Re: New releases
niedz., 23 wrz 2018 o 15:48 Yasser Zamani napisał(a): > After a lot of tries, I circled to you :) and should change my -1 to +1. I > had thought we should upload checksums for all artifacts but found out it's > only needed for artifacts uploaded to dist. > > So your current closed staging repo for 2.5.18 looks good to me. I also just > compiled 2.3.36, closed its staging repo and uploaded assemblies to dist > including new checksums generated locally by maven during deployment. > > Then we may automate this by using checksum-maven-plugin inside assembly > module but we have to wait for resolution of [1]. Cool, I will announce the test build then :) Regards -- Łukasz + 48 606 323 122 http://www.lenart.org.pl/ - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
RE: New releases
>-Original Message- >From: Lukasz Lenart >Sent: Wednesday, September 19, 2018 4:12 PM >To: Struts Developers List >Subject: Re: New releases > >śr., 19 wrz 2018 o 12:08 Yasser Zamani napisał(a): >> -1 as I think this will be error prone and hard to do as a manual >> procedure (ASF says "For every artifact distributed to the public >> through Apache channels" [1] i.e. not only assemblies but also all >> artifacts). I would automate it; as maven seems already is able to >> generate and deploy SHA256/512 sums (with checksum-maven-plugin's >> -DattachChecksums=true). These are what are up to us and Nexus issue >> then is not, I think. > >The cases is that we expose all the zip files on our download page and those >zip >files must have associated sha256/512 signatures. The release plugin doesn't do >this nor Nexus (it generates sha1 files) - we can ask INFRA to change this but >I >assume it is not possible with current version of Nexus. > >So the only solution right now is to generate the missing signatures when we >moving assemblies from Nexus to staging repo. And I don't think this is an >error >prone procedure as we can always re-generate the signatures having the original >files exposed for download. > >https://struts.apache.org/download.cgi#struts2517 > After a lot of tries, I circled to you :) and should change my -1 to +1. I had thought we should upload checksums for all artifacts but found out it's only needed for artifacts uploaded to dist. So your current closed staging repo for 2.5.18 looks good to me. I also just compiled 2.3.36, closed its staging repo and uploaded assemblies to dist including new checksums generated locally by maven during deployment. Then we may automate this by using checksum-maven-plugin inside assembly module but we have to wait for resolution of [1]. Regards. [1] https://github.com/nicoulaj/checksum-maven-plugin/issues/62#issuecomment-423740418 - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
Re: New releases
śr., 19 wrz 2018 o 12:08 Yasser Zamani napisał(a): > -1 as I think this will be error prone and hard to do as a manual > procedure (ASF says "For every artifact distributed to the public > through Apache channels" [1] i.e. not only assemblies but also all > artifacts). I would automate it; as maven seems already is able to > generate and deploy SHA256/512 sums (with checksum-maven-plugin's > -DattachChecksums=true). These are what are up to us and Nexus issue > then is not, I think. The cases is that we expose all the zip files on our download page and those zip files must have associated sha256/512 signatures. The release plugin doesn't do this nor Nexus (it generates sha1 files) - we can ask INFRA to change this but I assume it is not possible with current version of Nexus. So the only solution right now is to generate the missing signatures when we moving assemblies from Nexus to staging repo. And I don't think this is an error prone procedure as we can always re-generate the signatures having the original files exposed for download. https://struts.apache.org/download.cgi#struts2517 Regards -- Łukasz + 48 606 323 122 http://www.lenart.org.pl/ - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
Re: New releases
