date:20240301

Checksum of release 2.23.0 does not seem to be correct

2024-03-01 Thread Piers Uso Walter

Hi,

I downloaded log4j 2.23.0 from 
https://logging.apache.org/log4j/2.x/download.html
Specifically I downloaded 
https://www.apache.org/dyn/closer.lua/logging/log4j/2.23.0/apache-log4j-2.23.0-bin.zip

The checksum file 
https://www.apache.org/dist/logging/log4j/2.23.0/apache-log4j-2.23.0-bin.zip.sha512
 contains a different checksum from what I get when I run shasum on the 
downloaded zip file:

> shasum -a 512 apache-log4j-2.23.0-bin.zip 
204d5b860a4169232e7ac7b41648a4167a8d11afc76e3457dd463bf28c3c0ca4d10c07e0970bc30a4d061c3e5dc869b1ac367a563eacd592d7bfff192e15852d
  apache-log4j-2.23.0-bin.zip
> cat apache-log4j-2.23.0-bin.zip.sha512  
> 4668362f8c339b48e0a82bce4031d981e930fa4317fca8c94ad51528f6f8680563e6bde04372fcfbb40c31b646a8309ccd2fc3d1eff68cccfd328e96472e6f31
>   apache-log4j-2.23.0-bin.zip

The signature of the zip file checks out OK, but I’m hesitant to use the zip 
file due to the checksum error.

Piers

-- 
Piers Uso Walter 
ilink Kommunikationssysteme GmbH

Re: Checksum of release 2.23.0 does not seem to be correct

2024-03-01 Thread Piotr P. Karwasz

Hi Piers,

On Fri, 1 Mar 2024 at 13:33, Piers Uso Walter  wrote:
> I downloaded log4j 2.23.0 from 
> https://logging.apache.org/log4j/2.x/download.html
> Specifically I downloaded 
> https://www.apache.org/dyn/closer.lua/logging/log4j/2.23.0/apache-log4j-2.23.0-bin.zip
>
> The checksum file 
> https://www.apache.org/dist/logging/log4j/2.23.0/apache-log4j-2.23.0-bin.zip.sha512
>  contains a different checksum from what I get when I run shasum on the 
> downloaded zip file:
>
> > shasum -a 512 apache-log4j-2.23.0-bin.zip
> 204d5b860a4169232e7ac7b41648a4167a8d11afc76e3457dd463bf28c3c0ca4d10c07e0970bc30a4d061c3e5dc869b1ac367a563eacd592d7bfff192e15852d
>   apache-log4j-2.23.0-bin.zip
> > cat apache-log4j-2.23.0-bin.zip.sha512  
> > 4668362f8c339b48e0a82bce4031d981e930fa4317fca8c94ad51528f6f8680563e6bde04372fcfbb40c31b646a8309ccd2fc3d1eff68cccfd328e96472e6f31
> >   apache-log4j-2.23.0-bin.zip
>
> The signature of the zip file checks out OK, but I’m hesitant to use the zip 
> file due to the checksum error.

I can confirm that the checksum in the `*.sha512` file is the correct one.

Remark that 
`https://www.apache.org/dyn/closer.lua/logging/log4j/2.23.0/apache-log4j-2.23.0-bin.zip`
points to an HTML file that selects the Apache mirror closest to you.
Maybe that is what you downloaded?
Any chance you remember which mirror did you use?

Anyway, try using
`https://dlcdn.apache.org/logging/log4j/2.23.0/apache-log4j-2.23.0-bin.zip`
and see if the problem repeats itself.

PS: Each release is also PGP signed with one of the keys from
https://www.apache.org/dist/logging/KEYS, usually the one associated
to priv...@logging.apache.org. You should consider verifying the PGP
signature instead of the checksum.

Piotr

Re: Checksum of release 2.23.0 does not seem to be correct

2024-03-01 Thread Piers Uso Walter

Hi Piotr,

Thanks for the quick response.
And yes, everything is OK on your side.

