Added: dev/commons/configuration/2.11.1-RC1/binaries/README.html
==============================================================================
--- dev/commons/configuration/2.11.1-RC1/binaries/README.html (added)
+++ dev/commons/configuration/2.11.1-RC1/binaries/README.html Wed Apr 16
17:53:30 2025
@@ -0,0 +1,66 @@
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<h1>Commons-CONFIGURATION v2.11.1.</h1>
+
+<p>This is the 2.11.1 version of commons-configuration2. It is available in
both binary and source distributions.</p>
+
+
+<p><font color="red" size="+2">Note:</font>
+ The tar files in the distribution use GNU tar extensions
+ and must be untarred with a GNU compatible version of tar. The version
+ of tar on Solaris and Mac OS X will not work with these files</p>
+
+<a name="changes"><h2>Changes</h2></a>
+
+<p>The changes in this release are detailed in the release notes.</p>
+
+<p>Thank you for using <a
href="https://commons.apache.org/proper/commons-configuration/";>CONFIGURATION</a>.</p>
+
+<p>From the Apache Commons Project<br><a
href="https://commons.apache.org/";>https://commons.apache.org/</a></p>
+
+<h2><a name="mirrors">Download from your
+ <a href="http://www.apache.org/dyn/closer.cgi/commons/";>nearest mirror
site!</a></a></h2>
+
+<p>
+ Do not download from www.apache.org. Please use a mirror site
+ to help us save apache.org bandwidth.
+ <a href="http://www.apache.org/dyn/closer.cgi/commons/";>Go
+ here to find your nearest mirror.</a>
+</p>
+
+<a name="sig"><h2>Signatures</h2></a>
+
+<p>Many of the files have been digitally signed using GnuPG. If so,
+ there will be an accompanying <samp><em>file</em>.asc</samp> signature
+ file in the same directory as the file (binaries/ or source/). The
+ signing keys can be found in the distribution directory at <<a
+
HREF="http://downloads.apache.org/commons/KEYS";><samp>http://downloads.apache.org/commons/KEYS</samp></a>>.</p>
+
+<p><b>Always download the KEYS file directly from the Apache site, never from
a mirror site.</b></p>
+
+
+<pre>Always test available signatures, <i>e.g.</i>,
+$ pgpk -a KEYS
+$ pgpv commons-configuration2-2.11.1-bin.tar.gz.asc
+or,
+$ pgp -ka KEYS
+$ pgp commons-configuration2-2.11.1-bin.tar.gz.asc
+or,
+$ gpg --import KEYS
+$ gpg --verify commons-configuration2-2.11.1-bin.tar.gz.asc
+</pre>
+<p>
\ No newline at end of file
Added:
dev/commons/configuration/2.11.1-RC1/binaries/commons-configuration2-2.11.1-bin.tar.gz
==============================================================================
Binary file - no diff available.
Propchange:
dev/commons/configuration/2.11.1-RC1/binaries/commons-configuration2-2.11.1-bin.tar.gz
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added:
dev/commons/configuration/2.11.1-RC1/binaries/commons-configuration2-2.11.1-bin.tar.gz.asc
==============================================================================
---
dev/commons/configuration/2.11.1-RC1/binaries/commons-configuration2-2.11.1-bin.tar.gz.asc
(added)
+++
dev/commons/configuration/2.11.1-RC1/binaries/commons-configuration2-2.11.1-bin.tar.gz.asc
Wed Apr 16 17:53:30 2025
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEtuc9hOpPzEcWYIclP6rSzV7LsxQFAmf/7dkACgkQP6rSzV7L
+sxSNAg//ZfTYTL39/t1TYX3NFmUuCf3PMolCdNlKR/sLxT93/z8Q64xwbrgdFicj
+UJbuTZzs+FLHs5sU2BfVAmgyWvwz7ys6Gamt3SCQCi/kPzjhyWSPpi5JTcSsssqQ
+ZKLDUCSIesXL+ljOUcPbtkaomGG+MKzOZBEFc2+eG4cv0Hfsdr/k4KHhOFszDahm
+Rgf8nvh53j0JUgFQtZZTvQKNdXIwqnsLXD4zmv/k0VlAplRJw+el6CFB5lTWeXt0
+f/BPQeHY5O/5nWFjgbJ3Y5x9iLwDcS4J72zvjognR17+ewGNpV5XC+s1rT/tip9T
+jo28YiQIE3XTUgJ+VAm/2+LPszU80GkPjWwW99ZAeHqAsSa7vqCw16ig9yk8Ko+B
+tD0WaZnezKUij/to86+/n/SEsBs5p7yLWc57vcEgBVzoqCAjqSTO1WDLXAGLBZ0U
+a3BWK2J88dxWXI9EPRyZfawAdwDsPzlfymKVdJdJT1TtARTsg56z+VYgsT6Xz4bl
+qRuR+LlFzftNS2X7qioEOjSnafP+bAqzdBAngLxPjScjEx405h340YJra5ct3Vsn
++McZKzoIaTW7eTAzVP04zmiZcxd6hzzr4wTgjrO410M+HOyQF8n307lvAdmfcySa
+5GObX9kZyZLNQI0OSFTY9NgLBZkivwbHU2vuNpYdAlJdr+6BPx0=
+=OiiP
+-----END PGP SIGNATURE-----
Added:
dev/commons/configuration/2.11.1-RC1/binaries/commons-configuration2-2.11.1-bin.tar.gz.sha512
==============================================================================
---
dev/commons/configuration/2.11.1-RC1/binaries/commons-configuration2-2.11.1-bin.tar.gz.sha512
(added)
+++
dev/commons/configuration/2.11.1-RC1/binaries/commons-configuration2-2.11.1-bin.tar.gz.sha512
Wed Apr 16 17:53:30 2025
@@ -0,0 +1 @@
+e0f934758b9d6e61c1e9d0dce7f90dc1b88056f8bb33794fa632d237f491fb787a5e9efa550087bea442a6da43c6d91fe30213e20f4f8fb0a94511923aae3ce7
Added:
dev/commons/configuration/2.11.1-RC1/binaries/commons-configuration2-2.11.1-bin.zip
==============================================================================
Binary file - no diff available.
Propchange:
dev/commons/configuration/2.11.1-RC1/binaries/commons-configuration2-2.11.1-bin.zip
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added:
dev/commons/configuration/2.11.1-RC1/binaries/commons-configuration2-2.11.1-bin.zip.asc
==============================================================================
---
dev/commons/configuration/2.11.1-RC1/binaries/commons-configuration2-2.11.1-bin.zip.asc
(added)
+++
dev/commons/configuration/2.11.1-RC1/binaries/commons-configuration2-2.11.1-bin.zip.asc
Wed Apr 16 17:53:30 2025
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEtuc9hOpPzEcWYIclP6rSzV7LsxQFAmf/7dkACgkQP6rSzV7L
+sxSfsxAAlLGgtYT2h8zayGzGgw4+EApaZcXZCqwg7wm5klm5prH/bosYPuSyfsc+
+2mDa0y87E7UshCnSGsxtiw8v6FzPBjrP8npZeW3026T979jSthywEm5/MxjzXlgw