On 9/19/2018 8:23 AM, Lukasz Lenart wrote: > Yeah... the sums in Nexus are generated by Nexus, there is an issue > about generating sums in Nexus 3 - looks like it's a matter of policy > defined in Nexus what kind of sums to generate. I would not batter > with this. Anyway, we must provide SHA256/512 sums and we can do it > once we download the artifacts from Nexus and post them to an Apache > staging repo. At that point we have all the artifacts locally so we > can generate proper sums and push them to the repo. > > It's a matter of extending this script > https://cwiki.apache.org/confluence/display/WW/Building+Struts+2+-+Normal+release#BuildingStruts2-Normalrelease-Movetheassemblies -1 as I think this will be error prone and hard to do as a manual procedure (ASF says "For every artifact distributed to the public through Apache channels" [1] i.e. not only assemblies but also all artifacts). I would automate it; as maven seems already is able to generate and deploy SHA256/512 sums (with checksum-maven-plugin's -DattachChecksums=true). These are what are up to us and Nexus issue then is not, I think. Regards. [1] http://www.apache.org/dev/release-distribution#sigs-and-sums - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
Re: New releases
wt., 18 wrz 2018 o 23:43 Yasser Zamani napisał(a): > > > > On 9/17/2018 3:01 PM, Yasser Zamani wrote: > > Oh by the way, wait; I remember this from ASF: > > > > New policy : > > > > -- SHOULD supply a SHA-256 and/or SHA-512 checksum file > > -- SHOULD NOT supply MD5 or SHA-1 checksum files > > > > Which I think it means we must push some changes (e.g. maven options I > > guess) for release management into 2.3.x, 2.5.x and master branches before > > starting the release process. Right? > > > Even with a lot of tries I couldn't make it work with 2.3.36 to deploy > only SHA-256 and/or SHA-512 and not deploy MD5 or SHA-1 :( Currently > with -DattachChecksums=true it generates SHA-256 and SHA-512 but only > for root artifacts i.e. struts2-core-2.3.36.sha512 rather than > struts2-core-2.3.36.jar.sha512 [1] so according to [2] it seems I have > to upgrade 2.3.x also to use struts-master 12 but there are several worries: > > 1) 2.5.18 also doesn't have SHA-256 and/or SHA-512 and does have md5 and > SHA-1 [3] (while it uses struts-master 12 (apache 21)). > 2) Upgrading 2.3.x to use struts-master 12 may break the possibility of > building it with jdk6 (I should check) so maybe I will have to just copy > changes from [2] to 2.3.x. > 3) With -DcreateChecksum=false install plugin stops generating md5 and > SHA-1 files but I still see them in nexus and don't know who has > generated them (they aren't in local .m2, nor target and nor maven > release log). Yeah... the sums in Nexus are generated by Nexus, there is an issue about generating sums in Nexus 3 - looks like it's a matter of policy defined in Nexus what kind of sums to generate. I would not batter with this. Anyway, we must provide SHA256/512 sums and we can do it once we download the artifacts from Nexus and post them to an Apache staging repo. At that point we have all the artifacts locally so we can generate proper sums and push them to the repo. It's a matter of extending this script https://cwiki.apache.org/confluence/display/WW/Building+Struts+2+-+Normal+release#BuildingStruts2-Normalrelease-Movetheassemblies Regards -- Łukasz + 48 606 323 122 http://www.lenart.org.pl/ - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
Re: New releases
On 9/17/2018 3:01 PM, Yasser Zamani wrote: > Oh by the way, wait; I remember this from ASF: > > New policy : > > -- SHOULD supply a SHA-256 and/or SHA-512 checksum file > -- SHOULD NOT supply MD5 or SHA-1 checksum files > > Which I think it means we must push some changes (e.g. maven options I guess) > for release management into 2.3.x, 2.5.x and master branches before starting > the release process. Right? Even with a lot of tries I couldn't make it work with 2.3.36 to deploy only SHA-256 and/or SHA-512 and not deploy MD5 or SHA-1 :( Currently with -DattachChecksums=true it generates SHA-256 and SHA-512 but only for root artifacts i.e. struts2-core-2.3.36.sha512 rather than struts2-core-2.3.36.jar.sha512 [1] so according to [2] it seems I have to upgrade 2.3.x also to use struts-master 12 but there are several worries: 1) 2.5.18 also doesn't have SHA-256 and/or SHA-512 and does have md5 and SHA-1 [3] (while it uses struts-master 12 (apache 21)). 