Repository: commons-release-plugin Updated Branches: refs/heads/master 2543f323d -> 55d3a85d4
[COMMONSSITE-120] Use SHA-256 and SHA-512, not MD5, not SHA-1. Project: http://git-wip-us.apache.org/repos/asf/commons-release-plugin/repo Commit: http://git-wip-us.apache.org/repos/asf/commons-release-plugin/commit/55d3a85d Tree: http://git-wip-us.apache.org/repos/asf/commons-release-plugin/tree/55d3a85d Diff: http://git-wip-us.apache.org/repos/asf/commons-release-plugin/diff/55d3a85d Branch: refs/heads/master Commit: 55d3a85d41bc1678fbd387712e1053a6e3950bf7 Parents: 2543f32 Author: Gary Gregory <garydgreg...@gmail.com> Authored: Thu Aug 16 09:39:43 2018 -0600 Committer: Gary Gregory <garydgreg...@gmail.com> Committed: Thu Aug 16 09:39:43 2018 -0600 ---------------------------------------------------------------------- src/changes/changes.xml | 1 + .../CommonsDistributionDetachmentMojo.java | 107 +++---- .../mojos/CommonsDistributionStagingMojo.java | 2 +- .../vote-txt-template.txt | 2 +- src/main/scripts/generate-xdocs.build.xml | 8 +- .../xdoc/download_commons-release-plugin.xml | 308 +++++++++---------- .../CommonsDistributionDetachmentMojoTest.java | 20 +- .../CommonsDistributionStagingMojoTest.java | 31 +- 8 files changed, 232 insertions(+), 247 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/commons-release-plugin/blob/55d3a85d/src/changes/changes.xml ---------------------------------------------------------------------- diff --git a/src/changes/changes.xml b/src/changes/changes.xml index bbd6abd..a64857a 100755 --- a/src/changes/changes.xml +++ b/src/changes/changes.xml @@ -28,6 +28,7 @@ <release version="1.4" date="2018-MM-DD" description="Version 1.4"> <action type="update" dev="ggregory">Better error message when files cannot be checked in to the SCM.</action> <action type="fix" dev="ggregory">Check the result of checking out files from the SCM.</action> + <action issue="COMMONSSITE-120" type="update" dev="ggregory">[release-plugin] Use SHA-256 and SHA-512, not MD5, not SHA-1.</action> </release> <release version="1.3" date="2018-06-15" description="Version 1.3"> http://git-wip-us.apache.org/repos/asf/commons-release-plugin/blob/55d3a85d/src/main/java/org/apache/commons/release/plugin/mojos/CommonsDistributionDetachmentMojo.java ---------------------------------------------------------------------- diff --git a/src/main/java/org/apache/commons/release/plugin/mojos/CommonsDistributionDetachmentMojo.java b/src/main/java/org/apache/commons/release/plugin/mojos/CommonsDistributionDetachmentMojo.java index 97a622e..e569223 100755 --- a/src/main/java/org/apache/commons/release/plugin/mojos/CommonsDistributionDetachmentMojo.java +++ b/src/main/java/org/apache/commons/release/plugin/mojos/CommonsDistributionDetachmentMojo.java @@ -77,18 +77,18 @@ public class CommonsDistributionDetachmentMojo extends AbstractMojo { private final List<Artifact> detachedArtifacts = new ArrayList<>(); /** - * A {@link Properties} of {@link Artifact} â {@link String} containing the sha1 signatures + * A {@link Properties} of {@link Artifact} â {@link String} containing the sha256 signatures * for the individual artifacts, where the {@link Artifact} is represented as: - * <code>groupId:artifactId:version:type=sha1</code>. + * <code>groupId:artifactId:version:type=sha256</code>. */ - private final Properties artifactSha1s = new Properties(); + private final Properties artifactSha256s = new Properties(); /** * A {@link Properties} of {@link Artifact} â {@link String} containing the sha256 signatures * for the individual artifacts, where the {@link Artifact} is represented as: - * <code>groupId:artifactId:version:type=sha1</code>. + * <code>groupId:artifactId:version:type=sha512</code>. */ - private final Properties artifactSha256s = new Properties(); + private final Properties artifactSha512s = new Properties(); /** * The maven project context injection so that we can get a hold of the variables at hand. @@ -118,8 +118,8 @@ public class CommonsDistributionDetachmentMojo extends AbstractMojo { @Override public void execute() throws MojoExecutionException { if (!isDistModule) { - getLog().info("This module is marked as a non distribution " - + "or assembly module, and the plugin will not run."); + getLog().info( + "This module is marked as a non distribution or assembly module, and the plugin will not run."); return; } if (StringUtils.isEmpty(distSvnStagingUrl)) { @@ -128,8 +128,8 @@ public class CommonsDistributionDetachmentMojo extends AbstractMojo { } getLog().info("Detaching Assemblies"); for (Object attachedArtifact : project.getAttachedArtifacts()) { - putAttachedArtifactInSha1Map((Artifact) attachedArtifact); putAttachedArtifactInSha256Map((Artifact) attachedArtifact); + putAttachedArtifactInSha512Map((Artifact) attachedArtifact); if (ARTIFACT_TYPES_TO_DETACH.contains(((Artifact) attachedArtifact).getType())) { detachedArtifacts.add((Artifact) attachedArtifact); } @@ -144,8 +144,8 @@ public class CommonsDistributionDetachmentMojo extends AbstractMojo { if (!workingDirectory.exists()) { SharedFunctions.initDirectory(getLog(), workingDirectory); } - writeAllArtifactsInSha1PropertiesFile(); writeAllArtifactsInSha256PropertiesFile(); + writeAllArtifactsInSha512PropertiesFile(); copyRemovedArtifactsToWorkingDirectory(); getLog().info(""); hashArtifacts(); @@ -154,14 +154,14 @@ public class CommonsDistributionDetachmentMojo extends AbstractMojo { /** * Takes an attached artifact and puts the signature in the map. * @param artifact is a Maven {@link Artifact} taken from the project at start time of mojo. - * @throws MojoExecutionException if an {@link IOException} occurs when getting the sha1 of the + * @throws MojoExecutionException if an {@link IOException} occurs when getting the sha256 of the * artifact. */ - private void putAttachedArtifactInSha1Map(Artifact artifact) throws MojoExecutionException { + private void putAttachedArtifactInSha256Map(Artifact artifact) throws MojoExecutionException { try { String artifactKey = getArtifactKey(artifact); try (FileInputStream fis = new FileInputStream(artifact.getFile())) { - artifactSha1s.put(artifactKey, DigestUtils.sha1Hex(fis)); + artifactSha256s.put(artifactKey, DigestUtils.sha256Hex(fis)); } } catch (IOException e) { throw new MojoExecutionException( @@ -180,14 +180,14 @@ public class CommonsDistributionDetachmentMojo extends AbstractMojo { /** * Takes an attached artifact and puts the signature in the map. * @param artifact is a Maven {@link Artifact} taken from the project at start time of mojo. - * @throws MojoExecutionException if an {@link IOException} occurs when getting the sha1 of the + * @throws MojoExecutionException if an {@link IOException} occurs when getting the sha512 of the * artifact. */ - private void putAttachedArtifactInSha256Map(Artifact artifact) throws MojoExecutionException { + private void putAttachedArtifactInSha512Map(Artifact artifact) throws MojoExecutionException { try { String artifactKey = getArtifactKey(artifact); try (FileInputStream fis = new FileInputStream(artifact.getFile())) { - artifactSha256s.put(artifactKey, DigestUtils.sha256Hex(fis)); + artifactSha512s.put(artifactKey, DigestUtils.sha512Hex(fis)); } } catch (IOException e) { throw new MojoExecutionException( @@ -204,32 +204,32 @@ public class CommonsDistributionDetachmentMojo extends AbstractMojo { } /** - * Writes to ./target/commons-release-plugin/sha1.properties the artifact sha1's. + * Writes to ./target/commons-release-plugin/sha256.properties the artifact sha256's. * * @throws MojoExecutionException if we can't write the file due to an {@link IOException}. */ - private void writeAllArtifactsInSha1PropertiesFile() throws MojoExecutionException { - File propertiesFile = new File(workingDirectory, "sha1.properties"); + private void writeAllArtifactsInSha256PropertiesFile() throws MojoExecutionException { + File propertiesFile = new File(workingDirectory, "sha256.properties"); getLog().info("Writting " + propertiesFile); try (FileOutputStream fileWriter = new FileOutputStream(propertiesFile)) { - artifactSha1s.store(fileWriter, "Release SHA-1s"); + artifactSha256s.store(fileWriter, "Release SHA-256s"); } catch (IOException e) { - throw new MojoExecutionException("Failure to write SHA-1's", e); + throw new MojoExecutionException("Failure to write SHA-256's", e); } } /** - * Writes to ./target/commons-release-plugin/sha256.properties the artifact sha256's. + * Writes to ./target/commons-release-plugin/sha512.properties the artifact sha512's. * * @throws MojoExecutionException if we can't write the file due to an {@link IOException}. */ - private void writeAllArtifactsInSha256PropertiesFile() throws MojoExecutionException { - File propertiesFile = new File(workingDirectory, "sha256.properties"); + private void writeAllArtifactsInSha512PropertiesFile() throws MojoExecutionException { + File propertiesFile = new File(workingDirectory, "sha512.properties"); getLog().info("Writting " + propertiesFile); try (FileOutputStream fileWriter = new FileOutputStream(propertiesFile)) { - artifactSha256s.store(fileWriter, "Release SHA-256s"); + artifactSha512s.store(fileWriter, "Release SHA-512s"); } catch (IOException e) { - throw new MojoExecutionException("Failure to write SHA-256's", e); + throw new MojoExecutionException("Failure to write SHA-512's", e); } } @@ -257,7 +257,7 @@ public class CommonsDistributionDetachmentMojo extends AbstractMojo { } /** - * A helper method that creates md5, sha1, and sha256 signature files for our detached artifacts in the + * A helper method that creates sha256 and sha512 signature files for our detached artifacts in the * <code>target/commons-release-plugin</code> directory for the purpose of being uploaded by * the {@link CommonsDistributionStagingMojo}. * @@ -270,13 +270,6 @@ public class CommonsDistributionDetachmentMojo extends AbstractMojo { String artifactKey = getArtifactKey(artifact); try { String digest; - // SHA-1 - digest = artifactSha1s.getProperty(artifactKey.toString()); - getLog().info(artifact.getFile().getName() + " sha1: " + digest); - try (PrintWriter printWriter = new PrintWriter( - getSha1FilePath(workingDirectory, artifact.getFile()))) { - printWriter.println(digest); - } // SHA-256 digest = artifactSha256s.getProperty(artifactKey.toString()); getLog().info(artifact.getFile().getName() + " sha256: " + digest); @@ -284,6 +277,13 @@ public class CommonsDistributionDetachmentMojo extends AbstractMojo { getSha256FilePath(workingDirectory, artifact.getFile()))) { printWriter.println(digest); } + // SHA-512 + digest = artifactSha512s.getProperty(artifactKey.toString()); + getLog().info(artifact.getFile().getName() + " sha512: " + digest); + try (PrintWriter printWriter = new PrintWriter( + getSha512FilePath(workingDirectory, artifact.getFile()))) { + printWriter.println(digest); + } } catch (IOException e) { throw new MojoExecutionException("Could not sign file: " + artifact.getFile().getName(), e); } @@ -292,52 +292,37 @@ public class CommonsDistributionDetachmentMojo extends AbstractMojo { } /** - * A helper method to create a file path for the <code>md5</code> signature file from a given file. - * - * @param directory is the {@link File} for the directory in which to make the <code>.md5</code> file. - * @param file the {@link File} whose name we should use to create the <code>.md5</code> file. - * @return a {@link String} that is the absolute path to the <code>.md5</code> file. - */ - private String getMd5FilePath(File directory, File file) { - StringBuffer buffer = new StringBuffer(directory.getAbsolutePath()); - buffer.append("/"); - buffer.append(file.getName()); - buffer.append(".md5"); - return buffer.toString(); - } - - /** - * A helper method to create a file path for the <code>sha1</code> signature file from a given file. + * A helper method to create a file path for the <code>sha256</code> signature file from a given file. * - * @param directory is the {@link File} for the directory in which to make the <code>.sha1</code> file. - * @param file the {@link File} whose name we should use to create the <code>.sha1</code> file. - * @return a {@link String} that is the absolute path to the <code>.sha1</code> file. + * @param directory is the {@link File} for the directory in which to make the <code>.sha256</code> file. + * @param file the {@link File} whose name we should use to create the <code>.sha256</code> file. + * @return a {@link String} that is the absolute path to the <code>.sha256</code> file. */ - private String getSha1FilePath(File directory, File file) { + private String getSha256FilePath(File directory, File file) { StringBuffer buffer = new StringBuffer(directory.getAbsolutePath()); buffer.append("/"); buffer.append(file.getName()); - buffer.append(".sha1"); + buffer.append(".sha256"); return buffer.toString(); } /** - * A helper method to create a file path for the <code>sha1</code> signature file from a given file. + * A helper method to create a file path for the <code>sha512</code> signature file from a given file. * - * @param directory is the {@link File} for the directory in which to make the <code>.sha1</code> file. - * @param file the {@link File} whose name we should use to create the <code>.sha1</code> file. - * @return a {@link String} that is the absolute path to the <code>.sha1</code> file. + * @param directory is the {@link File} for the directory in which to make the <code>.sha512</code> file. + * @param file the {@link File} whose name we should use to create the <code>.sha512</code> file. + * @return a {@link String} that is the absolute path to the <code>.sha512</code> file. */ - private String getSha256FilePath(File directory, File file) { + private String getSha512FilePath(File directory, File file) { StringBuffer buffer = new StringBuffer(directory.getAbsolutePath()); buffer.append("/"); buffer.append(file.getName()); - buffer.append(".sha256"); + buffer.append(".sha512"); return buffer.toString(); } /** - * Generates the unique artifact key for storage in our sha1 map and sha256 map. For example, + * Generates the unique artifact key for storage in our sha256 map and sha512 map. For example, * commons-test-1.4-src.tar.gz should have it's name as the key. * * @param artifact the {@link Artifact} that we wish to generate a key for. http://git-wip-us.apache.org/repos/asf/commons-release-plugin/blob/55d3a85d/src/main/java/org/apache/commons/release/plugin/mojos/CommonsDistributionStagingMojo.java ---------------------------------------------------------------------- diff --git a/src/main/java/org/apache/commons/release/plugin/mojos/CommonsDistributionStagingMojo.java b/src/main/java/org/apache/commons/release/plugin/mojos/CommonsDistributionStagingMojo.java index e2ad60b..7fb1ea0 100755 --- a/src/main/java/org/apache/commons/release/plugin/mojos/CommonsDistributionStagingMojo.java +++ b/src/main/java/org/apache/commons/release/plugin/mojos/CommonsDistributionStagingMojo.java @@ -324,7 +324,7 @@ public class CommonsDistributionStagingMojo extends AbstractMojo { copy = new File(scmBinariesRoot, file.getName()); SharedFunctions.copyFile(getLog(), file, copy); filesForMavenScmFileSet.add(file); - } else if (StringUtils.containsAny(file.getName(), "scm", "sha1.properties", "sha256.properties")) { + } else if (StringUtils.containsAny(file.getName(), "scm", "sha256.properties", "sha512.properties")) { getLog().debug("Not copying scm directory over to the scm directory because it