On Wed, 5 Jan 2011, Shawn Jiang wrote:
Date: Wed, 5 Jan 2011 15:25:35 +0800
From: Shawn Jiang <[email protected]>
To: [email protected], Henk Penning <[email protected]>
Subject: Re: Bad 2.2.1 release
Hi Henk,
We just updated the geronimo 2.2.1 artifacts in
/www/www.apache.org/dist/geronimo/. Do you know if they could be be
synchronized to other mirrors automatically ?
Hi Shawn Jiang,
everything in 'people.apache.org:/www/www.apache.org/dist' is
automatically synced to the apache rsync-servers every hour,
where the mirrors will pick it up. So, yes, certainly.
I noticed that the md5's of some geronimo artifacts have changed
(since Sat Dec 11 15:17:22 2010) ; see
http://people.apache.org/~henkp/checker/md5.html
The sigs are good, but they are made with a key that is only
self-signed, so it could be easily forged. Your release
managers should have keys that are in the apache web-of-trust,
that is, signed by at least a few other apache people.
Groeten,
HPP
On Wed, Jan 5, 2011 at 2:40 PM, Rex Wang <[email protected]> wrote:
I have re-uploaded all the correct 2.2.1 artifacts to dist.
Will they be automatically sync to all mirrors?
-Rex
2011/1/5 Shawn Jiang <[email protected]>
Sorry, I uploaded the versions to dist in my machine. It contains
the bad openejb 3.1.4 release which was downloaded when I used the
staging one to run tck.
Because Maven won't download the release artifacts again if there's
local one. To avoid this kind of problems in the future, we should
add a step in the release process to delete local repo before starting
the release.
This time, Luckily, Rex could help upload the right geronimo
artifacts in his local machine to dist again to fix this.
On Wed, Jan 5, 2011 at 12:47 PM, Rex Wang <[email protected]> wrote:
Verified.
the one
http://repo2.maven.org/maven2/org/apache/geronimo/assemblies/geronimo-tomcat6-javaee5/2.2.1/geronimo-tomcat6-javaee5-2.2.1-bin.tar.gz
is correct.
So we need replace the wrong one in dist.
-Rex
2011/1/5 Rex Wang <[email protected]>
I remember I did clean the local repo before making 221 release
artifacts.
I checked the openejb-core in my local repo and it is the one of 12
Nov,
so I think the
http://www.apache.org/dist/geronimo/2.2.1/geronimo-tomcat6-javaee5-2.2.1-bin.tar.gz
might be different from the one in maven public repo which promoted
from
staging repo
http://repo2.maven.org/maven2/org/apache/geronimo/assemblies/geronimo-tomcat6-javaee5/2.2.1/geronimo-tomcat6-javaee5-2.2.1-bin.tar.gz
I am downloading it to verify...
-Rex
2011/1/5 Kevan Miller <[email protected]>
On Jan 4, 2011, at 4:44 PM, David Blevins wrote:
Looks like our 2.2.1 release does not contain the final OpenEJB
3.1.4
binaries and instead contains older binaries from a release vote
that never
passed.
$ cd /tmp
$ wget -q
http://www.apache.org/dist/geronimo/2.2.1/geronimo-tomcat6-javaee5-2.2.1-bin.tar.gz
$ tar xzf geronimo-tomcat6-javaee5-2.2.1-bin.tar.gz
$ jar tvf
/tmp/geronimo-tomcat6-javaee5-2.2.1/repository/org/apache/openejb/openejb-core/3.1.4/openejb-core-3.1.4.jar
| tail
562 Sun Oct 31 21:28:14 PDT 2010 org/openejb/OpenEJB.class
7379 Sun Oct 31 21:28:10 PDT 2010 schema/openejb-jar.xsd
6545 Sun Oct 31 21:28:10 PDT 2010 schema/openejb.xsd
2882 Sun Oct 31 21:28:10 PDT 2010 schema/service-jar.xsd
32 Sun Oct 31 21:28:10 PDT 2010 users.properties
0 Sun Oct 31 21:33:30 PDT 2010 META-INF/maven/
0 Sun Oct 31 21:33:30 PDT 2010
META-INF/maven/org.apache.openejb/
0 Sun Oct 31 21:33:30 PDT 2010
META-INF/maven/org.apache.openejb/openejb-core/
14964 Sun Oct 31 20:57:22 PDT 2010
META-INF/maven/org.apache.openejb/openejb-core/pom.xml
115 Sun Oct 31 21:33:30 PDT 2010
META-INF/maven/org.apache.openejb/openejb-core/pom.properties
$ wget -q -U Maven
http://repo1.maven.org/maven2/org/apache/openejb/openejb-core/3.1.4/openejb-core-3.1.4.jar
$ jar tvf openejb-core-3.1.4.jar | tail
562 Fri Nov 12 15:32:08 PST 2010 org/openejb/OpenEJB.class
7379 Fri Nov 12 15:32:06 PST 2010 schema/openejb-jar.xsd
6545 Fri Nov 12 15:32:06 PST 2010 schema/openejb.xsd
2882 Fri Nov 12 15:32:06 PST 2010 schema/service-jar.xsd
32 Fri Nov 12 15:32:06 PST 2010 users.properties
0 Fri Nov 12 15:32:14 PST 2010 META-INF/maven/
0 Fri Nov 12 15:32:14 PST 2010
META-INF/maven/org.apache.openejb/
0 Fri Nov 12 15:32:14 PST 2010
META-INF/maven/org.apache.openejb/openejb-core/
14964 Fri Nov 12 15:12:40 PST 2010
META-INF/maven/org.apache.openejb/openejb-core/pom.xml
115 Fri Nov 12 15:32:12 PST 2010
META-INF/maven/org.apache.openejb/openejb-core/pom.properties
Unfortunately that old openejb-3.1.4 binary contains this bug:
https://issues.apache.org/jira/browse/OPENEJB-1394
We'll definitely need another 2.2.x release of some kind. Whether
or
not we want to include any other fixes is probably a good discussion
to
have.
Yep. Thanks for finding that... Seems like we need to update our
release
process to include a "delete your local maven repository" step... Or
some
other precaution to prevent this from happening.
--kevan
--
Lei Wang (Rex)
rwonly AT apache.org
--
Lei Wang (Rex)
rwonly AT apache.org
--
Shawn
--
Lei Wang (Rex)
rwonly AT apache.org
--
Shawn
--------------------------------------------------------- _
Henk P. Penning, ICT-beta R Uithof WISK-412 _/ \_
Faculty of Science, Utrecht University T +31 30 253 4106 / \_/ \
Budapestlaan 6, 3584CD Utrecht, NL F +31 30 253 4553 \_/ \_/
http://people.cs.uu.nl/henkp/ M [email protected] \_/