I did indeed somehow manage to download the HTML file as the zip archive.
That explains why the checksum was wrong.

How embarrassing:-(

With kind regards
Piers


> Am 01.03.2024 um 13:55 schrieb Piotr P. Karwasz :
> 
> Hi Piers,
> 
> On Fri, 1 Mar 2024 at 13:33, Piers Uso Walter  wrote:
>> I downloaded log4j 2.23.0 from 
>> https://logging.apache.org/log4j/2.x/download.html
>> Specifically I downloaded 
>> https://www.apache.org/dyn/closer.lua/logging/log4j/2.23.0/apache-log4j-2.23.0-bin.zip
>> 
>> The checksum file 
>> https://www.apache.org/dist/logging/log4j/2.23.0/apache-log4j-2.23.0-bin.zip.sha512
>>  contains a different checksum from what I get when I run shasum on the 
>> downloaded zip file:
>> 
>>> shasum -a 512 apache-log4j-2.23.0-bin.zip
>> 204d5b860a4169232e7ac7b41648a4167a8d11afc76e3457dd463bf28c3c0ca4d10c07e0970bc30a4d061c3e5dc869b1ac367a563eacd592d7bfff192e15852d
>>   apache-log4j-2.23.0-bin.zip
>>> cat apache-log4j-2.23.0-bin.zip.sha512  
>>> 4668362f8c339b48e0a82bce4031d981e930fa4317fca8c94ad51528f6f8680563e6bde04372fcfbb40c31b646a8309ccd2fc3d1eff68cccfd328e96472e6f31
>>>   apache-log4j-2.23.0-bin.zip
>> 
>> The signature of the zip file checks out OK, but I’m hesitant to use the zip 
>> file due to the checksum error.
> 
> I can confirm that the checksum in the `*.sha512` file is the correct one.
> 
> Remark that 
> `https://www.apache.org/dyn/closer.lua/logging/log4j/2.23.0/apache-log4j-2.23.0-bin.zip`
> points to an HTML file that selects the Apache mirror closest to you.
> Maybe that is what you downloaded?
> Any chance you remember which mirror did you use?
> 
> Anyway, try using
> `https://dlcdn.apache.org/logging/log4j/2.23.0/apache-log4j-2.23.0-bin.zip`
> and see if the problem repeats itself.
> 
> PS: Each release is also PGP signed with one of the keys from
> https://www.apache.org/dist/logging/KEYS, usually the one associated
> to priv...@logging.apache.org. You should consider verifying the PGP
> signature instead of the checksum.
> 
> Piotr

[VOTE] Release Apache Log4net 2.0.16

2024-03-01 Thread Davyd McColl


Hi all


This is the vote to release Apache log4net version 2.0.16


Website: 
https://logging.staged.apache.org/log4net/release/release-notes.html


GitHub: https://github.com/apache/logging-log4net

GitHub release (pre-release): 
https://github.com/apache/logging-log4net/releases/tag/2.0.16-rc1


Distribution: I'm not sure - 
https://dist.apache.org/repos/dist/dev/logging/log4net should have 
2.0.16 binaries and source (I've added via SVN), but I'm not seeing 
them. Any help appreciated.




Please have a look at the staging site & artifacts and test (if you can 
- clone, `npm i`, `npm test`)


[ ] +1, release the artifacts

[ ] -1, don't release, because


(thanks Piotr: I copied most of your last VOTE mail!)


-d

Re: [VOTE] Release Apache Log4net 2.0.16

2024-03-01 Thread Volkan Yazıcı

Davyd, I am afraid it cannot qualify an official vote if the [source]
distribution artifacts are missing. This is the whole point of the ASF
release ceremony. Binary artifacts, Website, GitHub, VCS, Nuget, etc. can
be the most important mediums for you and/or the project, though they are
irrelevant from an ASF point of view.

Could you upload the source distribution to the `
https://dist.apache.org/repos/dist/dev/logging /log4net` Subversion folder
along with checksum and signature files, please?

