Hi again At this time voting on "Apache Sling SAML2 Service Provider 0.2.6" will continue based on the artifacts staged at https://dist.apache.org/repos/dist/dev/sling/ <https://dist.apache.org/repos/dist/dev/sling/>
Signature can be checked using a bash script such as the example below. ./check_dev_repo.sh /tmp/sling-staging #!/bin/sh DOWNLOAD=${1:-/tmp/sling-staging} mkdir ${DOWNLOAD} 2>/dev/null if [ -z "${DOWNLOAD}" ] then echo "Usage: check_dev_repo.sh [temp-directory]" exit fi echo "################################################################################" echo " DOWNLOAD PROMOTED REPOSITORY " echo "################################################################################" wget -e "robots=off" --wait 1 -nv -r -np "--reject=html,index.html.tmp,../" "--follow-tags=" \ -P "${DOWNLOAD}" -nH "--cut-dirs=4" \ "https://dist.apache.org/repos/dist/dev/sling/" echo "################################################################################" echo " CHECK SIGNATURES AND DIGESTS " echo "################################################################################" for i in `find "${DOWNLOAD}" -type f | grep -v '\.\(asc\|sha1\|md5\)$'` do f=`echo $i | sed 's/\.asc$//'` echo "$f" gpg --verify $f.asc 2>/dev/null if [ "$?" = "0" ]; then CHKSUM="GOOD"; else CHKSUM="BAD!!!!!!!!"; fi if [ ! -f "$f.asc" ]; then CHKSUM="----"; fi echo "gpg: ${CHKSUM}" for tp in md5 sha1 do if [ ! -f "$f.$tp" ] then CHKSUM="----" else A="`cat $f.$tp 2>/dev/null`" B="`openssl $tp < $f 2>/dev/null | sed 's/.*= *//' `" if [ "$A" = "$B" ]; then CHKSUM="GOOD (`cat $f.$tp`)"; else CHKSUM="BAD!! : $A not equal to $B"; fi fi echo "$tp : ${CHKSUM}" done done if [ -z "${CHKSUM}" ]; then echo "WARNING: no files found!"; fi echo "################################################################################" Thanks! Cris > On Jul 2, 2021, at 11:41 AM, Cris Rockwell <cmroc...@umich.edu> wrote: > > Hi, > > We solved 3 Jira issues in this initial release: > https://issues.apache.org/jira/projects/SLING/versions/12350210 > <https://issues.apache.org/jira/projects/SLING/versions/12350210> > > Staging repository: > https://repository.apache.org/content/repositories/orgapachesling-2490/ > <https://repository.apache.org/content/repositories/orgapachesling-2490/> > > You can use this UNIX script to download the release and verify the > signatures: > https://gitbox.apache.org/repos/asf?p=sling-tooling-release.git;a=blob;f=check_staged_release.sh;hb=HEAD > > <https://gitbox.apache.org/repos/asf?p=sling-tooling-release.git;a=blob;f=check_staged_release.sh;hb=HEAD> > > Usage: > sh check_staged_release.sh 2490 /tmp/sling-staging > > Please vote to approve this release: > > [ ] +1 Approve the release > [ ] 0 Don't care > [ ] -1 Don't release, because ... > > This majority vote is open for at least 72 hours. > > Regards, > Cris