriptor need to be
Fair enough, but we cannot make releases as things currently stand
2010/1/12 Jason van Zyl ja...@sonatype.com:
The site stuff needs to be completely decoupled from releases. It such a
horrible coupling and causes nothing but problems. Release and the
documentation that goes along with it are
The root cause seems to be that m-gpg-p does not consider that
project.artifact may have multiple entries (specifically the site
metadata)
We can argue that the site needs to be decoupled from releasing, but
as the site descriptor is one of the artifacts of a project (as
opposed to the site) then
You can use 3.x, I removed the site stuff from the lifecycle :-)
On 2010-01-12, at 12:42 PM, Stephen Connolly wrote:
Fair enough, but we cannot make releases as things currently stand
2010/1/12 Jason van Zyl ja...@sonatype.com:
The site stuff needs to be completely decoupled from releases.
Why is the site descriptor being generated for surefire?
The shade release two weeks ago didn't generate a site file:
http://repo1.maven.org/maven2/org/apache/maven/plugins/maven-shade-plugin/1.3/
and neither did the patch plugin:
Then project site generation will be borked (even more than usual)
I've no issues using 3.0-SNAPSHOT
2010/1/12 Jason van Zyl ja...@sonatype.com:
You can use 3.x, I removed the site stuff from the lifecycle :-)
On 2010-01-12, at 12:42 PM, Stephen Connolly wrote:
Fair enough, but we cannot
Look at the POM lifecycle. The site stuff is wedged in there. I removed this in
3.x.
http://svn.apache.org/repos/asf/maven/maven-2/tags/maven-2.2.0/maven-core/src/main/resources/META-INF/plexus/components.xml
On 2010-01-12, at 12:59 PM, Daniel Kulp wrote:
Why is the site descriptor being
Jason van Zyl wrote:
The site stuff needs to be completely decoupled from releases. It such a
horrible coupling and causes nothing but problems. Release and the
documentation that goes along with it are completely separate.
That might be so, but the site descriptor is needed for (site)
On 13/01/2010, at 4:59 AM, Daniel Kulp wrote:
Why is the site descriptor being generated for surefire?
Because it has an inherited site descriptor to share across the subprojects:
http://svn.apache.org/viewvc/maven/surefire/tags/surefire-2.5/src/site/site.xml?view=log
For Stephen to work
On 13/01/2010, at 7:53 AM, Dennis Lundberg wrote:
Jason van Zyl wrote:
The site stuff needs to be completely decoupled from releases. It such a
horrible coupling and causes nothing but problems. Release and the
documentation that goes along with it are completely separate.
That might be
On Tue, Jan 12, 2010 at 9:43 AM, Stephen Connolly
stephen.alan.conno...@gmail.com wrote:
For some reason the site descriptor does not get a signature generated
by the gpg plugin.
As r.a.o now requires all artifacts to be signed, it would appear to
be impossible to close a staged repository.
On 2010-01-12, at 5:52 PM, Brett Porter wrote:
On 13/01/2010, at 7:53 AM, Dennis Lundberg wrote:
Jason van Zyl wrote:
The site stuff needs to be completely decoupled from releases. It such a
horrible coupling and causes nothing but problems. Release and the
documentation that goes
We should definitely fix this, both in the GPG and in Nexus. Currently
it expects all files to be signed and this is the first one we've come
across that wasn't signed. I'll disable the rule now until it's sorted
out and close the repo for you.
Stephen, what ended up being the fix for the rest of
On 13/01/2010, at 1:23 PM, Jason van Zyl wrote:
On 2010-01-12, at 5:52 PM, Brett Porter wrote:
On 13/01/2010, at 7:53 AM, Dennis Lundberg wrote:
Jason van Zyl wrote:
The site stuff needs to be completely decoupled from releases. It such a
horrible coupling and causes nothing but
2010/1/13 Brian Fox bri...@infinity.nu:
We should definitely fix this, both in the GPG and in Nexus. Currently
it expects all files to be signed and this is the first one we've come
across that wasn't signed. I'll disable the rule now until it's sorted
out and close the repo for you.
19 matches
Mail list logo
