2018-06-22 11:41 GMT+03:00 Konstantin Kolinko <knst.koli...@gmail.com>: > 2018-06-22 11:03 GMT+03:00 Mark Thomas <ma...@apache.org>: >> On 22/06/18 00:25, Konstantin Kolinko wrote: >>> 2018-06-20 22:45 GMT+03:00 Mark Thomas <ma...@apache.org>: >>>> The proposed Apache Tomcat 9.0.10 release is now available for voting. >>>> >>> >>> I have not tested this version yet (running 8.5 tests now), but I note >>> that the following *.asc files are missing, >>> both in Tomcat 9 and Tomcat 8.5: >>> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.10/bin/ >>> apache-tomcat-9.0.10.tar.gz.asc >>> apache-tomcat-9.0.10.zip.asc >>> >>> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-8/v8.5.32/bin/ >>> apache-tomcat-8.5.32.tar.gz.asc >>> apache-tomcat-8.5.32.zip.asc >> >> Thanks. Fixed. >> >> I still don't understand why this is happening. I'll try and pay more >> attention next time. > > Me neither. > > Do you have stdout/stderr output from creating a release? > > At buildbot I see no issues [...]
I think that I found it: they are lost when you upload binaries to Maven staging repository. The maven repository has the missing asc files: https://repository.apache.org/content/repositories/orgapachetomcat-1186/org/apache/tomcat/tomcat/9.0.10/ In res/maven/mvn-pub.xml: [[[ <target name="maven-deploy-binaries" depends="init-maven"> <!--cleanup--> <delete file="${pom}.tmp"/> <delete file="${pom}.asc"/> <delete file="${file}.zip.asc"/> <delete file="${file}.tar.gz.asc"/> It then recreates the signature files, uploads all to Maven and deletes them once again. <delete file="${pom}.tmp"/> <delete file="${pom}.asc"/> <delete file="${file}.zip.asc"/> <delete file="${file}.tar.gz.asc"/> </target> ]]] I also wonder why *.asc files created by build script and created manually differ: The asc files created by build script are short - just 3 lines of text, created manually are ~10 lines. They are created by different keys! $ gpg --verify apache-tomcat-9.0.10-deployer.tar.gz.asc gpg: assuming signed data in `apache-tomcat-9.0.10-deployer.tar.gz' gpg: Signature made 20 Jun 2018 20:34:38 RTZ using DSA key ID 33C60243 gpg: Good signature from "Mark E D Thomas <ma...@apache.org>" gpg: aka "Mark E D Thomas <med.tho...@virgin.net>" gpg: aka "Mark E D Thomas <mark.tho...@springsource.com>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: DCFD 35E0 BF8C A734 4752 DE8B 6FB2 1E89 33C6 0243 $ gpg --verify apache-tomcat-9.0.10.zip.asc gpg: assuming signed data in `apache-tomcat-9.0.10.zip' gpg: Signature made 22 Jun 2018 10:57:38 RTZ using RSA key ID 2F6059E7 gpg: Good signature from "Mark E D Thomas <ma...@apache.org>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: A9C5 DF4D 22E9 9998 D987 5A51 10C0 1C5A 2F60 59E7 Best regards, Konstantin Kolinko --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