+3N+7SxqQtLbSuqw9wBkM3Ff7Od7IjzJprT2ElM9/T7tsi0FJUIZp6H2TtSuvkt7w
+UGG5j6RAwTzDjzhsd5e1izi+BdV//lMGlNLOdJO5cdN4sQ16CbRdU2W4eR59U2pG
+SYH9wwZ1d0J9D8kjuCCUyUSFx/dlMb0NlnZXhkQ4sSfJFhjAAMQbHSas+vd5Ic2c
+xn1UBySSW//cV8yJlU5qP6tWYuWG5Oy1biiHXgdhvmDi5xrWlPcRgMhAzVnBjyfp
+40Lfo8OYUxt7jMothJmkAfPaOQYdW/Rm1Y/7UnWqo954r5xriFtGYNT3m3cC32WO
+N6qCc/fCx6hiDWjQ0yakMYExbmLxPCXEtPVu+lCxBfYiuhgrID4DGijoisfkgkIV
+MVqv8++oJHci+o93xB3X966IAc9uCRFd+kLTEVuQsK57SbmoT5g3O08MX9iN3PKn
+jzJdDCJ9J/Yw/sNoq8OJl2+HD7hkG1R/OWL7qHo23WiWsJk8o3g3+13FN9fCZBXK
+eCeSlM0QVzFHk9QQhceACqGtRYkbqW93tLk4yuW39H6GLr9soeQ=
+=sfuu
+-----END PGP SIGNATURE-----
Added:
dev/commons/configuration/2.11.1-RC1/binaries/commons-configuration2-2.11.1-bin.zip.sha512
==============================================================================
---
dev/commons/configuration/2.11.1-RC1/binaries/commons-configuration2-2.11.1-bin.zip.sha512
(added)
+++
dev/commons/configuration/2.11.1-RC1/binaries/commons-configuration2-2.11.1-bin.zip.sha512
Wed Apr 16 17:53:30 2025
@@ -0,0 +1 @@
+47a1a9aafdcac88d3399cbc3270a589b090a782b929dec61b1f3157564e19ffe7d6c01964e00f7a37158255e99a78d6bf522ffafaae45ca15261a2f618cd763c
Added: dev/commons/configuration/2.11.1-RC1/signature-validator.sh
==============================================================================
--- dev/commons/configuration/2.11.1-RC1/signature-validator.sh (added)
+++ dev/commons/configuration/2.11.1-RC1/signature-validator.sh Wed Apr 16
17:53:30 2025
@@ -0,0 +1,161 @@
+#!/bin/bash -x
+###########
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+###########
+# DOCUMENTATION.
+# This script is to be placed in the root of the svn dist checkout.
+# For example, my directory looks like:
+#
+# drwxr-xr-x@ 8 usr staff 256 Oct 1 11:22 .svn
+# -rw-r--r--@ 1 usr staff 1230 Oct 1 11:22 HEADER.html
+# -rw-r--r--@ 1 usr staff 2649 Oct 1 11:22 README.html
+# -rw-r--r--@ 1 usr staff 5093 Oct 1 11:22 RELEASE-NOTES.txt
+# drwxr-xr-x@ 10 usr staff 320 Oct 1 11:22 binaries
+# -rw-r--r--@ 1 usr staff 3900 Oct 1 13:40 signature-validation.sh
+# drwxr-xr-x@ 44 usr staff 1408 Oct 1 11:22 site
+# drwxr-xr-x@ 10 usr staff 320 Oct 1 11:37 source
+#
+# From here you run ./signature-validation.sh and it will create a directory
"artifacts-for-validation-deletable-post-validation
+# in which all of the binaries generated by a release are copied and then it
checks to see that all of the signatures and hashes
+# are infact correct for the artifacts.
+#
+###########
+
+if test "$#" != "1"
+then
+ echo "ERROR:"
+ echo "We expect the a url like
https://repository.apache.org/content/repositories/orgapachecommons-1531/commons-net/commons-net/3.7.1/";
+ echo "to be passed in as a parameter to the script."
