On Tue, Jan 5, 2010 at 1:06 PM, Lukasz Lenart <lukasz.len...@googlemail.com> wrote: > 2010/1/5 Wendy Smoak <wsm...@gmail.com>: >> I just re-checked and there are still no .asc signature files in the >> staging repo, so this cannot be released as-is. > > I found the problem - .asc files were only generated for > struts2-archetype-plugin and struts2-archetype-starter. The reset is > missing below entry in pom.xml - I have no idea how it was before > released :D > > Nevertheless, is it possible to generate only .asc files?
I've never tried to do it after the fact with the plugin, I'm not sure what would happen. If you still have the jars and poms from the release on a secure machine, and you know they have not been out of your control, then you can sign them manually and upload only the .asc files to the repo. To sign a single file, it's $ gpg --armor --output foo.tar.gz.asc --detach-sig foo.tar.gz That's from http://wiki.wsmoak.net/cgi-bin/wiki.pl?ReleaseSigning . I had it scripted at one point to sign a sub-tree of the local repo. It's probably somewhere on my wiki. Only the artifacts, in this case the the .jar and .pom files, need to be signed. The gpg plugin goes overboard and signs the checksums, which is not necessary. If you have cleared your local repo since the release, or would otherwise have to download the jars and poms from somewhere else, then you shouldn't sign them because you don't know what's happened to the files since they were created. -- Wendy --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org
