Saturday, March 31, 2018, 8:13:16 PM, Jacques Le Roux wrote: > Le 31/03/2018 à 19:42, Daniel Dekany a écrit : >> Saturday, March 31, 2018, 5:44:07 PM, Jacques Le Roux wrote: >> >>> +1 (binding) >>> >>> Sha1 and MD5 on freemarker-2.3.28.jar OK. >>> >>> I think we should drop sha1 with md5 and provide sha256 at least. >>> >>> For now it's OK with sha1 as Jacopo's link at [1] says. >> But we don't provide an sha1. It's an sha512. > At > https://repository.apache.org/content/repositories/staging/org/freemarker/freemarker/2.3.28/ > I see only .sha1 suffixes > To check sha in > https://repository.apache.org/content/repositories/staging/org/freemarker/freemarker/2.3.28/freemarker-2.3.28.jar.sha1 > with value > 7200064467a935052f99d114c2c05c3d189bc6d6 > I used this Windows tool: > https://raylin.wordpress.com/downloads/md5-sha-1-checksum-utility > It reports > MD5 Checksum: C5E35D814518DA7B0247D42311B8E296 > SHA-1 Checksum: 7200064467A935052F99D114C2C05C3D189BC6D6 > SHA-256 Checksum: > DE92D103D3A86C2287307218FF50DC1C941DE283F7B9E1FB23E93FC7220838BF > SHA-512 Checksum: > 44435CB2B6BA02ABACDC4A21BEA44A2DC50FAA1B486FC5B2F79097A68F1F98CA24AA835448AC5DEC33A1869EED1B8A32AC285E95FDABBDAFAA810D575951894E > What could be wrong?
We are talking about two different things. The material linked by Jacopo talks about the checksums used on dist.apache.org (like https://dist.apache.org/repos/dist/dev/freemarker/engine/2.3.28/source/), not about the Maven repositories. Also, as far as I see, everybody only has md5 and sha1 in the Maven repositories. It's generated by Maven itself. I guess that isn't supposed to protect against fraud... >> >>> OFBiz trunk HEAD with freemarker-2.3.28 works well (for myself to >>> remember: putting pom+jar in my local maven repo and adding >>> maven { >>> url >>> "https://repository.apache.org/content/repositories/staging/org/freemarker"; >>> } >>> in the main OFBiz build.gradle repositories >> You don't need to add the staged artifact(s) to your local repository >> manually, because you have added the ASF staging repo to the repos. >> Except, your repo URL was wrong, so it did nothing. It should be: >> "https://repository.apache.org/content/repositories/staging/"; > > When I do so I get > C:\projectsASF\ofbiz>gradlew clean ofbiz > FAILURE: Build failed with an exception. > > * Where: > Build file 'C:\projectsASF\ofbiz\build.gradle' line: 1031 > > * What went wrong: > A problem occurred evaluating root project 'ofbiz'. >> Could not resolve all dependencies for configuration ':runtime'. > > Could not find org.freemarker:freemarker:2.3.28. > Searched in the following locations: > https://jcenter.bintray.com/org/freemarker/freemarker/2.3.28/freemarker-2.3.28.pom > https://jcenter.bintray.com/org/freemarker/freemarker/2.3.28/freemarker-2.3.28.jar > file:/C:/Users/Jacques/.m2/repository/org/freemarker/freemarker/2.3.28/freemarker-2.3.28.pom > file:/C:/Users/Jacques/.m2/repository/org/freemarker/freemarker/2.3.28/freemarker-2.3.28.jar > Required by: > project : > > Could not find org.freemarker:freemarker:2.3.28. > Searched in the following locations: > https://jcenter.bintray.com/org/freemarker/freemarker/2.3.28/freemarker-2.3.28.pom > https://jcenter.bintray.com/org/freemarker/freemarker/2.3.28/freemarker-2.3.28.jar > file:/C:/Users/Jacques/.m2/repository/org/freemarker/freemarker/2.3.28/freemarker-2.3.28.pom > file:/C:/Users/Jacques/.m2/repository/org/freemarker/freemarker/2.3.28/freemarker-2.3.28.jar > Required by: > project : > com.googlecode.ez-vcard:ez-vcard:0.9.10 > > * Try: > Run with --stacktrace option to get the stack trace. Run with > --info or --debug option to get more log output. Seems that it did not tried to use a ASF snapshot repo at all. I don't know why, but ideally it should be tested with that. > BUILD FAILED > > Total time: 3.623 secs > > Could be an OFBiz issue rather... > > Jacques > > >> >>> Jacques >>> >>> >>> Le 31/03/2018 à 10:48, Jacopo Cappellato a écrit : >>>> +1 (binding) >>>> >>>> ***verifications performed on apache-freemarker-2.3.28-src.tar.gz: >>>> verified successfully