ajs6f - does this answer your question enough to vote +1 now?
Andy
On 01/01/2019 12:48, Andy Seaborne wrote:
➜ source /usr/bin/shasum5.18 -a 512 -c
jena-3.10.0-source-release.zip.sha512
shasum: jena-3.10.0-source-release.zip.sha512: no properly formatted
SHA1 checksum lines found
because it only contains the checksum itself:
d0b5e47616c847d76e77f214b0c346ece34950eb0a8e0e74bfe41888cc85d63aef8149543bc84711c3c2e2442cb5151dd5a66013ccc0805c5b3ec245d6463204
and not also the filename to which it applies, e.g. :
7dafe7aa28cb85a6da9f6f2b109372ec0d097d4f07d8cb5882dde814b55cdb60512ab9bc09c2593118aaf3fbbc1f65f1d3b921faca7bddefd3f6bf9d7f332998
apache-jena-3.10.0.tar.gz
Is that a blocker for release? I'm not sure how precise the rules are
about the format of checksums. Do we just need to include them or to
include them in a certain format?
Not a blocker.
3.9.0 is the same.
The SHA512 checksum for the source-release is now made by maven during
"-Papache release:" (It wasn't for 3.8.0, it was for 3.9.0.) The Apache
parent has the process for this; it's not special to Jena. I'd prefer
we used the Apache parent way.
If you look at the SHA1 for the maven artifacts uploaded to central for
3.9.0 they are the same checksum only format:
http://central.maven.org/maven2/org/apache/jena/jena-arq/3.9.0/jena-arq-3.9.0.jar.sha1
==>
b44ea2da8bdaf61e77272070f96ee2e29a70bfe3
The file name is not part of the checksum - you can edit the checksum
file if you want:
(cat foo.sha512 ; echo " foo") > S2
sha512sum -c S2
The 512 checksums for the binaries are added afterwards because the
build process does not create them. It only processes source-release.
https://cwiki.apache.org/confluence/display/JENA/Release+Process#ReleaseProcess-Fixupchecksums
Andy
