Re: [VOTE] Release Apache Maven GPG Plugin version 3.0.0

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Re: [VOTE] Release Apache Maven GPG Plugin version 3.0.0

rfscholte
One side note:
To make this plugin work with the build/consumer pom it must be replaced with an InputStream based implementation. Now it is calling gpg via commandline with a reference to the files to sign.

Robert

On 12-4-2020 14:50:14, Hervé BOUTEMY <[hidden email]> wrote:
Hi,

We solved 13 issues:
https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12317521&version=12330781&styleName=Text

Staging repo:
https://repository.apache.org/content/repositories/maven-1563/
https://repository.apache.org/content/repositories/maven-1563/org/apache/maven/plugins/maven-gpg-plugin/3.0.0/maven-gpg-plugin-3.0.0-source-release.zip

Source release checksum(s):
maven-gpg-plugin-3.0.0-source-release.zip sha512: 773e1ba20d3edd6924bf7c909c0bf68746d79874a0df258da05ccc2b3138415f0183350b54209a3003eb081cc11e22bc316a7d8a7016fe4dab30eb0db5a9b0ac

Staging site:
https://maven.apache.org/plugins-archives/maven-gpg-plugin-LATEST/

Guide to testing staged releases:
https://maven.apache.org/guides/development/guide-testing-releases.html

Vote open for at least 72 hours.

[ ] +1
[ ] +0
[ ] -1



---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: [VOTE] Release Apache Maven GPG Plugin version 3.0.0

Hervé BOUTEMY
questions to Windows users:
- what GPG distribution do you use, that does not make the plugin fail?
- is this issue worth dropping the release?

Regards,

Hervé

Le mercredi 15 avril 2020, 21:25:11 CEST Tibor Digana a écrit :

> Sorry my -1 due to all integration tests have failed with the following
> errors:
>
> Caused by: java.lang.IllegalArgumentException: Can't parse version of
> gpg (GnuPG) 2.0.26 (Gpg4win 2.2.3)
>     at org.apache.maven.plugins.gpg.GpgVersion.compareTo(GpgVersion.java:60)
> at org.apache.maven.plugins.gpg.GpgVersion.isBefore(GpgVersion.java:101) at
> org.apache.maven.plugins.gpg.GpgSigner.generateSignatureForFile(GpgSigner.j
> ava:89) at
> org.apache.maven.plugins.gpg.AbstractGpgSigner.generateSignatureForArtifact
> (AbstractGpgSigner.java:203) at
> org.apache.maven.plugins.gpg.GpgSignAttachedMojo.execute(GpgSignAttachedMoj
> o.java:178) at
> org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo(DefaultBuildP
> luginManager.java:134)
>
> The version on the command line:
>
> $ gpg --version
> gpg (GnuPG) 2.0.26 (Gpg4win 2.2.3)
> libgcrypt 1.6.2
> Copyright (C) 2013 Free Software Foundation, Inc.
> License GPLv3+: GNU GPL version 3 or later
> <http://gnu.org/licenses/gpl.html> This is free software: you are free to
> change and redistribute it. There is NO WARRANTY, to the extent permitted
> by law.
>
> On Sun, Apr 12, 2020 at 2:50 PM Hervé BOUTEMY <[hidden email]> wrote:
> > Hi,
> >
> > We solved 13 issues:
> > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12317521&
> > version=12330781&styleName=Text
> >
> > Staging repo:
> > https://repository.apache.org/content/repositories/maven-1563/
> > https://repository.apache.org/content/repositories/maven-1563/org/apache/m
> > aven/plugins/maven-gpg-plugin/3.0.0/maven-gpg-plugin-3.0.0-source-release.
> > zip
> >
> > Source release checksum(s):
> > maven-gpg-plugin-3.0.0-source-release.zip sha512:
> > 773e1ba20d3edd6924bf7c909c0bf68746d79874a0df258da05ccc2b3138415f0183350b5
> > 4209a3003eb081cc11e22bc316a7d8a7016fe4dab30eb0db5a9b0ac
> >
> > Staging site:
> > https://maven.apache.org/plugins-archives/maven-gpg-plugin-LATEST/
> >
> > Guide to testing staged releases:
> > https://maven.apache.org/guides/development/guide-testing-releases.html
> >
> > Vote open for at least 72 hours.
> >
> > [ ] +1
> > [ ] +0
> > [ ] -1
> >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [hidden email]
> > For additional commands, e-mail: [hidden email]