is the scm directory."); //do nothing because we are copying into scm } else { http://git-wip-us.apache.org/repos/asf/commons-release-plugin/blob/55d3a85d/src/main/resources/commons-xdoc-templates/vote-txt-template.txt ---------------------------------------------------------------------- diff --git a/src/main/resources/commons-xdoc-templates/vote-txt-template.txt b/src/main/resources/commons-xdoc-templates/vote-txt-template.txt index a62903a..4c0c467 100755 --- a/src/main/resources/commons-xdoc-templates/vote-txt-template.txt +++ b/src/main/resources/commons-xdoc-templates/vote-txt-template.txt @@ -37,8 +37,8 @@ Maven artifacts are here: These are the Maven artifacts and their hashes in Nexus: -@SHA1LIST@ @SHA256LIST@ +@SHA512LIST@ (no need for .asc hashes!) http://git-wip-us.apache.org/repos/asf/commons-release-plugin/blob/55d3a85d/src/main/scripts/generate-xdocs.build.xml ---------------------------------------------------------------------- diff --git a/src/main/scripts/generate-xdocs.build.xml b/src/main/scripts/generate-xdocs.build.xml index eac4e15..71281af 100755 --- a/src/main/scripts/generate-xdocs.build.xml +++ b/src/main/scripts/generate-xdocs.build.xml @@ -57,12 +57,12 @@ <!-- Create a temporary directory to load the template files into --> <mkdir dir="${commonsMojoTempDir}"/> - <!-- Load SHA-1 file created by the deploy goal --> - <loadfile property="commons.sha1list" srcFile="target/commons-release-plugin/sha1.properties" failonerror="false"/> - <!-- Load SHA-256 file created by the deploy goal --> <loadfile property="commons.sha256list" srcFile="target/commons-release-plugin/sha256.properties" failonerror="false"/> + <!-- Load SHA-512 file created by the deploy goal --> + <loadfile property="commons.sha512list" srcFile="target/commons-release-plugin/sha512.properties" failonerror="false"/> + <!-- Load the vote-txt template from mojo resources to temp directory --> <loadresource property="vote-txt"> <javaresource name="${commonsMojoXdocDir}/vote-txt-template.txt"/> @@ -108,8 +108,8 @@ <filter token="RMNAME" value="${commons.releaseManagerName}"/> <filter token="RMKEY" value="${commons.releaseManagerKey}"/> <filter token="RCREV" value="${svn.rc.revision}"/> - <filter token="SHA1LIST" value="${commons.sha1list}"/> <filter token="SHA256LIST" value="${commons.sha256list}"/> + <filter token="SHA512LIST" value="${commons.sha512list}"/> <filter token="DISTURL" value="${svn.dist.url}"/> <filter token="TAGNAME" value="${git.tag.name}"/> <filter token="TAGCOMMIT" value="${git.tag.commit}"/> http://git-wip-us.apache.org/repos/asf/commons-release-plugin/blob/55d3a85d/src/site/xdoc/download_commons-release-plugin.xml ---------------------------------------------------------------------- diff --git a/src/site/xdoc/download_commons-release-plugin.xml b/src/site/xdoc/download_commons-release-plugin.xml index 5eead71..2466b94 100755 --- a/src/site/xdoc/download_commons-release-plugin.xml +++ b/src/site/xdoc/download_commons-release-plugin.xml @@ -1,154 +1,154 @@ -<?xml version="1.0"?> -<!-- -Licensed to the Apache Software Foundation (ASF) under one or more -contributor license agreements. See the NOTICE file distributed with -this work for additional information regarding copyright ownership. -The ASF licenses this file to You under the Apache License, Version 2.0 -(the "License"); you may not use this file except in compliance with -the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. ---> -<!-- - +======================================================================+ - |**** ****| - |**** THIS FILE IS GENERATED BY THE COMMONS BUILD PLUGIN ****| - |**** DO NOT EDIT DIRECTLY ****| - |**** ****| - +======================================================================+ - | TEMPLATE FILE: download-page-template.xml | - | commons-build-plugin/trunk/src/main/resources/commons-xdoc-templates | - +======================================================================+ - | | - | 1) Re-generate using: mvn commons:download-page | - | | - | 2) Set the following properties in the component's pom: | - | - commons.componentid (required, alphabetic, lower case) | - | - commons.release.version (required) | - | - commons.release.name (required) | - | - commons.binary.suffix (optional) | - | (defaults to "-bin", set to "" for pre-maven2 releases) | - | - commons.release.desc (optional) | - | - commons.release.subdir (optional) | - | | - | - commons.release.2/3.version (conditional) | - | - commons.release.2/3.name (conditional) | - | - commons.release.2/3.binary.suffix (optional) | - | - commons.release.2/3.desc (optional) | - | - commons.release.2/3.subdir (optional) | - | | - | 3) Example Properties | - | (commons.release.name inherited by parent: | - | ${project.artifactId}-${commons.release.version} | - | | - | <properties> | - | <commons.componentid>math</commons.componentid> | - | <commons.release.version>1.2</commons.release.version> | - | </properties> | - | | - +======================================================================+ ---> -<document> - <properties> - <title>Download Apache Commons Release Plugin</title> - <author email="d...