Improve Signing artifacts for deployment, and update also website signing topic
-------------------------------------------------------------------------------
Key: UIMA-818
URL: https://issues.apache.org/jira/browse/UIMA-818
Project: UIMA
Issue Type: Improvement
Components: Build, Packaging and Test
Reporter: Marshall Schor
Priority: Minor
The current page on our website concerning signing,
http://incubator.apache.org/uima/distribution.html, says to use the script in
uimaj-distr / ... / build / signRelease . xxx to sign the release. This runs
gpg and uses that to generate the md5 and sha1 hashes, which are in the wrong
format (per discussion the incubator general mailing list).
Remove this signing script (because signing is now done from maven), and update
our signing page to indicate how signing is now done.
The uimaj-distr / ... /build/extractAndBuild script, if passed the -deploy
switch, will turn on the gpg signing phase; this is configured in the uimaj
pom. This will do a gpg signing of the artifacts for all things that are built
as part of the packaging phase for all "child" poms.
It's unclear how the md5 and sha1 checksums are generated for the deploy to
maven repositories. Inspecting the current repo at
http://people.apache.org/repo/m2-incubating-repository/org/apache/uima/ shows
md5 and sha1 checksums being applied to the gpg signatures, which is incorrect.
Fix / automate this process, to occur as part of the maven lifecycle when
signing is asked for. Make this work also for the Eclipse update site.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