sha512 >>>> verified successfully md5 (however with the new policy updates this >>>> checksum can be removed in future releases, see [1]) >>>> verified successfully the signature >>>> build successful >>>> all unit tests successful >>>> >>>> ***verifications performed on apache-freemarker-gae-2.3.28-src.tar.gz: >>>> verified successfully sha512 >>>> verified successfully md5 (however with the new policy updates this >>>> checksum can be removed in future releases, see [1]) >>>> verified successfully the signature >>>> build successful >>>> all unit tests successful >>>> >>>> ***verifications performed on Maven artifact (freemarker-2.3.28.jar): >>>> tested successfully with Apache OFBiz trunk >>>> >>>> Kind regards, >>>> >>>> Jacopo Cappellato >>>> >>>> [1] http://www.apache.org/dev/release-distribution#sigs-and-sums >>>> >>>> On Sat, Mar 31, 2018 at 12:31 AM, Daniel Dekany <ddek...@apache.org> wrote: >>>> >>>>> Hi all, >>>>> >>>>> Please vote on releasing FreeMarker 2.3.28! Note that as this is not >>>>> an incubating release anymore, if this vote passes, then the product >>>>> will be immediately released (there's no IPMC to review it in a second >>>>> round), so check the release carefully! Also please watch out for any >>>>> mistakes I make because of differences to releasing from outside the >>>>> Incubator for the first time. Thanks! >>>>> >>>>> Note that because there weren't many deep changes since the last >>>>> release, we have no Release Candidate this time. Thus, it's important >>>>> that you don't skip testing this release with your dependant projects. >>>>> >>>>> Release Notes: >>>>> https://freemarker.apache.org/builds/2.3.28-voting/ >>>>> documentation/versions_2_3_28.html >>>>> >>>>> Before proceed, you should know that FreeMarker 2.3.x, for a long >>>>> time, always releases a normal and a "gae" variant on the same time, >>>>> which are technically two independent source trees (Git branches). The >>>>> "gae" variant contains a few small modification in the Java source >>>>> code to be Google App Engine compliant, and has freemarker-gae as the >>>>> Maven artifact name. Otherwise the normal and the "gae" branches are >>>>> identical. Hence they will be voted on together. >>>>> >>>>> The commits to be voted upon are: >>>>> - Normal (non-gae) variant: >>>>> https://git-wip-us.apache.org/repos/asf?p=freemarker.git;a=commit;h= >>>>> 8ee391d10e0256d57a326d83dd487639ccd9659c >>>>> Commit hash: 8ee391d10e0256d57a326d83dd487639ccd9659c >>>>> - "gae" variant: >>>>> https://git-wip-us.apache.org/repos/asf?p=freemarker.git;a=commit;h= >>>>> 8c8fb4c02d63141bd2cee9630cc27a9340d0f94c >>>>> Commit hash: 8c8fb4c02d63141bd2cee9630cc27a9340d0f94c >>>>> >>>>> The artifacts to be voted upon are located here: >>>>> https://dist.apache.org/repos/dist/dev/freemarker/engine/2.3.28/source/ >>>>> where the source release artifacts are: >>>>> - Normal (non-gae) variant: >>>>> apache-freemarker-2.3.28-src.tar.gz >>>>> - "gae" variant: >>>>> apache-freemarker-gae-2.3.28-src.tar.gz >>>>> >>>>> See the README.md inside them for build instructions! >>>>> >>>>> The release artifacts are signed with the following key: >>>>> https://people.apache.org/keys/committer/ddekany.asc >>>>> >>>>> For convenience, we also provide binaries, which also need to be checked: >>>>> https://dist.apache.org/repos/dist/dev/freemarker/engine/2.3.28/binaries/ >>>>> and Maven artifacts in the ASF staging repository: >>>>> https://repository.apache.org/content/repositories/staging/ >>>>> org/freemarker/freemarker/2.3.28/ >>>>> >>>>> Please try out the package and vote! >>>>> >>>>> The vote is open for a minimum of 72 hours or until the necessary number >>>>> of >>>>> votes (3 binding +1s) is reached. >>>>> >>>>> [ ] +1 Release this package as Apache FreeMarker 2.3.28 >>>>> [ ] 0 I don't feel strongly about it, but I'm okay with the release >>>>> [ ] -1 Do not release this package because... >>>>> >>>>> Please add "(binding)" if your vote is binding. >>>>> >>>>> -- >>>>> Thanks, >>>>> Daniel Dekany >>>>> >>>>> >>> > > -- Thanks, Daniel Dekany