@commons.apache.org">Apache Commons Documentation Team</author> - </properties> - <body> - <section name="Download Apache Commons Release Plugin"> - <subsection name="Using a Mirror"> - <p> - We recommend you use a mirror to download our release - builds, but you <strong>must</strong> <a href="http://www.apache.org/info/verification.html";>verify the integrity</a> of - the downloaded files using signatures downloaded from our main - distribution directories. Recent releases (48 hours) may not yet - be available from all the mirrors. - </p> - - <p> - You are currently using <b>[preferred]</b>. If you - encounter a problem with this mirror, please select another - mirror. If all mirrors are failing, there are <i>backup</i> - mirrors (at the end of the mirrors list) that should be - available. - <br></br> - [if-any logo]<a href="[link]"><img align="right" src="[logo]" border="0"></img></a>[end] - </p> - - <form action="[location]" method="get" id="SelectMirror"> - <p> - Other mirrors: - <select name="Preferred"> - [if-any http] - [for http]<option value="[http]">[http]</option>[end] - [end] - [if-any ftp] - [for ftp]<option value="[ftp]">[ftp]</option>[end] - [end] - [if-any backup] - [for backup]<option value="[backup]">[backup] (backup)</option>[end] - [end] - </select> - <input type="submit" value="Change"></input> - </p> - </form> - - <p> - It is essential that you - <a href="https://www.apache.org/info/verification.html";>verify the integrity</a> - of downloaded files, preferably using the <code>PGP</code> signature (<code>*.asc</code> files); - failing that using the <code>SHA256</code> hash (<code>*.sha256</code> checksum files). - </p> - <p> - The <a href="https://www.apache.org/dist/commons/KEYS";>KEYS</a> - file contains the public PGP keys used by Apache Commons developers - to sign releases. - </p> - </subsection> - </section> - <section name="Apache Commons Release Plugin 1.3 "> - <subsection name="Binaries"> - <table> - <tr> - <td><a href="[preferred]/commons/commons-release-plugin/binaries/commons-release-plugin-1.3-bin.tar.gz">commons-release-plugin-1.3-bin.tar.gz</a></td> - <td><a href="https://www.apache.org/dist/commons/commons-release-plugin/binaries/commons-release-plugin-1.3-bin.tar.gz.sha256";>sha256</a></td> - <td><a href="https://www.apache.org/dist/commons/commons-release-plugin/binaries/commons-release-plugin-1.3-bin.tar.gz.asc";>pgp</a></td> - </tr> - <tr> - <td><a href="[preferred]/commons/commons-release-plugin/binaries/commons-release-plugin-1.3-bin.zip">commons-release-plugin-1.3-bin.zip</a></td> - <td><a href="https://www.apache.org/dist/commons/commons-release-plugin/binaries/commons-release-plugin-1.3-bin.zip.sha256";>sha256</a></td> - <td><a href="https://www.apache.org/dist/commons/commons-release-plugin/binaries/commons-release-plugin-1.3-bin.zip.asc";>pgp</a></td> - </tr> - </table> - </subsection> - <subsection name="Source"> - <table> - <tr> - <td><a href="[preferred]/commons/commons-release-plugin/source/commons-release-plugin-1.3-src.tar.gz">commons-release-plugin-1.3-src.tar.gz</a></td> - <td><a href="https://www.apache.org/dist/commons/commons-release-plugin/source/commons-release-plugin-1.3-src.tar.gz.sha256";>sha256</a></td> - <td><a href="https://www.apache.org/dist/commons/commons-release-plugin/source/commons-release-plugin-1.3-src.tar.gz.asc";>pgp</a></td> - </tr> - <tr> - <td><a href="[preferred]/commons/commons-release-plugin/source/commons-release-plugin-1.3-src.zip">commons-release-plugin-1.3-src.zip</a></td> - <td><a href="https://www.apache.org/dist/commons/commons-release-plugin/source/commons-release-plugin-1.3-src.zip.sha256";>sha256</a></td> - <td><a href="https://www.apache.org/dist/commons/commons-release-plugin/source/commons-release-plugin-1.3-src.zip.asc";>pgp</a></td> - </tr> - </table> - </subsection> - </section> - <section name="Archives"> - <p> - Older releases can be obtained from the archives. - </p> - <ul> - <li class="download"><a href="[preferred]/commons/commons-release-plugin/">browse download area</a></li> - <li><a href="https://archive.apache.org/dist/commons/commons-release-plugin/";>archives...</a></li> - </ul> - </section> - </body> -</document> +<?xml version="1.0"?> +<!-- +Licensed to the Apache Software Foundation (ASF) under one or more +contributor license agreements. See the NOTICE file distributed with +this work for additional information regarding copyright ownership. +The ASF licenses this file to You under the Apache License, Version 2.0 +(the "License"); you may not use this file except in compliance with +the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +--> +<!