---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: [VOTE] Release Apache Maven GPG Plugin version 3.0.0

Hervé BOUTEMY
In reply to this post by rfscholte
yes, I hoped that it was an issue existing before, but your answer is clear:
no, this is a new issue, with code newly introduced

Given this issue on Windows and the issue on Linux, I'll cancel the release
and create 2 Jira issues to track the 2 issues found

we will require to fix and test on multiple platforms: community help will be
greatly appreciated

Regards,

Hervé

Le mercredi 15 avril 2020, 23:12:32 CEST Tibor Digana a écrit :
> Why this plugin has been working for many years and with the same gpg
> installation?
> There has to be a change in the comparator of versions according to
> the stacktrace. What other explanation?
> I did not change anything on my PC. Still the same set of tools.
>
> On Wed, Apr 15, 2020 at 11:07 PM Robert Scholte <[hidden email]>
wrote:

> > gpg --version
> >
> > gpg (GnuPG) 2.2.15
> > libgcrypt 1.8.4
> > Copyright (C) 2019 Free Software Foundation, Inc.
> > License GPLv3+: GNU GPL version 3 or later
> > <https://gnu.org/licenses/gpl.html> This is free software: you are free
> > to change and redistribute it. There is NO WARRANTY, to the extent
> > permitted by law.
> >
> > I've asked INFRA to install gpg on Jenkins, so for about a year both
> > Ubuntu and Windows are covered.
> >
> >
> > Robert
> >
> > [1] https://issues.apache.org/jira/browse/INFRA-18014
> > On 15-4-2020 22:16:35, Hervé BOUTEMY <[hidden email]> wrote:
> > questions to Windows users:
> > - what GPG distribution do you use, that does not make the plugin fail?
> > - is this issue worth dropping the release?
> >
> > Regards,
> >
> > Hervé
> >
> > Le mercredi 15 avril 2020, 21:25:11 CEST Tibor Digana a écrit :
> > > Sorry my -1 due to all integration tests have failed with the following
> > > errors:
> > >
> > > Caused by: java.lang.IllegalArgumentException: Can't parse version of
> > > gpg (GnuPG) 2.0.26 (Gpg4win 2.2.3)
> > > at org.apache.maven.plugins.gpg.GpgVersion.compareTo(GpgVersion.java:60)
> > > at org.apache.maven.plugins.gpg.GpgVersion.isBefore(GpgVersion.java:101)
> > > at
> > > org.apache.maven.plugins.gpg.GpgSigner.generateSignatureForFile(GpgSigne
> > > r.j
> > > ava:89) at
> > > org.apache.maven.plugins.gpg.AbstractGpgSigner.generateSignatureForArtif
> > > act
> > > (AbstractGpgSigner.java:203) at
> > > org.apache.maven.plugins.gpg.GpgSignAttachedMojo.execute(GpgSignAttached
> > > Moj
> > > o.java:178) at
> > > org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo(DefaultBui
> > > ldP
> > > luginManager.java:134)
> > >
> > > The version on the command line:
> > >
> > > $ gpg --version
> > > gpg (GnuPG) 2.0.26 (Gpg4win 2.2.3)
> > > libgcrypt 1.6.2
> > > Copyright (C) 2013 Free Software Foundation, Inc.
> > > License GPLv3+: GNU GPL version 3 or later
> > > This is free software: you are free to
> > > change and redistribute it. There is NO WARRANTY, to the extent
> > > permitted
> > > by law.
> > >
> > > On Sun, Apr 12, 2020 at 2:50 PM Hervé BOUTEMY wrote:
> > > > Hi,
> > > >
> > > > We solved 13 issues:
> > > > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12317
> > > > 521&
> > > > version=12330781&styleName=Text
> > > >
> > > > Staging repo:
> > > > https://repository.apache.org/content/repositories/maven-1563/
> > > > https://repository.apache.org/content/repositories/maven-1563/org/apac
> > > > he/m
> > > > aven/plugins/maven-gpg-plugin/3.0.0/maven-gpg-plugin-3.0.0-source-rele
> > > > ase.
> > > > zip
> > > >
> > > > Source release checksum(s):
> > > > maven-gpg-plugin-3.0.0-source-release.zip sha512:
> > > > 773e1ba20d3edd6924bf7c909c0bf68746d79874a0df258da05ccc2b3138415f018335
> > > > 0b5
> > > > 4209a3003eb081cc11e22bc316a7d8a7016fe4dab30eb0db5a9b0ac
> > > >
> > > > Staging site:
> > > > https://maven.apache.org/plugins-archives/maven-gpg-plugin-LATEST/
> > > >
> > > > Guide to testing staged releases:
> > > > https://maven.apache.org/guides/development/guide-testing-releases.htm
> > > > l
> > > >
> > > > Vote open for at least 72 hours.
> > > >
> > > > [ ] +1
> > > > [ ] +0
> > > > [ ] -1
> > > >
> > > >
> > > >
> > > > ---------------------------------------------------------------------
> > > > To unsubscribe, e-mail: [hidden email]
> > > > For additional commands, e-mail: [hidden email]
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [hidden email]
> > For additional commands, e-mail: [hidden email]





---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: [VOTE] Release Apache Maven GPG Plugin version 3.0.0

rfscholte
In reply to this post by Hervé BOUTEMY
For MGPG-59[1] the version had to be parsed because of a feature that only works for gpg2.

Robert


[1] https://issues.apache.org/jira/browse/MGPG-59

On 15-4-2020 23:12:47, Tibor Digana <[hidden email]> wrote:
Why this plugin has been working for many years and with the same gpg
installation?
There has to be a change in the comparator of versions according to
the stacktrace. What other explanation?
I did not change anything on my PC. Still the same set of tools.

On Wed, Apr 15, 2020 at 11:07 PM Robert Scholte wrote:

>
> gpg --version
>
> gpg (GnuPG) 2.2.15
> libgcrypt 1.8.4
> Copyright (C) 2019 Free Software Foundation, Inc.
> License GPLv3+: GNU GPL version 3 or later
> This is free software: you are free to change and redistribute it.
> There is NO WARRANTY, to the extent permitted by law.
>
> I've asked INFRA to install gpg on Jenkins, so for about a year both Ubuntu and Windows are covered.
>
>
> Robert
>
> [1] https://issues.apache.org/jira/browse/INFRA-18014
> On 15-4-2020 22:16:35, Hervé BOUTEMY wrote:
> questions to Windows users:
> - what GPG distribution do you use, that does not make the plugin fail?
> - is this issue worth dropping the release?
>
> Regards,
>
> Hervé
>
> Le mercredi 15 avril 2020, 21:25:11 CEST Tibor Digana a écrit :
> > Sorry my -1 due to all integration tests have failed with the following
> > errors:
> >
> > Caused by: java.lang.IllegalArgumentException: Can't parse version of
> > gpg (GnuPG) 2.0.26 (Gpg4win 2.2.3)
> > at org.apache.maven.plugins.gpg.GpgVersion.compareTo(GpgVersion.java:60)
> > at org.apache.maven.plugins.gpg.GpgVersion.isBefore(GpgVersion.java:101) at
> > org.apache.maven.plugins.gpg.GpgSigner.generateSignatureForFile(GpgSigner.j
> > ava:89) at
> > org.apache.maven.plugins.gpg.AbstractGpgSigner.generateSignatureForArtifact
> > (AbstractGpgSigner.java:203) at
> > org.apache.maven.plugins.gpg.GpgSignAttachedMojo.execute(GpgSignAttachedMoj
> > o.java:178) at
> > org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo(DefaultBuildP
> > luginManager.java:134)
> >
> > The version on the command line:
> >
> > $ gpg --version
> > gpg (GnuPG) 2.0.26 (Gpg4win 2.2.3)
> > libgcrypt 1.6.2
> > Copyright (C) 2013 Free Software Foundation, Inc.
> > License GPLv3+: GNU GPL version 3 or later
> > This is free software: you are free to
> > change and redistribute it. There is NO WARRANTY, to the extent permitted
> > by law.
> >
> > On Sun, Apr 12, 2020 at 2:50 PM Hervé BOUTEMY wrote:
> > > Hi,
> > >
> > > We solved 13 issues:
> > > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12317521&
> > > version=12330781&styleName=Text
> > >
> > > Staging repo:
> > > https://repository.apache.org/content/repositories/maven-1563/
> > > https://repository.apache.org/content/repositories/maven-1563/org/apache/m
> > > aven/plugins/maven-gpg-plugin/3.0.0/maven-gpg-plugin-3.0.0-source-release.
> > > zip
> > >
> > > Source release checksum(s):
> > > maven-gpg-plugin-3.0.0-source-release.zip sha512:
> > > 773e1ba20d3edd6924bf7c909c0bf68746d79874a0df258da05ccc2b3138415f0183350b5
> > > 4209a3003eb081cc11e22bc316a7d8a7016fe4dab30eb0db5a9b0ac
> > >
> > > Staging site:
> > > https://maven.apache.org/plugins-archives/maven-gpg-plugin-LATEST/
> > >
> > > Guide to testing staged releases:
> > > https://maven.apache.org/guides/development/guide-testing-releases.html
> > >
> > > Vote open for at least 72 hours.
> > >
> > > [ ] +1
> > > [ ] +0
> > > [ ] -1
> > >
> > >
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: [hidden email]
> > > For additional commands, e-mail: [hidden email]
>
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>


--
Cheers
Tibor

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: [VOTE] Release Apache Maven GPG Plugin version 3.0.0

Falko Modler
In reply to this post by Hervé BOUTEMY
Hi Tibor,

I've just updated https://issues.apache.org/jira/browse/MGPG-79.

Hope this helps.

Best regards,

Falko

Am 24.04.2020 um 13:11 schrieb Tibor Digana:

> Hi Falko,
>
> Can you attach the Thread dump while the GPG plugin hangs?
> This would simplify our work.
> Thx
> T
>
> On Wed, Apr 15, 2020 at 10:45 PM Falko Modler <[hidden email]> wrote:
>> Hi,
>>
>> I just tried to to sign the output of
>> https://github.com/vackosar/gitflow-incremental-builder and I do not see
>> this error.
>>
>> *But* the plugin simply hangs and does not continue if I use 3.0.0 after
>> starting Kleopatra (https://docs.kde.org/stable5/en/pim/kleopatra/).
>>
>> When I first use 1.6 of the plugin after starting Kleopatra, the
>> password dialog pops up (as ususal), the files are signed *and after
>> this I am able to use 3.0.0 just fine!*
>>
>> So with 3.0.0 the initial communication with the agent seems to be broken...
>>
>> $ mvn -version
>> Apache Maven 3.6.3 (cecedd343002696d0abb50b32b541b8a6ba2883f)
>> Maven home: C:\_dev\Maven\latest
>> Java version: 11.0.6, vendor: AdoptOpenJDK, runtime: C:\_dev\Java\latest
>> Default locale: de_DE, platform encoding: Cp1252
>> OS name: "windows 10", version: "10.0", arch: "amd64", family: "windows"
>>
>> $ gpg --version
>> gpg (GnuPG) 2.2.19-unknown
>> libgcrypt 1.8.5
>>
>> Git Bash.
>>
>> Regards,
>>
>> Falko
>>
>> Am 15.04.2020 um 22:16 schrieb Hervé BOUTEMY:
>>> questions to Windows users:
>>> - what GPG distribution do you use, that does not make the plugin fail?
>>> - is this issue worth dropping the release?
>>>
>>> Regards,
>>>
>>> Hervé
>>>
>>> Le mercredi 15 avril 2020, 21:25:11 CEST Tibor Digana a écrit :
>>>> Sorry my -1 due to all integration tests have failed with the following
>>>> errors:
>>>>
>>>> Caused by: java.lang.IllegalArgumentException: Can't parse version of
>>>> gpg (GnuPG) 2.0.26 (Gpg4win 2.2.3)
>>>>       at org.apache.maven.plugins.gpg.GpgVersion.compareTo(GpgVersion.java:60)
>>>> at org.apache.maven.plugins.gpg.GpgVersion.isBefore(GpgVersion.java:101) at
>>>> org.apache.maven.plugins.gpg.GpgSigner.generateSignatureForFile(GpgSigner.j
>>>> ava:89) at
>>>> org.apache.maven.plugins.gpg.AbstractGpgSigner.generateSignatureForArtifact
>>>> (AbstractGpgSigner.java:203) at
