[
https://issues.apache.org/jira/browse/UIMA-5897?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16656935#comment-16656935
]
Marshall Schor commented on UIMA-5897:
--------------------------------------
After this fix, the build produces in the local .m2 the intended workarounds
{color:#333333}where the maven gpg plugin signs the sha512 files. {color}
{color:#333333}for attached artifact X, the .m2 has{color}
{color:#333333} X, {color}
{color:#333333} X.asc, {color}
{color:#333333} X.sha512, {color}
{color:#333333} X.sha512.asc <<< the workaround{color}
{color:#333333}But in the Nexus staging repo, I see these *plus* {color}
{color:#333333} X.md5 {color}
{color:#333333} X.sha1, {color}
{color:#333333} X.sha512.md5, {color}
{color:#333333} X.sha512.sha1 {color}
I don't know what's doing the adding of md5 and sha1 checksums; I'm guessing
it's some part of Nexus configuration.
I've reported this on INFRA-14923. I guess this is how we need to operate
until infra fixes things.
> parent-pom-12 workaround for rule problem in apache repository
> --------------------------------------------------------------
>
> Key: UIMA-5897
> URL: https://issues.apache.org/jira/browse/UIMA-5897
> Project: UIMA
> Issue Type: Task
> Components: Build, Packaging and Test
> Affects Versions: parent-pom-11
> Reporter: Marshall Schor
> Assignee: Marshall Schor
> Priority: Major
> Fix For: parent-pom-12
>
>
> Parent-pom 12 is modified to generate .sha512 checksums. Due to a bug in
> the rules for repository.apache.org, these cannot be uploaded unless they
> (the checksums) are gpg-signed. Although there's an issue to fix this
> INFRA-14923 , the work is currently stalled.
> In the meantime, modify the parent-pom to gpg sign and attach the signatures,
> for .sha512 checksums.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