-- + +======================================================================+ + |**** ****| + |**** THIS FILE IS GENERATED BY THE COMMONS BUILD PLUGIN ****| + |**** DO NOT EDIT DIRECTLY ****| + |**** ****| + +======================================================================+ + | TEMPLATE FILE: download-page-template.xml | + | commons-build-plugin/trunk/src/main/resources/commons-xdoc-templates | + +======================================================================+ + | | + | 1) Re-generate using: mvn commons:download-page | + | | + | 2) Set the following properties in the component's pom: | + | - commons.componentid (required, alphabetic, lower case) | + | - commons.release.version (required) | + | - commons.release.name (required) | + | - commons.binary.suffix (optional) | + | (defaults to "-bin", set to "" for pre-maven2 releases) | + | - commons.release.desc (optional) | + | - commons.release.subdir (optional) | + | | + | - commons.release.2/3.version (conditional) | + | - commons.release.2/3.name (conditional) | + | - commons.release.2/3.binary.suffix (optional) | + | - commons.release.2/3.desc (optional) | + | - commons.release.2/3.subdir (optional) | + | | + | 3) Example Properties | + | (commons.release.name inherited by parent: | + | ${project.artifactId}-${commons.release.version} | + | | + | <properties> | + | <commons.componentid>math</commons.componentid> | + | <commons.release.version>1.2</commons.release.version> | + | </properties> | + | | + +======================================================================+ +--> +<document> + <properties> + <title>Download Apache Commons Release Plugin</title> + <author email="d...@commons.apache.org">Apache Commons Documentation Team</author> + </properties> + <body> + <section name="Download Apache Commons Release Plugin"> + <subsection name="Using a Mirror"> + <p> + We recommend you use a mirror to download our release + builds, but you <strong>must</strong> <a href="http://www.apache.org/info/verification.html";>verify the integrity</a> of + the downloaded files using signatures downloaded from our main + distribution directories. Recent releases (48 hours) may not yet + be available from all the mirrors. + </p> + + <p> + You are currently using <b>[preferred]</b>. If you + encounter a problem with this mirror, please select another + mirror. If all mirrors are failing, there are <i>backup</i> + mirrors (at the end of the mirrors list) that should be + available. + <br></br> + [if-any logo]<a href="[link]"><img align="right" src="[logo]" border="0"></img></a>[end] + </p> + + <form action="[location]" method="get" id="SelectMirror"> + <p> + Other mirrors: + <select name="Preferred"> + [if-any http] + [for http]<option value="[http]">[http]</option>[end] + [end] + [if-any ftp] + [for ftp]<option value="[ftp]">[ftp]</option>[end] + [end] + [if-any backup] + [for backup]<option value="[backup]">[backup] (backup)</option>[end] + [end] + </select> + <input type="submit" value="Change"></input> + </p> + </form> + + <p> + It is essential that you + <a href="https://www.apache.org/info/verification.html";>verify the integrity</a> + of downloaded files, preferably using the <code>PGP</code> signature (<code>*.asc</code> files); + failing that using the <code>SHA512</code> hash (<code>*.sha512</code> checksum files). + </p> + <p> + The <a href="https://www.apache.org/dist/commons/KEYS";>KEYS</a> + file contains the public PGP keys used by Apache Commons developers + to sign releases. + </p> + </subsection> + </section> + <section name="Apache Commons Release Plugin 1.3 "> + <subsection name="Binaries"> + <table> + <tr> + <td><a href="[preferred]/commons/commons-release-plugin/binaries/commons-release-plugin-1.3-bin.tar.gz">commons-release-plugin-1.3-bin.tar.gz</a></td> + <td><a href="https://www.apache.org/dist/commons/commons-release-plugin/binaries/commons-release-plugin-1.3-bin.tar.gz.sha512";>sha512</a></td> + <td><a href="https://www.apache.org/dist/commons/commons-release-plugin/binaries/commons-release-plugin-1.3-bin.tar.gz.asc";>pgp</a></td> + </tr> + <tr> + <td><a href="[preferred]/commons/commons-release-plugin/binaries/commons-release-plugin-1.3-bin.zip">commons-release-plugin-1.3-bin.zip</a></td> + <td><a href="https://www.apache.org/dist/commons/commons-release-plugin/binaries/commons-release-plugin-1.3-bin.zip.sha512";>sha512</a></td> + <td><a href="https://www.apache.org/dist/commons/commons-release-plugin/binaries/commons-release-plugin-1.3-bin.zip.asc";>pgp</a></td> + </tr> + </table> + </subsection> + <subsection name="Source"> + <table> + <tr> + <td><a href="[preferred]/commons/commons-release-plugin/source/commons-release-plugin-1.3-src.tar.gz">commons-release-plugin-1.3-src.tar.gz</a></td> + <td><a href="https://www.apache.org/dist/commons/commons-release-plugin/source/commons-release-plugin-1.3-src.tar.gz.sha512";>sha512</a></td> + <td><a href="https://www.apache.org/dist/commons/commons-release-plugin/source/commons-release-plugin-1.3-src.tar.gz.asc";>pgp</a></td> + </tr> + <tr> + <td><a href="[preferred]/commons/commons-release-plugin/source/commons-release-plugin-1.3-src.zip">commons-release-plugin-1.3-src.zip</a></td> + <td><a href="https://www.apache.org/dist/commons/commons-release-plugin/source/commons-release-plugin-1.3-src.zip.sha512";>sha512</a></td> + <td><a href="https://www.apache.org/dist/commons/commons-release-plugin/source/commons-release-plugin-1.3-src.zip.asc";>pgp</a></td> + </tr> + </table> + </subsection> + </section> + <section name="Archives"> + <p> + Older releases can be obtained from the archives. + </p> + <ul> + <li class="download"><a href="[preferred]/commons/commons-release-plugin/">browse download area</a></li> + <li><a href="https://archive.apache.org/dist/commons/commons-release-plugin/";>archives...