Hi Cris, To make it clear to everyone, can you please reply to the initial [VOTE] thread and point to the new staging repository?
Thanks, Robert On Fri, 2021-07-09 at 10:46 -0400, Cris Rockwell wrote: > Thanks for researching a possible solution for this. > The artifacts are now uploaded > https://dist.apache.org/repos/dist/dev/sling/ < > https://dist.apache.org/repos/dist/dev/sling/> > > > > > On Jul 9, 2021, at 3:22 AM, Robert Munteanu <romb...@apache.org> > > wrote: > > > > I've been reading the ASF release policy at > > > > https://www.apache.org/legal/release-policy.html > > > > , and this snippet drew my attention: > > > > > A release isn't 'released' until the contents are in the > > > project's > > distribution directory, which is a subdirectory of > > downloads.apache.org. In addition to the distribution directory, > > project that use Maven or a related build tool sometimes place > > their > > releases on repository.apache.org beside some convenience binaries. > > The > > distribution directory is required, while the repository system is > > an > > optional convenience. > > > > which leads me to believe that we did not actually 'release' the > > bundle, but are right now in an inconsistent state, with a > > convenience > > channel being used before the actual vote being released. > > > > My suggestion would be to continue the voting process in a manual > > way > > and reach out to infra/ASF board ( as per [2] ) only if the > > release > > vote fails. > > > > > > https://dist.apache.org/repos/dist/dev/sling/ > > > > ( svn co https://dist.apache.org/repos/dist/dev/sling/ ) > > > > and we will resume voting based on those. We may need to patch the > > scripts or run the checks manually, but it's a one-time occurence > > and > > should not be such a big deal. > > > > I prefer uploading to dist/dev and validating the artifacts from > > there > > since it's more in line with the ASF release policy and minimises > > the > > risk of this release being called out as out of policy. > > > > Would that work for you? > > > > Thanks, > > Robert > > > > > > [2]: > > https://www.apache.org/legal/release-policy.html#administration > > > > On Thu, 2021-07-08 at 14:30 -0400, Cris Rockwell wrote: > > > It’s not much to tweak the script to check a promoted artifact vs > > > a > > > staged artifact. The script below does it. > > > > > > $ ./check_promoted_release.sh org.apache.sling.auth.saml2/0.2.6/ > > > . > > > > > > > > > > > > #!/bin/sh > > > > > > #check_promoted_release.sh > > > STAGING=${1} > > > DOWNLOAD=${2:-/tmp/sling-staging} > > > mkdir ${DOWNLOAD} 2>/dev/null > > > > > > if [ -z "${STAGING}" -o ! -d "${DOWNLOAD}" ] > > > then > > > echo "Usage: check_promoted_release.sh <artifactID/version> > > > [temp- > > > directory]" > > > exit > > > fi > > > > > > if [ ! -e "${DOWNLOAD}/${STAGING}" ] > > > then > > > echo > > > "################################################################ > > > ###### > > > ##########" > > > echo " DOWNLOAD PROMOTED > > > REPOSITORY " > > > echo > > > "################################################################ > > > ###### > > > ##########" > > > > > > wget -e "robots=off" --wait 1 -nv -r -np "-- > > > reject=html,index.html.tmp,../" "--follow-tags=" \ > > > -P "${DOWNLOAD}/${STAGING}" -nH "--cut-dirs=6" \ > > > > > > " > > > https://repository.apache.org/content/groups/public/org/apache/sling/${STAGING} > > > " > > > > > > else > > > echo > > > "################################################################ > > > ###### > > > ##########" > > > echo " USING EXISTING STAGED > > > REPOSITORY " > > > echo > > > "################################################################ > > > ###### > > > ##########" > > > echo "${DOWNLOAD}/${STAGING}" > > > fi > > > > > > echo > > > "################################################################ > > > ###### > > > ##########" > > > echo " CHECK SIGNATURES AND > > > DIGESTS " > > > echo > > > "################################################################ > > > ###### > > > ##########" > > > > > > for i in `find "${DOWNLOAD}/${STAGING}" -type f | grep -v > > > '\.