Re: [VOTE] Release Apache Log4j `2.24.0`
Trying again but not on macOS... IMO, this text should be removed from the review kit: "# If preferred, augment `mvnw` with `-DskipTests` to speed things up" You can't possibly validate an RC without running tests: "Look how fast I can NOT perform due diligence!" Gary On 2024/08/31 19:30:00 "Piotr P. Karwasz" wrote: > This is a vote to release the Apache Log4j `2.24.0`. > > Website: https://logging.staged.apache.org/log4j/2.24.0/index.html > GitHub: https://github.com/apache/logging-log4j2 > Commit: 08053687456f6be61ee8206da782a3d051928a57 > Distribution: https://dist.apache.org/repos/dist/dev/logging/log4j > Nexus: > https://repository.apache.org/content/repositories/orgapachelogging-1293 > Signing key: 0x077e8893a6dcc33dd4a4d5b256e73ba9a0b592d0 > > Please download, test, and cast your votes on this mailing list. > > [ ] +1, release the artifacts > [ ] -1, don't release, because... > > This vote is open for 72 hours and will pass unless getting a > net negative vote count. All votes are welcome and we encourage > everyone to test the release, but only the Logging Services PMC > votes are officially counted. At least 3 +1 votes and more > positive than negative votes are required. > > == Review kit > > The minimum set of steps needed to review the uploaded distribution > files in the Subversion repository can be summarized as follows: > > # Check out the distribution > svn co https://dist.apache.org/repos/dist/dev/logging/log4j/2.24.0 && cd > $_ > > # Verify checksums > shasum --check *.sha512 > > # Verify signatures > wget -O - https://downloads.apache.org/logging/KEYS | gpg --import > for sigFile in *.asc; do gpg --verify $sigFile; done > > # Verify reproduciblity > umask 0022 > unzip *-src.zip -d src > cd src > export > NEXUS_REPO=https://repository.apache.org/content/repositories/orgapachelogging-1293 > sh mvnw -Prelease verify artifact:compare -Dreference.repo=$NEXUS_REPO > # If preferred, augment `mvnw` with `-DskipTests` to speed things up > > == Release Notes > > This release contains improvements and changes in several areas of Apache > Log4j: > > === Log4j API > > The `2.24.0` version of Log4j API has been enhanced with changes from > the 3.x branch and will be used by both Log4j 2 Core and Log4j 3 Core > releases. > The changes include: > > * A faster default `ThreadContextMap`. > * Enhanced GraalVM support: native binaries that use Log4j API will no > longer require additional GraalVM configuration. > * The configuration properties subsystem now only accepts the official > pre-2.10 property names and the normalized post-2.10 names. > Check your configuration for typos. > > === Documentation > > The Apache Log4j 2 website has been almost entirely rewritten to > provide improved documentation and faster access to the information > you need. > > [1] https://logging.staged.apache.org/log4j/2.24.0/index.html > > === Bridges > > The JUL-to-Log4j API and Log4j 1-to-Log4j API will no longer be able > to modify the configuration of Log4j Core by default. > If such a functionality is required, it must be explicitly enabled. > > === Modules > > The following Log4j Core additional modules have been removed: > > `log4j-flume-ng`:: > The module has been moved to the Flume project and follows the Apache > Flume release lifecycle. > > `log4j-kubernetes`:: > The module has been moved to the > https://github.com/fabric8io/kubernetes-client/blob/main/doc/KubernetesLog4j.md[Fabric8.io > Kubernetes project] and follows the Fabric8.io release lifecycle. > > `log4j-mongodb3`:: > The module based on MongoDB Java client version 3.x has been removed. > Please migrate to `log4j-mongodb` (client version 5.x) or > `log4j-mongodb4` (client version 4.x). > > === JMX changes > > Starting in version 2.24.0, JMX support is disabled by default and can > be re-enabled via the `log4j2.disableJmx=false` system property. > > === Added > > * Add a faster `DefaultThreadContextMap` implementation. (#2330) > * Add Logback throwable-consuming semantics as an option in > `log4j-slf4j-impl` and `log4j-slf4j2-impl`. Users can enable it by > setting the property `log4j2.messageFactory` to > `org.apache.logging.slf4j.message.ThrowableConsumingMessageFactory`. > (#2363) > * Add trace context fields to `GcpLayout.json` (#2498) > * Add _"Plugin Reference"_ to the website. It is a Javadoc-on-steroids > focusing on Log4j plugins. (#1954) > * Automate website deployment using the new CI infrastructure shipped > with `org.apache.logging:logging-parent:11.0.0` > > === Changed > > * Fix usage of `log4j-api` in GraalVM without additional reachability > data. (#1539) > * Ignore exceptions thrown by PropertySources. > (https://github.com/spring-projects/spring-boot/issues/33450[Spring-33450]) > * Add logging to `PropertiesUtil` and fix `Duration` parser. (#1936) > * Disable level modification via JUL by default. (#2353) > * Centralize initialization in the `Pr
Re: [VOTE] Release Apache Log4j `2.24.0`
It's fails differently on Ubuntu: ... [INFO] --- artifact:3.5.1:compare (default-cli) @ log4j-api --- [WARNING] property is inherited from outside the reactor, it should be defined in parent POM from reactor /mnt/c/Users/ggregory/rc/2.24.0/src/.flattened-pom.xml [INFO] Reference buildinfo file not found: it will be generated from downloaded reference artifacts [INFO] Reference build java.version: 17 (from MANIFEST.MF Build-Jdk-Spec) [INFO] Reference build os.name: Unix (from pom.properties newline) [INFO] Minimal buildinfo generated from downloaded artifacts: /mnt/c/Users/ggregory/rc/2.24.0/src/log4j-api/target/reference/log4j-api-2.24.0.buildinfo [ERROR] sha512 mismatch log4j-api-2.24.0-sources.jar: investigate with diffoscope log4j-api/target/reference/org.apache.logging.log4j/log4j-api-2.24.0-sources.jar log4j-api/target/log4j-api-2.24.0-sources.jar [ERROR] Reproducible Build output summary: 3 files ok, 1 different [ERROR] see diff log4j-api/target/reference/log4j-api-2.24.0.buildinfo log4j-api/target/log4j-api-2.24.0.buildinfo [ERROR] see also https://maven.apache.org/guides/mini/guide-reproducible-builds.html [INFO] Reproducible Build output comparison saved to /mnt/c/Users/ggregory/rc/2.24.0/src/log4j-api/target/log4j-api-2.24.0.buildcompare [INFO] Aggregate buildcompare copied to /mnt/c/Users/ggregory/rc/2.24.0/src/target/log4j-bom-2.24.0.buildcompare [INFO] [INFO] Reactor Summary for Apache Log4j BOM 2.24.0: [INFO] [INFO] Apache Log4j BOM ... SUCCESS [02:01 min] [INFO] Apache Log4j Parent SUCCESS [ 1.427 s] [INFO] Apache Log4j API Java 9 support SUCCESS [ 29.766 s] [INFO] Apache Log4j API ... FAILURE [03:13 min] [INFO] Apache Log4j Implementation Java 9 support . SKIPPED [INFO] Apache Log4j Core .. SKIPPED [INFO] Apache Log4j API Tests . SKIPPED [INFO] Apache Log4j Core Tests SKIPPED [INFO] Apache Log4j 1.x Compatibility API . SKIPPED [INFO] Apache Log4j App Server Support SKIPPED [INFO] Log4j API to SLF4J Adapter . SKIPPED [INFO] SLF4J 1 Binding for Log4j API .. SKIPPED [INFO] Apache Log4j Cassandra . SKIPPED [INFO] Apache Log4j Core Integration Tests SKIPPED [INFO] Apache Log4j CouchDB ... SKIPPED [INFO] Apache Log4j Docker Library SKIPPED [INFO] Apache Log4j Streaming Interface ... SKIPPED [INFO] Apache Log4j Jakarta SMTP .. SKIPPED [INFO] Apache Log4j Jakarta Web ... SKIPPED [INFO] Apache Log4j Commons Logging Bridge SKIPPED [INFO] Apache Log4j JPA ... SKIPPED [INFO] Apache Log4j JDK Platform Logging Adapter .. SKIPPED [INFO] Apache Log4j JDBC DBCP 2 ... SKIPPED [INFO] Apache Log4j JUL Adapter ... SKIPPED [INFO] Apache Log4j JSON Template Layout .. SKIPPED [INFO] Apache Log4j JSON Template Layout tests SKIPPED [INFO] Apache Log4j MongoDB 4 . SKIPPED [INFO] Apache Log4j MongoDB Appender .. SKIPPED [INFO] Apache Log4j to JUL Bridge . SKIPPED [INFO] Apache Log4j OSGi tests SKIPPED [INFO] Apache Log4J Performance Tests . SKIPPED [INFO] SLF4J 2 Provider for Log4j API . SKIPPED [INFO] Apache Log4j Spring Boot Support ... SKIPPED [INFO] Apache Log4j Spring Cloud Config Client Support SKIPPED [INFO] Apache Log4j Web ... SKIPPED [INFO] Apache Log4j Tag Library ... SKIPPED [INFO] [INFO] BUILD FAILURE [INFO] [INFO] Total time: 05:46 min [INFO] Finished at: 2024-09-03T09:16:38-04:00 [INFO] [ERROR] Failed to execute goal org.apache.maven.plugins:maven-artifact-plugin:3.5.1:compare (default-cli) on project log4j-api: Build artifacts are different from reference -> [Help 1] [ERROR] [ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch. [ERROR] Re-run Maven using the -X switch to enable full debug logging. [ERROR] [ERROR] For more information about the errors and possible solutions, please read the following articles: [ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException [ERROR] [ERROR] After correcting the problems, you can resume the build with
Re: [VOTE] Release Apache Log4j `2.24.0`
Note that I add "clean" *(why does the kit not use "clean"?) mvnw -Prelease clean verify artifact:compare -Dreference.repo=$NEXUS_REPO Gary On 2024/09/03 13:21:32 "Gary D. Gregory" wrote: > It's fails differently on Ubuntu: > > ... > [INFO] --- artifact:3.5.1:compare (default-cli) @ log4j-api --- > [WARNING] property is inherited from outside > the reactor, it should be defined in parent POM from reactor > /mnt/c/Users/ggregory/rc/2.24.0/src/.flattened-pom.xml > [INFO] Reference buildinfo file not found: it will be generated from > downloaded reference artifacts > [INFO] Reference build java.version: 17 (from MANIFEST.MF Build-Jdk-Spec) > [INFO] Reference build os.name: Unix (from pom.properties newline) > [INFO] Minimal buildinfo generated from downloaded artifacts: > /mnt/c/Users/ggregory/rc/2.24.0/src/log4j-api/target/reference/log4j-api-2.24.0.buildinfo > [ERROR] sha512 mismatch log4j-api-2.24.0-sources.jar: investigate with > diffoscope > log4j-api/target/reference/org.apache.logging.log4j/log4j-api-2.24.0-sources.jar > log4j-api/target/log4j-api-2.24.0-sources.jar > [ERROR] Reproducible Build output summary: 3 files ok, 1 different > [ERROR] see diff log4j-api/target/reference/log4j-api-2.24.0.buildinfo > log4j-api/target/log4j-api-2.24.0.buildinfo > [ERROR] see also > https://maven.apache.org/guides/mini/guide-reproducible-builds.html > [INFO] Reproducible Build output comparison saved to > /mnt/c/Users/ggregory/rc/2.24.0/src/log4j-api/target/log4j-api-2.24.0.buildcompare > [INFO] Aggregate buildcompare copied to > /mnt/c/Users/ggregory/rc/2.24.0/src/target/log4j-bom-2.24.0.buildcompare > [INFO] > > [INFO] Reactor Summary for Apache Log4j BOM 2.24.0: > [INFO] > [INFO] Apache Log4j BOM ... SUCCESS [02:01 > min] > [INFO] Apache Log4j Parent SUCCESS [ 1.427 > s] > [INFO] Apache Log4j API Java 9 support SUCCESS [ 29.766 > s] > [INFO] Apache Log4j API ... FAILURE [03:13 > min] > [INFO] Apache Log4j Implementation Java 9 support . SKIPPED > [INFO] Apache Log4j Core .. SKIPPED > [INFO] Apache Log4j API Tests . SKIPPED > [INFO] Apache Log4j Core Tests SKIPPED > [INFO] Apache Log4j 1.x Compatibility API . SKIPPED > [INFO] Apache Log4j