</a></li> + </ul> + </section> + </body> +</document> http://git-wip-us.apache.org/repos/asf/commons-release-plugin/blob/55d3a85d/src/test/java/org/apache/commons/release/plugin/mojos/CommonsDistributionDetachmentMojoTest.java ---------------------------------------------------------------------- diff --git a/src/test/java/org/apache/commons/release/plugin/mojos/CommonsDistributionDetachmentMojoTest.java b/src/test/java/org/apache/commons/release/plugin/mojos/CommonsDistributionDetachmentMojoTest.java index dda67ad..dd228ea 100755 --- a/src/test/java/org/apache/commons/release/plugin/mojos/CommonsDistributionDetachmentMojoTest.java +++ b/src/test/java/org/apache/commons/release/plugin/mojos/CommonsDistributionDetachmentMojoTest.java @@ -67,41 +67,41 @@ public class CommonsDistributionDetachmentMojoTest { mojo.execute(); File detachedSrcTarGz = new File(COMMONS_RELEASE_PLUGIN_TEST_DIR_PATH + "/commons-text-1.4-src.tar.gz"); File detachedSrcTarGzAsc = new File(COMMONS_RELEASE_PLUGIN_TEST_DIR_PATH + "/commons-text-1.4-src.tar.gz.asc"); - File detachedSrcTarGzSha1 = new File(COMMONS_RELEASE_PLUGIN_TEST_DIR_PATH + "/commons-text-1.4-src.tar.gz.sha1"); File detachedSrcTarGzSha256 = new File(COMMONS_RELEASE_PLUGIN_TEST_DIR_PATH + "/commons-text-1.4-src.tar.gz.sha256"); + File detachedSrcTarGzSha512 = new File(COMMONS_RELEASE_PLUGIN_TEST_DIR_PATH + "/commons-text-1.4-src.tar.gz.sha512"); File detachedSrcZip = new File(COMMONS_RELEASE_PLUGIN_TEST_DIR_PATH + "/commons-text-1.4-src.zip"); File detachedSrcZipAsc = new File(COMMONS_RELEASE_PLUGIN_TEST_DIR_PATH + "/commons-text-1.4-src.zip.asc"); - File detachedSrcZipSha1 = new File(COMMONS_RELEASE_PLUGIN_TEST_DIR_PATH + "/commons-text-1.4-src.zip.sha1"); File detachedSrcZipSha256 = new File(COMMONS_RELEASE_PLUGIN_TEST_DIR_PATH + "/commons-text-1.4-src.zip.sha256"); + File detachedSrcZipSha512 = new File(COMMONS_RELEASE_PLUGIN_TEST_DIR_PATH + "/commons-text-1.4-src.zip.sha512"); File detachedBinTarGz = new File(COMMONS_RELEASE_PLUGIN_TEST_DIR_PATH + "/commons-text-1.4-bin.tar.gz"); File detachedBinTarGzAsc = new File(COMMONS_RELEASE_PLUGIN_TEST_DIR_PATH + "/commons-text-1.4-bin.tar.gz.asc"); - File detachedBinTarGzSha1 = new File(COMMONS_RELEASE_PLUGIN_TEST_DIR_PATH + "/commons-text-1.4-bin.tar.gz.sha1"); File detachedBinTarGzSha256 = new File(COMMONS_RELEASE_PLUGIN_TEST_DIR_PATH + "/commons-text-1.4-bin.tar.gz.sha256"); + File detachedBinTarGzSha512 = new File(COMMONS_RELEASE_PLUGIN_TEST_DIR_PATH + "/commons-text-1.4-bin.tar.gz.sha512"); File detachedBinZip = new File(COMMONS_RELEASE_PLUGIN_TEST_DIR_PATH + "/commons-text-1.4-bin.zip"); File detachedBinZipAsc = new File(COMMONS_RELEASE_PLUGIN_TEST_DIR_PATH + "/commons-text-1.4-bin.zip.asc"); - File detachedBinZipSha1 = new File(COMMONS_RELEASE_PLUGIN_TEST_DIR_PATH + "/commons-text-1.4-bin.zip.sha1"); File detachedBinZipSha256 = new File(COMMONS_RELEASE_PLUGIN_TEST_DIR_PATH + "/commons-text-1.4-bin.zip.sha256"); + File detachedBinZipSha512 = new File(COMMONS_RELEASE_PLUGIN_TEST_DIR_PATH + "/commons-text-1.4-bin.zip.sha512"); File notDetachedMockAttachedFile = new File(COMMONS_RELEASE_PLUGIN_TEST_DIR_PATH + "/commons-text-1.4.jar"); - File sha1Properties = new File(COMMONS_RELEASE_PLUGIN_TEST_DIR_PATH + "/sha1.properties"); File sha256Properties = new File(COMMONS_RELEASE_PLUGIN_TEST_DIR_PATH + "/sha256.properties"); + File sha512Properties = new File(COMMONS_RELEASE_PLUGIN_TEST_DIR_PATH + "/sha512.properties"); assertTrue(detachedSrcTarGz.exists()); assertTrue(detachedSrcTarGzAsc.exists()); - assertTrue(detachedSrcTarGzSha1.exists()); assertTrue(detachedSrcTarGzSha256.exists()); + assertTrue(detachedSrcTarGzSha512.exists()); assertTrue(detachedSrcZip.exists()); assertTrue(detachedSrcZipAsc.exists()); - assertTrue(detachedSrcZipSha1.exists()); assertTrue(detachedSrcZipSha256.exists()); + assertTrue(detachedSrcZipSha512.exists()); assertTrue(detachedBinTarGz.exists()); assertTrue(detachedBinTarGzAsc.exists()); - assertTrue(detachedBinTarGzSha1.exists()); assertTrue(detachedBinTarGzSha256.exists()); + assertTrue(detachedBinTarGzSha512.exists()); assertTrue(detachedBinZip.exists()); assertTrue(detachedBinZipAsc.exists()); - assertTrue(detachedBinZipSha1.exists()); assertTrue(detachedBinZipSha256.exists()); - assertTrue(sha1Properties.exists()); + assertTrue(detachedBinZipSha512.exists()); assertTrue(sha256Properties.exists()); + assertTrue(sha512Properties.exists()); assertFalse(notDetachedMockAttachedFile.exists()); } http://git-wip-us.apache.org/repos/asf/commons-release-plugin/blob/55d3a85d/src/test/java/org/apache/commons/release/plugin/mojos/CommonsDistributionStagingMojoTest.java ---------------------------------------------------------------------- diff --git a/src/test/java/org/apache/commons/release/plugin/mojos/CommonsDistributionStagingMojoTest.java b/src/test/java/org/apache/commons/release/plugin/mojos/CommonsDistributionStagingMojoTest.java index 2e90d57..44b0ad2 100755 --- a/src/test/java/org/apache/commons/release/plugin/mojos/CommonsDistributionStagingMojoTest.java +++ b/src/test/java/org/apache/commons/release/plugin/mojos/CommonsDistributionStagingMojoTest.java @@ -98,22 +98,22 @@ public class CommonsDistributionStagingMojoTest { File binariesHeaderHtml = new File(COMMONS_RELEASE_PLUGIN_TEST_DIR_PATH + "/scm/1.0-SNAPSHOT-RC1/binaries/HEADER.html"); File binTar = new File(COMMONS_RELEASE_PLUGIN_TEST_DIR_PATH + "/scm/1.0-SNAPSHOT-RC1/binaries/commons-text-1.4-bin.tar.gz"); File binTarASC = new File(COMMONS_RELEASE_PLUGIN_TEST_DIR_PATH + "/scm/1.0-SNAPSHOT-RC1/binaries/commons-text-1.4-bin.tar.gz.asc"); - File binTarSHA1 = new File(COMMONS_RELEASE_PLUGIN_TEST_DIR_PATH + "/scm/1.0-SNAPSHOT-RC1/binaries/commons-text-1.4-bin.tar.gz.sha1"); - File binTarSHA256 = new File(COMMONS_RELEASE_PLUGIN_TEST_DIR_PATH + "/scm/1.0-SNAPSHOT-RC1/binaries/commons-text-1.4-bin.tar.gz.sha256"); + File binTarSha256 = new File(COMMONS_RELEASE_PLUGIN_TEST_DIR_PATH + "/scm/1.0-SNAPSHOT-RC1/binaries/commons-text-1.4-bin.tar.gz.sha256"); + File binTarSha512 = new File(COMMONS_RELEASE_PLUGIN_TEST_DIR_PATH + "/scm/1.0-SNAPSHOT-RC1/binaries/commons-text-1.4-bin.tar.gz.sha512"); File binZip = new File(COMMONS_RELEASE_PLUGIN_TEST_DIR_PATH + "/scm/1.0-SNAPSHOT-RC1/binaries/commons-text-1.4-bin.zip"); File binZipASC = new File(COMMONS_RELEASE_PLUGIN_TEST_DIR_PATH + "/scm/1.0-SNAPSHOT-RC1/binaries/commons-text-1.4-bin.zip.asc"); - File binZipSHA1 = new File(COMMONS_RELEASE_PLUGIN_TEST_DIR_PATH + "/scm/1.0-SNAPSHOT-RC1/binaries/commons-text-1.4-bin.zip.sha1"); - File binZipSHA256 = new File(COMMONS_RELEASE_PLUGIN_TEST_DIR_PATH + "/scm/1.0-SNAPSHOT-RC1/binaries/commons-text-1.4-bin.zip.sha256"); + File binZipSha256 = new File(COMMONS_RELEASE_PLUGIN_TEST_DIR_PATH + "/scm/1.0-SNAPSHOT-RC1/binaries/commons-text-1.4-bin.zip.sha256"); + File binZipSha512 = new File(COMMONS_RELEASE_PLUGIN_TEST_DIR_PATH + "/scm/1.0-SNAPSHOT-RC1/binaries/commons-text-1.4-bin.zip.sha512"); File sourcesReadmeHtml = new File(COMMONS_RELEASE_PLUGIN_TEST_DIR_PATH + "/scm/1.0-SNAPSHOT-RC1/binaries/README.html"); File sourceHeaderHtml = new File(COMMONS_RELEASE_PLUGIN_TEST_DIR_PATH + "/scm/1.0-SNAPSHOT-RC1/binaries/HEADER.html"); File srcTar = new File(COMMONS_RELEASE_PLUGIN_TEST_DIR_PATH + "/scm/1.0-SNAPSHOT-RC1/source/commons-text-1.4-src.tar.gz"); File srcTarASC = new File(COMMONS_RELEASE_PLUGIN_TEST_DIR_PATH + "/scm/1.0-SNAPSHOT-RC1/source/commons-text-1.4-src.tar.gz.asc"); - File srcTarSHA1 = new File(COMMONS_RELEASE_PLUGIN_TEST_DIR_PATH + "/scm/1.0-SNAPSHOT-RC1/source/commons-text-1.4-src.tar.gz.sha1"); - File srcTarSHA256 = new File(COMMONS_RELEASE_PLUGIN_TEST_DIR_PATH + "/scm/1.0-SNAPSHOT-RC1/source/commons-text-1.4-src.tar.gz.sha256"); + File srcTarSha256 = new File(COMMONS_RELEASE_PLUGIN_TEST_DIR_PATH + "/scm/1.0-SNAPSHOT-RC1/source/commons-text-1.4-src.tar.gz.sha256"); + File srcTarSha512 = new File(COMMONS_RELEASE_PLUGIN_TEST_DIR_PATH + "/scm/1.0-SNAPSHOT-RC1/source/commons-text-1.4-src.tar.gz.sha512"); File srcZip = new File(COMMONS_RELEASE_PLUGIN_TEST_DIR_PATH + "/scm/1.0-SNAPSHOT-RC1/source/commons-text-1.4-src.zip"); File srcZipASC = new File(COMMONS_RELEASE_PLUGIN_TEST_DIR_PATH + "/scm/1.0-SNAPSHOT-RC1/source/commons-text-1.4-src.zip.asc"); - File srcZipSHA1 = new File(COMMONS_RELEASE_PLUGIN_TEST_DIR_PATH + "/scm/1.0-SNAPSHOT-RC1/source/commons-text-1.4-src.zip.sha1"); - File srcZipSHA256 = new File(COMMONS_RELEASE_PLUGIN_TEST_DIR_PATH + "/scm/1.0-SNAPSHOT-RC1/source/commons-text-1.4-src.zip.sha256"); + File srcZipSha256 = new File(COMMONS_RELEASE_PLUGIN_TEST_DIR_PATH + "/scm/1.0-SNAPSHOT-RC1/source/commons-text-1.4-src.zip.sha256"); + File srcZipSha512 = new File(COMMONS_RELEASE_PLUGIN_TEST_DIR_PATH + "/scm/1.0-SNAPSHOT-RC1/source/commons-text-1.4-src.zip.sha512"); File site = new File(COMMONS_RELEASE_PLUGIN_TEST_DIR_PATH + "/scm/1.0-SNAPSHOT-RC1/site"); File siteIndexHtml = new File(COMMONS_RELEASE_PLUGIN_TEST_DIR_PATH + "/scm/1.0-SNAPSHOT-RC1/site/index.html"); File siteSubdirectory = new File(COMMONS_RELEASE_PLUGIN_TEST_DIR_PATH + "/scm/1.0-SNAPSHOT-RC1/site/subdirectory"); @@ -126,22 +126,21 @@ public class CommonsDistributionStagingMojoTest { assertTrue(binariesHeaderHtml.exists()); assertTrue(binTar.exists()); assertTrue(binTarASC.exists()); - assertTrue(binTarSHA1.exists()); - assertTrue(binTarSHA256.exists()); + assertTrue(binTarSha256.exists()); + assertTrue(binTarSha512.exists()); assertTrue(binZip.exists()); assertTrue(binZipASC.exists()); - assertTrue(binZipSHA1.exists()); - assertTrue(binZipSHA256.exists()); + assertTrue(binZipSha256.exists()); assertTrue(sourcesReadmeHtml.exists()); assertTrue(sourceHeaderHtml.exists()); assertTrue(srcTar.exists()); assertTrue(srcTarASC.exists()); - assertTrue(srcTarSHA1.exists()); - assertTrue(srcTarSHA256.exists()); + assertTrue(srcTarSha256.exists()); + assertTrue(srcTarSha512.exists()); assertTrue(srcZip.exists()); assertTrue(srcZipASC.exists()); - assertTrue(srcZipSHA1.exists()); - assertTrue(srcZipSHA256.exists()); + assertTrue(srcZipSha256.exists()); + assertTrue(srcZipSha512.exists()); assertTrue(site.exists()); assertTrue(siteIndexHtml.exists()); assertTrue(siteSubdirectory.exists());
