(tomcat) branch 10.1.x updated: Improve verify-release target.

[schultz]

This is an automated email from the ASF dual-hosted git repository.

schultz pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/10.1.x by this push:
     new ccb1e58b62 Improve verify-release target.
ccb1e58b62 is described below

commit ccb1e58b62c4e498689f1b7db42d0f6b12909345
Author: schultz <schu...@apache.org>
AuthorDate: Sun Dec 10 07:54:22 2023 -0800

    Improve verify-release target.
    
    Remove 'verify' directory from source-base and into output/
    Use a property to store the location of the release-verification
    artifacts.
---
 build.xml | 26 +++++++++++++++-----------
 1 file changed, 15 insertions(+), 11 deletions(-)

diff --git a/build.xml b/build.xml
index dee2537aae..1d414d2996 100644
--- a/build.xml
+++ b/build.xml
@@ -89,6 +89,7 @@
   <property name="tomcat.i18n"           value="${tomcat.output}/i18n"/>
   <property name="tomcat.manifests"      value="${tomcat.output}/manifests"/>
   <property name="tomcat.release"        value="${tomcat.output}/release"/>
+  <property name="tomcat.release.verify" value="${tomcat.output}/verify" />
   <property name="tomcat.src.jars"       value="${tomcat.output}/src-jars"/>
   <property name="test.classes"          value="${tomcat.output}/testclasses"/>
   <property name="test.run.classes"      value="${tomcat.output}/classes"/>
@@ -2530,9 +2531,6 @@ Apache Tomcat ${version} native binaries for Win64 
AMD64/EMT64 platform.
                 <filename name="modules/jdbc-pool/**" />
               </not>
             </and>
-            <!-- Do not inculde any files  user for release-verification -->
-            <filename name="verify" />
-            <filename name="verify/**" />
           </or>
         </not>
       </fileset>
@@ -4128,17 +4126,17 @@ Read the Building page on the Apache Tomcat 
documentation site for details on ho
       <!-- First, try to find a released version hash. -->
       <antcall target="trydownload">
         <param name="sourcefile" 
value="https://dist.apache.org/repos/dist/release/tomcat/tomcat-${version.major}/v${version}/@{src-or-bin}/@{basefile}.sha512";
 />
-        <param name="destfile" value="verify/@{basefile}.sha512" />
+        <param name="destfile" 
value="${tomcat.release.verify}/@{basefile}.sha512" />
       </antcall>
       <!-- If necessary, try to find a dev version hash. -->
       <antcall target="trydownload">
         <param name="sourcefile" 
value="https://dist.apache.org/repos/dist/dev/tomcat/tomcat-${version.major}/v${version}/@{src-or-bin}/@{basefile}.sha512";
 />
-        <param name="destfile" value="verify/@{basefile}.sha512" />
+        <param name="destfile" 
value="${tomcat.release.verify}/@{basefile}.sha512" />
       </antcall>
 
       <condition property="success">
         <or>
-          <available file="verify/@{basefile}.sha512" />
+          <available file="${tomcat.release.verify}/@{basefile}.sha512" />
           <and>
             <contains string="${version}" substring="11.0." /><!-- Super hack 
-->
             <contains string="@{basefile}" substring="x86" />
@@ -4159,18 +4157,18 @@ Unable to locate release hash for @{basefile}
 
     <sequential>
 <!--
-      <echo>Comparing hash files 
output/release/v${version}/@{src-or-bin}/@{basefile}.sha512 
verify/@{basefile}.sha512</echo>
+      <echo>Comparing hash files 
output/release/v${version}/@{src-or-bin}/@{basefile}.sha512 
${tomcat.release.verify}/@{basefile}.sha512</echo>
 -->
       <condition property="reproducible-@{num}">
         <filesmatch 
file1="output/release/v${version}/@{src-or-bin}/@{basefile}.sha512"
-                    file2="verify/@{basefile}.sha512"/>
+                    file2="${tomcat.release.verify}/@{basefile}.sha512"/>
       </condition>
       <echo if:set="reproducible-@{num}">Signature MATCH for 
@{src-or-bin}/@{basefile}</echo>
       <echo unless:set="reproducible-@{num}">
 Signature mismatch for @{src-or-bin}/@{basefile}:
   </echo>
       <printfile unless:set="reproducible-@{num}" 
file="output/release/v${version}/@{src-or-bin}/@{basefile}.sha512" />
-      <printfile unless:set="reproducible-@{num}" 
file="verify/@{basefile}.sha512" />
+      <printfile unless:set="reproducible-@{num}" 
file="${tomcat.release.verify}/@{basefile}.sha512" />
     </sequential>
   </macrodef>
 
@@ -4186,8 +4184,8 @@ This does not appear to be a copy of a released tag; no 
build.properties.release
 
 It appears there are no build artifacts to verify. Please run 'ant release' 
first.
 </fail>
-    <delete dir="verify" />
-    <mkdir dir="verify" />
+    <delete dir="${tomcat.release.verify}" />
+    <mkdir dir="${tomcat.release.verify}" />
     <get-release-hash src-or-bin="bin" 
basefile="${final.name}-deployer.tar.gz" />
     <get-release-hash src-or-bin="bin" basefile="${final.name}-deployer.zip" />
     <get-release-hash src-or-bin="bin" 
basefile="${final.name}-fulldocs.tar.gz" />
@@ -4247,6 +4245,12 @@ reproducible-10=${reproducible-10}
 
     <fail unless="reproducible">
 One or more signatures failed.
+
+Considering using a tool such as "diffoscope"[1] to inspect the differences
+between the official release and your local-build. There may be trivial
+differences that should not be considered troublesome.
+
+[1] https://diffoscope.org/
 </fail>
     <echo>
 


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org