Any further progress toward a release for 1.8.2? I understand the main holdup has been some change in the checksum format.
I'm hopeful that another bug fix that was included in AMQPNetLite 2.4.3, might explain and resolve the stall I observed during failover as reported in AMQNET-656 - see https://github.com/Azure/amqpnetlite/issues/460. I made a note on PR #59 accordingly. Bruce On Tue, Jul 13, 2021 at 10:07 AM Robbie Gemmell <[email protected]> wrote: > Well there you go. Those instructions seem to be linked to now instead > of previous content which were not on infra.apache.org but elsewhere, > although they are themselves clearly still not that up to date given > the references to MD5 in the wider leadup section, with GPG being the > third suggestion there on how to generate a checksum. > > I dont see any instructions on suggesting how you are meant to verify > the .sha512 output from GPG, so I guess perhaps I'd also use GPG to > create another similar file (after knowing thats what created it; I > expect many might not) and then diff the two. Or just eyeball the > output of some other tool, which is again quite annoying due to the > format. The new approach is easier to eyeball compare, though still > different enough to be annoying. Not a patch on the typical format. > > There have been many ways to get the various shaXsum programs on > Windows too over the years such as cygwin, git bash, etc, whereas > today I would imagine actually just using the Linux version via WSL is > likely the simplest option for many. Though I'm not suggesting you > actually need to do any of those. Just having the checksum file in a > similar format that people can more easily verify. (Though you could > always do something like spin up a GHA etc build and have it grab and > verify the existing files and create a replacement output, then > manually verify that by comparison the same way an actual user might > need to with just the ugly one). > > Ultimately it is a sha512 checksum, its just one thats a less typical > format and so more difficult to use for its intended purpose. Maybe > thats why many might seem to have not bothered. > > Robbie > > On Tue, 13 Jul 2021 at 16:06, Havret <[email protected]> wrote: > > > > Hi Robbie, > > > > Thanks for the hint regarding this "rat" thingy. I'll give it a try. > > > > Regarding sha, I've always been following this instruction --> > > https://infra.apache.org/release-signing.html to generate sha for my > > releases. This command to be precise: > > $ gpg --print-md SHA512 [fileName] > [fileName].sha512 > > I'm guessing that sha512sum is some Linux based tool that you're guys > > using. Unfortunately it is not available on Windows. :( > > > > KP > > > > > > On Tue, Jul 13, 2021 at 3:15 PM Robbie Gemmell <[email protected] > > > > wrote: > > > > > See https://creadur.apache.org/rat/ for licence check tooling. > > > > > > I noted the checksum format wasn't typical one as I've never seen it > > > used in a release before. The checkum being split into subsections and > > > formatted in an uppercase multi line grid, and so doesnt work with e.g > > > sha512sum, and also isnt so easily verified by eye either as a result. > > > It sounds from your new description like you generated it with gpg > > > originally, which is typically only used for the signatures. Perhaps > > > gpg is able to verify the checksum files directly too, but I've also > > > not seen instructions suggesting that before and so still wouldnt > > > currently know how to do that without having a dig. > > > > > > The 'typical formats' I referred to previously are either the related > > > filename and its basic checksum formatted on a line as e.g generated > > > by sha512sum etc and easily verified by the same, or simply the basic > > > checksum alone which can at least be eyeballed against a similar value > > > generated by most things (though again, quite awkward with the gpg > > > grid format one). > > > > > > Robbie > > > > > > On Tue, 13 Jul 2021 at 12:06, Havret <[email protected]> wrote: > > > > > > > > Hi Tim, > > > > > > > > I used the official recommended tooling to generate SHA the first > time, > > > but > > > > Robbie compiled that the format was wrong. I don't know what else I > can > > > do. > > > > > > > > Regarding the missing headers, do you have any tooling (or script) > that > > > > could help me with scanning the files beforehand, so I don't have to > > > > manually go through every single file? Maybe this kind of check > should be > > > > included in the CI pipeline? > > > > > > > > Thanks, > > > > KP > > > > > > > > On Thu, Jul 8, 2021 at 5:30 PM Timothy Bish <[email protected]> > wrote: > > > > > > > > > On 6/27/21 4:49 PM, Havret wrote: > > > > > > Hi, > > > > > > > > > > > > This is the second run for activemq-nms-amqp 1.8.2. > > > > > > > > > > > > I've added the missing headers, updated the license files, and > > > generated > > > > > > SHA512 using powershell not gpg, so it should be more in line > with > > > what > > > > > you > > > > > > guys are used to. > > > > > > > > > > > > The files can be grabbed from: > > > > > > > > > > > > > > > https://dist.apache.org/repos/dist/dev/activemq/activemq-nms-amqp/1.8.2-rc2/ > > > > > > > > > > > > Please check it and vote accordingly. > > > > > > > > > > > > Regards, > > > > > > KP > > > > > > > > > > > +0 > > > > > > > > > > There still appear to be some missing license headers in test code > > > such as: > > > > > > > > > > ./test/Apache-NMS-AMQP-Interop-Test/NmsSessionTest.cs > > > > > > > > > > And I cannot get the sha files to validate using standard tooling > > > > > without hand editing the files as they don't see to follow normal > file > > > > > formatting that's expected by the tooling as documented on the > Apache > > > > > release validation guidelines. > > > > > > > > > > -- > > > > > Tim Bish > > > > > > > > > > > > > >