\(asc\|sha1\|md5\)$'` > > > do > > > f=`echo $i | sed 's/\.asc$//'` > > > echo "$f" > > > gpg --verify $f.asc 2>/dev/null > > > if [ "$?" = "0" ]; then CHKSUM="GOOD"; else > > > CHKSUM="BAD!!!!!!!!"; fi > > > if [ ! -f "$f.asc" ]; then CHKSUM="----"; fi > > > echo "gpg: ${CHKSUM}" > > > > > > for tp in md5 sha1 > > > do > > > if [ ! -f "$f.$tp" ] > > > then > > > CHKSUM="----" > > > else > > > A="`cat $f.$tp 2>/dev/null`" > > > B="`openssl $tp < $f 2>/dev/null | sed 's/.*= *//' `" > > > if [ "$A" = "$B" ]; then CHKSUM="GOOD (`cat $f.$tp`)"; else > > > CHKSUM="BAD!! : $A not equal to $B"; fi > > > fi > > > echo "$tp : ${CHKSUM}" > > > done > > > > > > done > > > > > > if [ -z "${CHKSUM}" ]; then echo "WARNING: no files found!"; fi > > > > > > echo > > > "################################################################ > > > ###### > > > ##########" > > > > > > > > > ################################################################# > > > ###### > > > ######### > > > CHECK SIGNATURES AND DIGESTS > > > ################################################################# > > > ###### > > > ######### > > > ./org.apache.sling.auth.saml2/0.2.6//org.apache.sling.auth.saml2/ > > > 0.2.6/ > > > org.apache.sling.auth.saml2-0.2.6-source-release.zip > > > gpg: GOOD > > > md5 : GOOD (39c1e148b0919387a5732628ba604d21) > > > sha1 : GOOD (cea7d34a4b78dd651b8fd26ef9464ac3bacc5f6f) > > > ./org.apache.sling.auth.saml2/0.2.6//org.apache.sling.auth.saml2/ > > > 0.2.6/ > > > org.apache.sling.auth.saml2-0.2.6.pom > > > gpg: GOOD > > > md5 : GOOD (4ac6eb0eb5e4fcd0372a211a1974dc0c) > > > sha1 : GOOD (531a963abf49b8db1b8e2584139b793a9bc28bb2) > > > ./org.apache.sling.auth.saml2/0.2.6//org.apache.sling.auth.saml2/ > > > 0.2.6/ > > > org.apache.sling.auth.saml2-0.2.6-javadoc.jar > > > gpg: GOOD > > > md5 : GOOD (e848893428b5deb1246f768d8657e27c) > > > sha1 : GOOD (85e79ac6ae98a929a1f3aa58f93959acd33a2a2d) > > > ./org.apache.sling.auth.saml2/0.2.6//org.apache.sling.auth.saml2/ > > > 0.2.6/ > > > org.apache.sling.auth.saml2-0.2.6-sources.jar > > > gpg: GOOD > > > md5 : GOOD (69fea4b472d2b4ec0dcc1987087c6702) > > > sha1 : GOOD (9bbfd0071d81ead55fa2a5b920d74ec1934e666c) > > > ./org.apache.sling.auth.saml2/0.2.6//org.apache.sling.auth.saml2/ > > > 0.2.6/ > > > org.apache.sling.auth.saml2-0.2.6.jar > > > gpg: GOOD > > > md5 : GOOD (94c54bf5b7d244f60da1837d5b0351b2) > > > sha1 : GOOD (00a784f65d23a18d7eed094dddedc863e235bf9d) > > > ################################################################# > > > ###### > > > ######### > > > ➜ release ./check_promoted_release.sh > > > org.apache.sling.auth.saml2/0.2.6/ . > > > > > > > > > > > > > > > > > > > On Jul 8, 2021, at 10:54 AM, Robert Munteanu > > > > <romb...@apache.org> > > > > wrote: > > > > > > > > There are two question here: > > > > > > > > 1. Practical - what do we vote on? The staging repository is > > > > gone. > > > > 2. Procedural - is this the right thing to do? > > > > > > > > For 1. I guess we could ask you to restore it, maybe stage the > > > > exact > > > > same artifacts again and resume the vote? Not a new vote > > > > thread, > > > > simply > > > > reply to the same thread with a new staging repository. > > > > > > > > But we should not conclude the vote until we are sure of 2. > > > > > > > > Thanks, > > > > Robert > > > > > > > > On Thu, 2021-07-08 at 08:13 -0400, Cris Rockwell wrote: > > > > > How about pmc members actually cast your votes on this > > > > > release now? > > > > > If there are enough+1 then it's fine. If somebody is actually > > > > > trying > > > > > to > > > > > drag this out intentionally, thats not cool. > > > > > > > > > > On Thu, Jul 8, 2021, 6:22 AM Robert Munteanu > > > > > <romb...