>>>> org.apache.maven.plugins.gpg.GpgSignAttachedMojo.execute(GpgSignAttachedMoj
>>>> o.java:178) at
>>>> org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo(DefaultBuildP
>>>> luginManager.java:134)
>>>>
>>>> The version on the command line:
>>>>
>>>> $ gpg --version
>>>> gpg (GnuPG) 2.0.26 (Gpg4win 2.2.3)
>>>> libgcrypt 1.6.2
>>>> Copyright (C) 2013 Free Software Foundation, Inc.
>>>> License GPLv3+: GNU GPL version 3 or later
>>>> <http://gnu.org/licenses/gpl.html> This is free software: you are free to
>>>> change and redistribute it. There is NO WARRANTY, to the extent permitted
>>>> by law.
>>>>
>>>> On Sun, Apr 12, 2020 at 2:50 PM Hervé BOUTEMY <[hidden email]> wrote:
>>>>> Hi,
>>>>>
>>>>> We solved 13 issues:
>>>>> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12317521&
>>>>> version=12330781&styleName=Text
>>>>>
>>>>> Staging repo:
>>>>> https://repository.apache.org/content/repositories/maven-1563/
>>>>> https://repository.apache.org/content/repositories/maven-1563/org/apache/m
>>>>> aven/plugins/maven-gpg-plugin/3.0.0/maven-gpg-plugin-3.0.0-source-release.
>>>>> zip
>>>>>
>>>>> Source release checksum(s):
>>>>> maven-gpg-plugin-3.0.0-source-release.zip sha512:
>>>>> 773e1ba20d3edd6924bf7c909c0bf68746d79874a0df258da05ccc2b3138415f0183350b5
>>>>> 4209a3003eb081cc11e22bc316a7d8a7016fe4dab30eb0db5a9b0ac
>>>>>
>>>>> Staging site:
>>>>> https://maven.apache.org/plugins-archives/maven-gpg-plugin-LATEST/
>>>>>
>>>>> Guide to testing staged releases:
>>>>> https://maven.apache.org/guides/development/guide-testing-releases.html
>>>>>
>>>>> Vote open for at least 72 hours.
>>>>>
>>>>> [ ] +1
>>>>> [ ] +0
>>>>> [ ] -1
>>>>>
>>>>>
>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: [hidden email]
>>>>> For additional commands, e-mail: [hidden email]
>>>
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: [hidden email]
>>> For additional commands, e-mail: [hidden email]
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [hidden email]
>> For additional commands, e-mail: [hidden email]
>>
>


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]