2) Upgrading 2.3.x to use struts-master 12 may break the possibility of building it with jdk6 (I should check) so maybe I will have to just copy changes from [2] to 2.3.x. 3) With -DcreateChecksum=false install plugin stops generating md5 and SHA-1 files but I still see them in nexus and don't know who has generated them (they aren't in local .m2, nor target and nor maven release log). Regards. [1] https://repository.apache.org/service/local/repositories/orgapachestruts-1086/content/org/apache/struts/struts2-core/2.3.36/struts2-core-2.3.36.sha512 [2] https://gitbox.apache.org/repos/asf?p=maven-apache-parent.git;a=blobdiff;f=pom.xml;hb=apache-21;hpb=apache-20 [3] https://repository.apache.org/service/local/repositories/orgapachestruts-1081/content/org/apache/struts/struts2-assembly/2.5.18/struts2-assembly-2.5.18-all.zip.md5
Re: New releases
I have also noticed that we used a wrong profile in out struts-master, it must be "apache-release" instead of "release". Quick fix is to add "-Papache-release" when performing the release. Regards -- Łukasz + 48 606 323 122 http://www.lenart.org.pl/ wt., 18 wrz 2018 o 08:22 Lukasz Lenart napisał(a): > > Few things to remember: > - use 'export JAVA_OPTS="-Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2"' > - wget must be upgrade to version above 1.14 (the below version > doesn't support TLS v1.2) > - we are running our webpage over https now, so all urls in > "docs-urls.txt" in the assembly module must have https defined instead > of http > > > Regards > -- > Łukasz > + 48 606 323 122 http://www.lenart.org.pl/ > > pon., 17 wrz 2018 o 12:31 Yasser Zamani napisał(a): > > > > Oh by the way, wait; I remember this from ASF: > > > > New policy : > > > > -- SHOULD supply a SHA-256 and/or SHA-512 checksum file > > -- SHOULD NOT supply MD5 or SHA-1 checksum files > > > > Which I think it means we must push some changes (e.g. maven options I > > guess) for release management into 2.3.x, 2.5.x and master branches before > > starting the release process. Right? > > > > Regards. > > > > >-Original Message- > > >From: Yasser Zamani On Behalf Of Yasser Zamani > > >Sent: Monday, September 17, 2018 2:47 PM > > >To: Struts Developers List > > >Subject: RE: New releases > > > > > >>From: Lukasz Lenart > > >>Sent: Monday, September 17, 2018 2:25 PM > > >>To: Struts Developers List > > >>Subject: Re: New releases > > >> > > >>Cool, I can prepare a new release for 2.5.x branch and Yasser could you > > >>prepare the same for 2.3.x using your magic JDK6-based machine? :) > > > > > >:) Yes of course. The jalopy is going to fill my workplace with smoke once > > >again :) > > > > > >Regards. > > > > > >- > > >To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional > > >commands, e-mail: dev-h...@struts.apache.org > > - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
Re: New releases
Few things to remember: - use 'export JAVA_OPTS="-Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2"' - wget must be upgrade to version above 1.14 (the below version doesn't support TLS v1.2) - we are running our webpage over https now, so all urls in "docs-urls.txt" in the assembly module must have https defined instead of http Regards -- Łukasz + 48 606 323 122 http://www.lenart.org.pl/ pon., 17 wrz 2018 o 12:31 Yasser Zamani napisał(a): > > Oh by the way, wait; I remember this from ASF: > > New policy : > > -- SHOULD supply a SHA-256 and/or SHA-512 checksum file > -- SHOULD NOT supply MD5 or SHA-1 checksum files > > Which I think it means we must push some changes (e.g. maven options I guess) > for release management into 2.3.x, 2.5.x and master branches before starting > the release process. Right? > > Regards. > > >-Original Message- > >From: Yasser Zamani On Behalf Of Yasser Zamani > >Sent: Monday, September 17, 2018 2:47 PM > >To: Struts Developers List > >Subject: RE: New releases > > > >>From: Lukasz Lenart > >>Sent: Monday, September 17, 2018 2:25 PM > >>To: Struts Developers List > >>Subject: Re: New releases > >> > >>Cool, I can prepare a new release for 2.5.x branch and Yasser could you > >>prepare the same for 2.3.x using your magic JDK6-based machine? :) > > > >:) Yes of course. The jalopy is going to fill my workplace with smoke once > >again :) > > > >Regards. > > > >- > >To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional > >commands, e-mail: dev-h...@struts.apache.org > - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