@apache.org> > > > > > wrote: > > > > > > > > > > > Hi, > > > > > > > > > > > > The staging repository in question was under vote, no votes > > > > > > cast > > > > > > ( > > > > > > I > > > > > > was preparing my +1 ) and was accidentally promoted. > > > > > > > > > > > > That means that the artifacts are on Maven Central without > > > > > > a > > > > > > formal > > > > > > vote from the PMC. > > > > > > > > > > > > What options do we have from here? Does anyone know of a > > > > > > similar > > > > > > situation? If not, we can wait for an answer on the infra > > > > > > issue > > > > > > [1]. > > > > > > > > > > > > Thanks, > > > > > > Robert > > > > > > > > > > > > [1]: https://issues.apache.org/jira/browse/INFRA-22090 > > > > > > > > > > > > On Thu, 2021-07-08 at 12:16 +0200, Nicolas Peltier wrote: > > > > > > > Ok, looks like it's over now to move it back, so either > > > > > > > we > > > > > > > retroactively > > > > > > > vote for that artifact, either we redo a release :( > > > > > > > sorry for that mess :( > > > > > > > > > > > > > > Le jeu. 8 juil. 2021 à 11:50, Nicolas Peltier > > > > > > > <npelt...@apache.org> a > > > > > > > écrit : > > > > > > > > > > > > > > > sorry Chris i mistakenly released the staging > > > > > > > > repository, and > > > > > > > > now am > > > > > > > > struggling to undo this, it's very likely we have to > > > > > > > > delete > > > > > > > > it > > > > > > > > all > > > > > > > > together > > > > > > > > :( > > > > > > > > https://issues.apache.org/jira/browse/INFRA-22090 > > > > > > > > > > > > > > > > Le ven. 2 juil. 2021 à 17:41, Cris Rockwell > > > > > > > > <cmroc...@umich.edu> a > > > > > > > > écrit : > > > > > > > > > > > > > > > > > Hi, > > > > > > > > > > > > > > > > > > We solved 3 Jira issues in this initial release: > > > > > > > > > https://issues.apache.org/jira/projects/SLING/versions/12350210 > > > > > > > > > < > > > > > > > > > https://issues.apache.org/jira/projects/SLING/versions/12350210 > > > > > > > > > > > > > > > > > > > > > > > > > > > > Staging repository: > > > > > > > > > > > > > > > https://repository.apache.org/content/repositories/orgapachesling-2490/ > > > > > > > > > > > > > > > > > > You can use this UNIX script to download the release > > > > > > > > > and > > > > > > > > > verify the > > > > > > > > > signatures: > > > > > > > > > > > > > > > > > > > > > > > > https://gitbox.apache.org/repos/asf?p=sling-tooling-release.git;a=blob;f=check_staged_release.sh;hb=HEAD > > > > > > > > > < > > > > > > > > > > > > > > > https://gitbox.apache.org/repos/asf?p=sling-tooling-release.git;a=blob;f=check_staged_release.sh;hb=HEAD > > > > > > > > > > > > > > > > > > > > > > > > > > > > Usage: > > > > > > > > > sh check_staged_release.sh 2490 /tmp/sling-staging > > > > > > > > > > > > > > > > > > Please vote to approve this release: > > > > > > > > > > > > > > > > > > [ ] +1 Approve the release > > > > > > > > > [ ] 0 Don't care > > > > > > > > > [ ] -1 Don't release, because ... > > > > > > > > > > > > > > > > > > This majority vote is open for at least 72 hours. > > > > > > > > > > > > > > > > > > Regards, > > > > > > > > > Cris > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > >
