This is an automated email from the ASF dual-hosted git repository. schultz pushed a commit to branch 8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit e80429c799ff2d8418709512304d8644f0428276 Author: schultz <schu...@apache.org> AuthorDate: Sun Dec 10 07:54:22 2023 -0800 Improve verify-release target. Remove 'verify' directory from source-base and into output/ Use a property to store the location of the release-verification artifacts. --- build.xml | 26 +++++++++++++++----------- 1 file changed, 15 insertions(+), 11 deletions(-) diff --git a/build.xml b/build.xml index 1b41c928d9..feccef8c4e 100644 --- a/build.xml +++ b/build.xml @@ -98,6 +98,7 @@ <property name="tomcat.i18n" value="${tomcat.output}/i18n"/> <property name="tomcat.manifests" value="${tomcat.output}/manifests"/> <property name="tomcat.release" value="${tomcat.output}/release"/> + <property name="tomcat.release.verify" value="${tomcat.output}/verify" /> <property name="tomcat.src.jars" value="${tomcat.output}/src-jars"/> <property name="test.classes" value="${tomcat.output}/testclasses"/> <property name="test.run.classes" value="${tomcat.output}/classes"/> @@ -2176,9 +2177,6 @@ Apache Tomcat ${version} native binaries for Win64 AMD64/EMT64 platform. <filename name="modules/jdbc-pool/**" /> </not> </and> - <!-- Do not inculde any files user for release-verification --> - <filename name="verify" /> - <filename name="verify/**" /> </or> </not> </fileset> @@ -3633,17 +3631,17 @@ Read the Building page on the Apache Tomcat documentation site for details on ho <!-- First, try to find a released version hash. --> <antcall target="trydownload"> <param name="sourcefile" value="https://dist.apache.org/repos/dist/release/tomcat/tomcat-${version.major}/v${version}/@{src-or-bin}/@{basefile}.sha512" /> - <param name="destfile" value="verify/@{basefile}.sha512" /> + <param name="destfile" value="${tomcat.release.verify}/@{basefile}.sha512" /> </antcall> <!-- If necessary, try to find a dev version hash. --> <antcall target="trydownload"> <param name="sourcefile" value="https://dist.apache.org/repos/dist/dev/tomcat/tomcat-${version.major}/v${version}/@{src-or-bin}/@{basefile}.sha512" /> - <param name="destfile" value="verify/@{basefile}.sha512" /> + <param name="destfile" value="${tomcat.release.verify}/@{basefile}.sha512" /> </antcall> <condition property="success"> <or> - <available file="verify/@{basefile}.sha512" /> + <available file="${tomcat.release.verify}/@{basefile}.sha512" /> <and> <contains string="${version}" substring="11.0." /><!-- Super hack --> <contains string="@{basefile}" substring="x86" /> @@ -3664,18 +3662,18 @@ Unable to locate release hash for @{basefile} <sequential> <!-- - <echo>Comparing hash files output/release/v${version}/@{src-or-bin}/@{basefile}.sha512 verify/@{basefile}.sha512</echo> + <echo>Comparing hash files output/release/v${version}/@{src-or-bin}/@{basefile}.sha512 ${tomcat.release.verify}/@{basefile}.sha512</echo> --> <condition property="reproducible-@{num}"> <filesmatch file1="output/release/v${version}/@{src-or-bin}/@{basefile}.sha512" - file2="verify/@{basefile}.sha512"/> + file2="${tomcat.release.verify}/@{basefile}.sha512"/> </condition> <echo if:set="reproducible-@{num}">Signature MATCH for @{src-or-bin}/@{basefile}</echo> <echo unless:set="reproducible-@{num}"> Signature mismatch for @{src-or-bin}/@{basefile}: </echo> <printfile unless:set="reproducible-@{num}" file="output/release/v${version}/@{src-or-bin}/@{basefile}.sha512" /> - <printfile unless:set="reproducible-@{num}" file="verify/@{basefile}.sha512" /> + <printfile unless:set="reproducible-@{num}" file="${tomcat.release.verify}/@{basefile}.sha512" /> </sequential> </macrodef> @@ -3691,8 +3689,8 @@ This does not appear to be a copy of a released tag; no build.properties.release It appears there are no build artifacts to verify. Please run 'ant release' first. </fail> - <delete dir="verify" /> - <mkdir dir="verify" /> + <delete dir="${tomcat.release.verify}" /> + <mkdir dir="${tomcat.release.verify}" /> <get-release-hash src-or-bin="bin" basefile="${final.name}-deployer.tar.gz" /> <get-release-hash src-or-bin="bin" basefile="${final.name}-deployer.zip" /> <get-release-hash src-or-bin="bin" basefile="${final.name}-fulldocs.tar.gz" /> @@ -3752,6 +3750,12 @@ reproducible-10=${reproducible-10} <fail unless="reproducible"> One or more signatures failed. + +Considering using a tool such as "diffoscope"[1] to inspect the differences +between the official release and your local-build. There may be trivial +differences that should not be considered troublesome. + +[1] https://diffoscope.org/ </fail> <echo> --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org