On Fri, Mar 1, 2024 at 2:19 PM Davyd McColl  wrote:

> Hi all
>
>
> This is the vote to release Apache log4net version 2.0.16
>
>
> Website:
> https://logging.staged.apache.org/log4net/release/release-notes.html
>
> GitHub: https://github.com/apache/logging-log4net
>
> GitHub release (pre-release):
> https://github.com/apache/logging-log4net/releases/tag/2.0.16-rc1
>
> Distribution: I'm not sure -
> https://dist.apache.org/repos/dist/dev/logging/log4net should have
> 2.0.16 binaries and source (I've added via SVN), but I'm not seeing
> them. Any help appreciated.
>
>
>
> Please have a look at the staging site & artifacts and test (if you can
> - clone, `npm i`, `npm test`)
>
> [ ] +1, release the artifacts
>
> [ ] -1, don't release, because
>
>
> (thanks Piotr: I copied most of your last VOTE mail!)
>
>
> -d
>
>

Re: Checksum of release 2.23.0 does not seem to be correct

2024-03-01 Thread Piotr P. Karwasz

Hi Piers,

On Fri, 1 Mar 2024 at 14:14, Piers Uso Walter  wrote:
> Thanks for the quick response.
> And yes, everything is OK on your side.
>
> I did indeed somehow manage to download the HTML file as the zip archive.
> That explains why the checksum was wrong.
>
> How embarrassing:-(

I did the exact same thing, that is why I remarked it in the answer.

Maybe we should replace the links on the web page? There are actually
people (like me and probably you) that don't download everything
through the browser.
What do you think?

Piotr

Re: Checksum of release 2.23.0 does not seem to be correct

2024-03-01 Thread Ralph Goers




> On Mar 1, 2024, at 6:55 AM, Piotr P. Karwasz  wrote:
> 
> Hi Piers,
> 
> On Fri, 1 Mar 2024 at 14:14, Piers Uso Walter  wrote:
>> Thanks for the quick response.
>> And yes, everything is OK on your side.
>> 
>> I did indeed somehow manage to download the HTML file as the zip archive.
>> That explains why the checksum was wrong.
>> 
>> How embarrassing:-(
> 
> I did the exact same thing, that is why I remarked it in the answer.
> 
> Maybe we should replace the links on the web page? There are actually
> people (like me and probably you) that don't download everything
> through the browser.
> What do you think?

Replace them with what? We are required to use the chooser app so that the user 
downloads from an archive, not the main ASF repo.

Ralph

Re: [VOTE] Release Apache Log4net 2.0.16

2024-03-01 Thread Davyd McColl


Hi Volkan

That was my whole point with the question on my release vote: I have put 
things in svn, bit I'm not seeing them at the url you've posted. I assume 
I've done something wrong, but I don't know what and need someone to help. 
I must admit my svn-fu is rubbish so perhaps I just messed up there. With 
the other svn repos, I use git svn bridge, but I don't want to do that here 
because that repo us huge and filled with binaries


TL;DR Halp!  😅

-d


On 01 March 2024 15:46:24 Volkan Yazıcı  wrote:


Davyd, I am afraid it cannot qualify an official vote if the [source]
distribution artifacts are missing. This is the whole point of the ASF
release ceremony. Binary artifacts, Website, GitHub, VCS, Nuget, etc. can
be the most important mediums for you and/or the project, though they are
irrelevant from an ASF point of view.

Could you upload the source distribution to the `
https://dist.apache.org/repos/dist/dev/logging /log4net` Subversion folder
along with checksum and signature files, please?

On Fri, Mar 1, 2024 at 2:19 PM Davyd McColl  wrote:


Hi all


This is the vote to release Apache log4net version 2.0.16


Website:
https://logging.staged.apache.org/log4net/release/release-notes.html

GitHub: https://github.com/apache/logging-log4net

GitHub release (pre-release):
https://github.com/apache/logging-log4net/releases/tag/2.0.16-rc1

Distribution: I'm not sure -
https://dist.apache.org/repos/dist/dev/logging/log4net should have
2.0.16 binaries and source (I've added via SVN), but I'm not seeing
them. Any help appreciated.



Please have a look at the staging site & artifacts and test (if you can
- clone, `npm i`, `npm test`)

[ ] +1, release the artifacts

[ ] -1, don't release, because


(thanks Piotr: I copied most of your last VOTE mail!)


-d

Re: Checksum of release 2.23.0 does not seem to be correct

2024-03-01 Thread Piotr P. Karwasz

Hi Ralph,

On Fri, 1 Mar 2024 at 15:33, Ralph Goers  wrote:
> > Maybe we should replace the links on the web page? There are actually
> > people (like me and probably you) that don't download everything
> > through the browser.
> > What do you think?
>
> Replace them with what? We are required to use the chooser app so that the 
> user downloads from an archive, not the main ASF repo.

Isn't everything distributed through the CDN? I always get:

https://dlcdn.apache.org/

from the script.

Piotr

Uploading release distribution for review (Was: [VOTE] Release Apache Log4net 2.0.16)

2024-03-01 Thread Volkan Yazıcı

Davyd, assuming you have `svn` in the command line, following should get
the job done:

# Checkout the `dev` distribution repository
svn co https://dist.apache.org/repos/dist/dev/logging logging-dist-dev
cd logging-dist-dev

# Delete old distribution files
svn rm log4net

# Add the new distribution of the new release
mkdir -p log4net/2.0.16
cp /path/to/distribution/files log4net/2.0.16/
svn add log4net

# Commit changes
svn commit -m 'Add `log4net` version `2.0.16` distribution files'


I presume you are using Windows. Getting `svn` in the Windows shell is
explained in this SO post.


Let me know if this does/doesn't help.

Good luck!

On Fri, Mar 1, 2024 at 5:02 PM Davyd McColl  wrote:

> Hi Volkan
>
> That was my whole point with the question on my release vote: I have put
> things in svn, bit I'm not seeing them at the url you've posted. I assume
> I've done something wrong, but I don't know what and need someone to help.
> I must admit my svn-fu is rubbish so perhaps I just messed up there. With
> the other svn repos, I use git svn bridge, but I don't want to do that here
> because that repo us huge and filled with binaries
>
> TL;DR Halp!  😅
>
> -d
>
> On 01 March 2024 15:46:24 Volkan Yazıcı  wrote:
>
>> Davyd, I am afraid it cannot qualify an official vote if the [source]
>> distribution artifacts are missing. This is the whole point of the ASF
>> release ceremony. Binary artifacts, Website, GitHub, VCS, Nuget, etc. can
>> be the most important mediums for you and/or the project, though they are
>> irrelevant from an ASF point of view.
>>
>> Could you upload the source distribution to the `
>> https://dist.apache.org/repos/dist/dev/logging /log4net` Subversion
>> folder
>> along with checksum and signature files, please?
>>
>> On Fri, Mar 1, 2024 at 2:19 PM Davyd McColl  wrote:
>>
>>> Hi all
>>>
>>> This is the vote to release Apache log4net version 2.0.16
>>>
>>> Website:
>>> https://logging.staged.apache.org/log4net/release/release-notes.html
>>>
>>> GitHub: https://github.com/apache/logging-log4net
>>>
>>> GitHub release (pre-release):
>>> https://github.com/apache/logging-log4net/releases/tag/2.0.16-rc1
>>>
>>> Distribution: I'm not sure -
>>> https://dist.apache.org/repos/dist/dev/logging/log4net should have
>>> 2.0.16 binaries and source (I've added via SVN), but I'm not seeing
>>> them. Any help appreciated.
>>>
>>> Please have a look at the staging site & artifacts and test (if you can
>>> - clone, `npm i`, `npm test`)
>>>
>>> [ ] +1, release the artifacts
>>>
>>> [ ] -1, don't release, because
>>>
>>> (thanks Piotr: I copied most of your last VOTE mail!)
>>>
>>> -d
>>>
>>

