Hi Robbie, Thanks for the hint regarding this "rat" thingy. I'll give it a try.
Regarding sha, I've always been following this instruction --> https://infra.apache.org/release-signing.html to generate sha for my releases. This command to be precise: $ gpg --print-md SHA512 [fileName] > [fileName].sha512 I'm guessing that sha512sum is some Linux based tool that you're guys using. Unfortunately it is not available on Windows. :( KP On Tue, Jul 13, 2021 at 3:15 PM Robbie Gemmell <[email protected]> wrote: > See https://creadur.apache.org/rat/ for licence check tooling. > > I noted the checksum format wasn't typical one as I've never seen it > used in a release before. The checkum being split into subsections and > formatted in an uppercase multi line grid, and so doesnt work with e.g > sha512sum, and also isnt so easily verified by eye either as a result. > It sounds from your new description like you generated it with gpg > originally, which is typically only used for the signatures. Perhaps > gpg is able to verify the checksum files directly too, but I've also > not seen instructions suggesting that before and so still wouldnt > currently know how to do that without having a dig. > > The 'typical formats' I referred to previously are either the related > filename and its basic checksum formatted on a line as e.g generated > by sha512sum etc and easily verified by the same, or simply the basic > checksum alone which can at least be eyeballed against a similar value > generated by most things (though again, quite awkward with the gpg > grid format one). > > Robbie > > On Tue, 13 Jul 2021 at 12:06, Havret <[email protected]> wrote: > > > > Hi Tim, > > > > I used the official recommended tooling to generate SHA the first time, > but > > Robbie compiled that the format was wrong. I don't know what else I can > do. > > > > Regarding the missing headers, do you have any tooling (or script) that > > could help me with scanning the files beforehand, so I don't have to > > manually go through every single file? Maybe this kind of check should be > > included in the CI pipeline? > > > > Thanks, > > KP > > > > On Thu, Jul 8, 2021 at 5:30 PM Timothy Bish <[email protected]> wrote: > > > > > On 6/27/21 4:49 PM, Havret wrote: > > > > Hi, > > > > > > > > This is the second run for activemq-nms-amqp 1.8.2. > > > > > > > > I've added the missing headers, updated the license files, and > generated > > > > SHA512 using powershell not gpg, so it should be more in line with > what > > > you > > > > guys are used to. > > > > > > > > The files can be grabbed from: > > > > > > > > https://dist.apache.org/repos/dist/dev/activemq/activemq-nms-amqp/1.8.2-rc2/ > > > > > > > > Please check it and vote accordingly. > > > > > > > > Regards, > > > > KP > > > > > > > +0 > > > > > > There still appear to be some missing license headers in test code > such as: > > > > > > ./test/Apache-NMS-AMQP-Interop-Test/NmsSessionTest.cs > > > > > > And I cannot get the sha files to validate using standard tooling > > > without hand editing the files as they don't see to follow normal file > > > formatting that's expected by the tooling as documented on the Apache > > > release validation guidelines. > > > > > > -- > > > Tim Bish > > > > > > >