RE: New releases
Oh by the way, wait; I remember this from ASF: New policy : -- SHOULD supply a SHA-256 and/or SHA-512 checksum file -- SHOULD NOT supply MD5 or SHA-1 checksum files Which I think it means we must push some changes (e.g. maven options I guess) for release management into 2.3.x, 2.5.x and master branches before starting the release process. Right? Regards. >-Original Message- >From: Yasser Zamani On Behalf Of Yasser Zamani >Sent: Monday, September 17, 2018 2:47 PM >To: Struts Developers List >Subject: RE: New releases > >>From: Lukasz Lenart >>Sent: Monday, September 17, 2018 2:25 PM >>To: Struts Developers List >>Subject: Re: New releases >> >>Cool, I can prepare a new release for 2.5.x branch and Yasser could you >>prepare the same for 2.3.x using your magic JDK6-based machine? :) > >:) Yes of course. The jalopy is going to fill my workplace with smoke once >again :) > >Regards. > >- >To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional >commands, e-mail: dev-h...@struts.apache.org
RE: New releases
>From: Lukasz Lenart >Sent: Monday, September 17, 2018 2:25 PM >To: Struts Developers List >Subject: Re: New releases > >Cool, I can prepare a new release for 2.5.x branch and Yasser could you prepare >the same for 2.3.x using your magic JDK6-based machine? :) :) Yes of course. The jalopy is going to fill my workplace with smoke once again :) Regards. - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
Re: New releases
Cool, I can prepare a new release for 2.5.x branch and Yasser could you prepare the same for 2.3.x using your magic JDK6-based machine? :) Regards -- Łukasz + 48 606 323 122 http://www.lenart.org.pl/ pon., 17 wrz 2018 o 08:17 Yasser Zamani napisał(a): > > > > >From: Lukasz Lenart > >Sent: Monday, September 17, 2018 10:37 AM > >To: Struts Developers List > >Subject: New releases > > > >Hi, > > > >I think we are ready to release two new releases, 2.3.36 and 2.5.18: > >- 2.3.36 is going to fix an issue with using ArrayList (backed up by > >XWorkList) and some backward compatibility issues in this manner > >- 2.5.18 is going to do the same plus fixing an issue with temporary files > > > >Any objections? Or should we fix something else? > > No. I also agree. Thanks a lot! > > Regards. - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
RE: New releases
>From: Lukasz Lenart >Sent: Monday, September 17, 2018 10:37 AM >To: Struts Developers List >Subject: New releases > >Hi, > >I think we are ready to release two new releases, 2.3.36 and 2.5.18: >- 2.3.36 is going to fix an issue with using ArrayList (backed up by >XWorkList) and some backward compatibility issues in this manner >- 2.5.18 is going to do the same plus fixing an issue with temporary files > >Any objections? Or should we fix something else? No. I also agree. Thanks a lot! Regards.
Re: New releases
No further issues discovered here. Good to go. Thanks for your sustaining and continuing work! Markus Am 17.09.2018 um 08:06 schrieb Lukasz Lenart: > Hi, > > I think we are ready to release two new releases, 2.3.36 and 2.5.18: > - 2.3.36 is going to fix an issue with using ArrayList (backed up by > XWorkList) and some backward compatibility issues in this manner > - 2.5.18 is going to do the same plus fixing an issue with temporary files > > Any objections? Or should we fix something else? > > > Regards > - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
New releases
Hi, I think we are ready to release two new releases, 2.3.36 and 2.5.18: - 2.3.36 is going to fix an issue with using ArrayList (backed up by XWorkList) and some backward compatibility issues in this manner - 2.5.18 is going to do the same plus fixing an issue with temporary files Any objections? Or should we fix something else? Regards -- Łukasz + 48 606 323 122 http://www.lenart.org.pl/ - To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org