Re: Uploading release distribution for review (Was: [VOTE] Release Apache Log4net 2.0.16)

2024-03-01 Thread Davyd McColl


Hi Volkan


Thanks for taking the time to explain (:


This is pretty-much what I did, as per step 16 of 
https://github.com/apache/logging-log4net/blob/master/doc/RELEASING.md - 
unless there's a typo I've made somewhere or something like that. That's 
why I'm confused as to why I can't see the artifacts in the right place ):



No need to rush on this though - monday is fine: I very likely won't do 
anything about it until then anyway (:



-d

On 2024/03/01 18:21, Volkan Yazıcı wrote:
Davyd, assuming you have `svn` in the command line, following should 
get the job done:


# Checkout the `dev` distribution repository
svn co https://dist.apache.org/repos/dist/dev/logging logging-dist-dev
cd logging-dist-dev

# Delete old distribution files
svn rm log4net

# Add the new distribution of the new release
mkdir -p log4net/2.0.16
cp /path/to/distribution/files log4net/2.0.16/
svn add log4net

# Commit changes
svn commit -m 'Add `log4net` version `2.0.16` distribution files'


I presume you are using Windows. Getting `svn` in the Windows shell is 
explained in this SO post. 



Let me know if this does/doesn't help.

Good luck!

On Fri, Mar 1, 2024 at 5:02 PM Davyd McColl  wrote:

Hi Volkan

That was my whole point with the question on my release vote: I
have put things in svn, bit I'm not seeing them at the url you've
posted. I assume I've done something wrong, but I don't know what
and need someone to help. I must admit my svn-fu is rubbish so
perhaps I just messed up there. With the other svn repos, I use
git svn bridge, but I don't want to do that here because that repo
us huge and filled with binaries

TL;DR Halp! 😅

-d

On 01 March 2024 15:46:24 Volkan Yazıcı  wrote:


Davyd, I am afraid it cannot qualify an official vote if the [source]
distribution artifacts are missing. This is the whole point of
the ASF
release ceremony. Binary artifacts, Website, GitHub, VCS, Nuget,
etc. can
be the most important mediums for you and/or the project, though
they are
irrelevant from an ASF point of view.

Could you upload the source distribution to the `
https://dist.apache.org/repos/dist/dev/logging /log4net`
Subversion folder
along with checksum and signature files, please?

On Fri, Mar 1, 2024 at 2:19 PM Davyd McColl  wrote:


Hi all

This is the vote to release Apache log4net version 2.0.16

Website:
https://logging.staged.apache.org/log4net/release/release-notes.html

GitHub: https://github.com/apache/logging-log4net

GitHub release (pre-release):
https://github.com/apache/logging-log4net/releases/tag/2.0.16-rc1

Distribution: I'm not sure -
https://dist.apache.org/repos/dist/dev/logging/log4net should have
2.0.16 binaries and source (I've added via SVN), but I'm not seeing
them. Any help appreciated.

Please have a look at the staging site & artifacts and test (if
you can
- clone, `npm i`, `npm test`)

[ ] +1, release the artifacts

[ ] -1, don't release, because

(thanks Piotr: I copied most of your last VOTE mail!)

-d

Checksum of release 2.23.0 does not seem to be correct

Re: Checksum of release 2.23.0 does not seem to be correct

Re: Checksum of release 2.23.0 does not seem to be correct

[VOTE] Release Apache Log4net 2.0.16

Re: [VOTE] Release Apache Log4net 2.0.16

Re: Checksum of release 2.23.0 does not seem to be correct

Re: Checksum of release 2.23.0 does not seem to be correct

Re: [VOTE] Release Apache Log4net 2.0.16

Re: Checksum of release 2.23.0 does not seem to be correct

Uploading release distribution for review (Was: [VOTE] Release Apache Log4net 2.0.16)

Re: Uploading release distribution for review (Was: [VOTE] Release Apache Log4net 2.0.16)

11 matches

Site Navigation

Mail list logo

Footer information