Re: [VOTE] Release Apache Sling SAML2 Service Provider 0.2.6

Mon, 12 Jul 2021 08:05:04 -0700 

Hi again

At this time voting on "Apache Sling SAML2 Service Provider 0.2.6" will 
continue based on the artifacts staged at 
https://dist.apache.org/repos/dist/dev/sling/ 
<https://dist.apache.org/repos/dist/dev/sling/>

Signature can be checked using a bash script such as the example below.
./check_dev_repo.sh /tmp/sling-staging


#!/bin/sh
DOWNLOAD=${1:-/tmp/sling-staging}
mkdir ${DOWNLOAD} 2>/dev/null
if [ -z "${DOWNLOAD}" ]
then
 echo "Usage: check_dev_repo.sh [temp-directory]"
 exit
fi
 echo 
"################################################################################"
 echo "                           DOWNLOAD PROMOTED REPOSITORY                  
       "
 echo 
"################################################################################"
 wget -e "robots=off" --wait 1 -nv -r -np "--reject=html,index.html.tmp,../" 
"--follow-tags=" \
  -P "${DOWNLOAD}" -nH "--cut-dirs=4" \
  "https://dist.apache.org/repos/dist/dev/sling/";
echo 
"################################################################################"
echo "                          CHECK SIGNATURES AND DIGESTS                    
      "
echo 
"################################################################################"
for i in `find "${DOWNLOAD}" -type f | grep -v '\.\(asc\|sha1\|md5\)$'`
do
 f=`echo $i | sed 's/\.asc$//'`
 echo "$f"
 gpg --verify $f.asc 2>/dev/null
 if [ "$?" = "0" ]; then CHKSUM="GOOD"; else CHKSUM="BAD!!!!!!!!"; fi
 if [ ! -f "$f.asc" ]; then CHKSUM="----"; fi
 echo "gpg:  ${CHKSUM}"
 for tp in md5 sha1
 do
   if [ ! -f "$f.$tp" ]
   then
     CHKSUM="----"
   else
     A="`cat $f.$tp 2>/dev/null`"
     B="`openssl $tp < $f 2>/dev/null | sed 's/.*= *//' `"
     if [ "$A" = "$B" ]; then CHKSUM="GOOD (`cat $f.$tp`)"; else CHKSUM="BAD!! 
: $A not equal to $B"; fi
   fi
   echo "$tp : ${CHKSUM}"
 done
done
if [ -z "${CHKSUM}" ]; then echo "WARNING: no files found!"; fi
echo 
"################################################################################"



Thanks!
Cris


> On Jul 2, 2021, at 11:41 AM, Cris Rockwell <cmroc...@umich.edu> wrote:
> 
> Hi,
> 
> We solved 3 Jira issues in this initial release:
> https://issues.apache.org/jira/projects/SLING/versions/12350210 
> <https://issues.apache.org/jira/projects/SLING/versions/12350210>
> 
> Staging repository:
> https://repository.apache.org/content/repositories/orgapachesling-2490/ 
> <https://repository.apache.org/content/repositories/orgapachesling-2490/>
> 
> You can use this UNIX script to download the release and verify the 
> signatures:
> https://gitbox.apache.org/repos/asf?p=sling-tooling-release.git;a=blob;f=check_staged_release.sh;hb=HEAD
>  
> <https://gitbox.apache.org/repos/asf?p=sling-tooling-release.git;a=blob;f=check_staged_release.sh;hb=HEAD>
> 
> Usage:
> sh check_staged_release.sh 2490 /tmp/sling-staging
> 
> Please vote to approve this release:
> 
>  [ ] +1 Approve the release
>  [ ]  0 Don't care
>  [ ] -1 Don't release, because ...
> 
> This majority vote is open for at least 72 hours.
> 
> Regards,
> Cris

Reply via email to