+fi
+
+
+
+BASEDIR="$( cd "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )"
+VALIDATION_DIR=${BASEDIR}/artifacts-for-validation-deletable-post-validation
+BINARIES_DIR=${BASEDIR}/binaries
+SOURCE_DIR=${BASEDIR}/source
+
+BASE_NEXUS_URL="$1"
+
+function clean_and_build_validation_dir() {
+ mkdir -p ${VALIDATION_DIR}
+}
+
+function copy_in_checked_out_artifacts() {
+ cp ${BASEDIR}/binaries/commons* ${VALIDATION_DIR}
+ cp ${BASEDIR}/source/commons* ${VALIDATION_DIR}
+}
+
+function download_nexus_artifacts_to_validation_directory() {
+ # Curls html page and does text modification to put artifacts in
semicolon delimited list
+ # ...(ugly but works, debug by removing pipes one at a time)
+ echo "INFO: Downloading artifacts from nexus"
+
+ echo ${BASE_NEXUS_URL}
+ NEXUS_ARTIFACTS=$(curl ${BASE_NEXUS_URL} \
+ | grep "${BASE_NEXUS_URL}" \
+ | cut -d '>' -f3 \
+ | sed "s|</a|;|g" \
+ | sed -e ':a' -e 'N' -e '$!ba' -e 's/\n/ /g' \
+ | sed 's/ //g'
+ )
+ IFS=';' read -r -a array <<< "${NEXUS_ARTIFACTS}"
+
+ for element in "${array[@]}"
+ do
+ ARTIFACT_NAME=$(echo $element | cut -d '/' -f7)
+ echo $ARTIFACT_NAME
+ URL="${BASE_NEXUS_URL}${element}"
+ curl $URL -o ${VALIDATION_DIR}/$ARTIFACT_NAME
+ done
+}
+
+function validate_signatures() {
+ echo "INFO: Validating Signatures in ${VALIDATION_DIR}"
+ ALL_ARTIFACTS=$(ls -Al ${VALIDATION_DIR} \
+ | awk -F':[0-9]* ' '/:/{print $2}' \
+ | sed -e ':a' -e 'N' -e '$!ba' -e
's/\n/;/g' \
+ )
+
+ ARTIFACTS_FOR_VALIDATION=()
+
+ IFS=';' read -r -a array <<< "${ALL_ARTIFACTS}"
+
+ for element in "${array[@]}"
+ do
+ if [[ ! (${element} =~ ^.*asc$ || ${element} =~ ^.*sha512$ || ${element}
=~ ^.*md5$ || ${element} =~ ^.*sha1$) ]];
+ then
+ ARTIFACTS_FOR_VALIDATION=("${ARTIFACTS_FOR_VALIDATION[@]}" $element)
+ fi
+ done
+
+ for element in "${ARTIFACTS_FOR_VALIDATION[@]}"
+ do
+ if [[ ${element} =~ ^.*tar.gz.*$ || ${element} =~ ^.*zip.*$ ]];
+ then
+ ARTIFACT_SHA512=$(openssl sha512 ${VALIDATION_DIR}/$element | cut -d '='
-f2 | cut -d ' ' -f2)
+ FILE_SHA512=$(cut -d$'\r' -f1 ${VALIDATION_DIR}/$element.sha512)
+ if test "${ARTIFACT_SHA512}" != "${FILE_SHA512}"
+ then
+ echo "$element failed sha512 check"
+ echo "==${ARTIFACT_SHA512}=="
+ echo "==${FILE_SHA512}=="
+ exit 1;
+ fi
+ else
+ ARTIFACT_MD5=$(openssl md5 ${VALIDATION_DIR}/$element | cut -d '=' -f2 |
cut -d ' ' -f2)
+ FILE_MD5=$(cut -d$'\r' -f1 ${VALIDATION_DIR}/$element.md5)
+ ARTIFACT_SHA1=$(openssl sha1 ${VALIDATION_DIR}/$element | cut -d '=' -f2
| cut -d ' ' -f2)
+ FILE_SHA1=$(cut -d$'\r' -f1 ${VALIDATION_DIR}/$element.sha1)
+ if test "${ARTIFACT_MD5}" != "${FILE_MD5}"
+ then
+ echo "$element failed md5 check"
+ echo "==${ARTIFACT_MD5}=="
+ echo "==${FILE_MD5}=="
+ exit 1;
+ fi
+ if test "${ARTIFACT_SHA1}" != "${FILE_SHA1}"
+ then
+ echo "$element failed sha1 check"
+ echo "==${ARTIFACT_SHA1}=="
+ echo "==${FILE_SHA1}=="
+ exit 1;
+ fi
+
+
+ gpg --verify ${VALIDATION_DIR}/$element.asc ${VALIDATION_DIR}/$element >
/dev/null 2>&1
+ if test "$?" != "0"
+ then
+ echo "$element failed gpg signature check"
+ exit 1;
+ fi
+ fi
+ done
+
+ echo "SUCCESSFUL VALIDATION"
+}
+
+function clean_up_afterwards() {
+ rm -rf ${VALIDATION_DIR}
+}
+
+
+echo $(clean_and_build_validation_dir)
+echo $(copy_in_checked_out_artifacts)
+echo $(download_nexus_artifacts_to_validation_directory)
+echo $(validate_signatures)
+#clean_up_afterwards
+