App Server Support SKIPPED > [INFO] Log4j API to SLF4J Adapter . SKIPPED > [INFO] SLF4J 1 Binding for Log4j API .. SKIPPED > [INFO] Apache Log4j Cassandra . SKIPPED > [INFO] Apache Log4j Core Integration Tests SKIPPED > [INFO] Apache Log4j CouchDB ... SKIPPED > [INFO] Apache Log4j Docker Library SKIPPED > [INFO] Apache Log4j Streaming Interface ... SKIPPED > [INFO] Apache Log4j Jakarta SMTP .. SKIPPED > [INFO] Apache Log4j Jakarta Web ... SKIPPED > [INFO] Apache Log4j Commons Logging Bridge SKIPPED > [INFO] Apache Log4j JPA ... SKIPPED > [INFO] Apache Log4j JDK Platform Logging Adapter .. SKIPPED > [INFO] Apache Log4j JDBC DBCP 2 ... SKIPPED > [INFO] Apache Log4j JUL Adapter ... SKIPPED > [INFO] Apache Log4j JSON Template Layout .. SKIPPED > [INFO] Apache Log4j JSON Template Layout tests SKIPPED > [INFO] Apache Log4j MongoDB 4 . SKIPPED > [INFO] Apache Log4j MongoDB Appender .. SKIPPED > [INFO] Apache Log4j to JUL Bridge . SKIPPED > [INFO] Apache Log4j OSGi tests SKIPPED > [INFO] Apache Log4J Performance Tests . SKIPPED > [INFO] SLF4J 2 Provider for Log4j API . SKIPPED > [INFO] Apache Log4j Spring Boot Support ... SKIPPED > [INFO] Apache Log4j Spring Cloud Config Client Support SKIPPED > [INFO] Apache Log4j Web ... SKIPPED > [INFO] Apache Log4j Tag Library ... SKIPPED > [INFO] > > [INFO] BUILD FAILURE > [INFO] > > [INFO] Total time: 05:46 min > [INFO] Finished at: 2024-09-03T09:16:38-04:00 > [INFO] > > [ERROR] Failed to execute goal > org.apache.maven.plugins:maven-artifact-plugin:3.5.1:compare (default-cli) on > project log4j-api: Build artifacts are different from reference -> [Help 1] > [ERROR] > [ERROR] To see the full stack trace of the errors, re-run Maven with th
Re: [VOTE] Release Apache Log4j `2.24.0`
Note that I add "clean" *(why does the kit not use "clean"?) mvnw -Prelease clean verify artifact:compare -Dreference.repo=$NEXUS_REPO Gary On 2024/09/03 13:21:32 "Gary D. Gregory" wrote: > It's fails differently on Ubuntu: > > ... > [INFO] --- artifact:3.5.1:compare (default-cli) @ log4j-api --- > [WARNING] property is inherited from outside > the reactor, it should be defined in parent POM from reactor > /mnt/c/Users/ggregory/rc/2.24.0/src/.flattened-pom.xml > [INFO] Reference buildinfo file not found: it will be generated from > downloaded reference artifacts > [INFO] Reference build java.version: 17 (from MANIFEST.MF Build-Jdk-Spec) > [INFO] Reference build os.name: Unix (from pom.properties newline) > [INFO] Minimal buildinfo generated from downloaded artifacts: > /mnt/c/Users/ggregory/rc/2.24.0/src/log4j-api/target/reference/log4j-api-2.24.0.buildinfo > [ERROR] sha512 mismatch log4j-api-2.24.0-sources.jar: investigate with > diffoscope > log4j-api/target/reference/org.apache.logging.log4j/log4j-api-2.24.0-sources.jar > log4j-api/target/log4j-api-2.24.0-sources.jar > [ERROR] Reproducible Build output summary: 3 files ok, 1 different > [ERROR] see diff log4j-api/target/reference/log4j-api-2.24.0.buildinfo > log4j-api/target/log4j-api-2.24.0.buildinfo > [ERROR] see also > https://maven.apache.org/guides/mini/guide-reproducible-builds.html > [INFO] Reproducible Build output comparison saved to > /mnt/c/Users/ggregory/rc/2.24.0/src/log4j-api/target/log4j-api-2.24.0.buildcompare > [INFO] Aggregate buildcompare copied to > /mnt/c/Users/ggregory/rc/2.24.0/src/target/log4j-bom-2.24.0.buildcompare > [INFO] > > [INFO] Reactor Summary for Apache Log4j BOM 2.24.0: > [INFO] > [INFO] Apache Log4j BOM ... SUCCESS [02:01 > min] > [INFO] Apache Log4j Parent SUCCESS [ 1.427 > s] > [INFO] Apache Log4j API Java 9 support SUCCESS [ 29.766 > s] > [INFO] Apache Log4j API ... FAILURE [03:13 > min] > [INFO] Apache Log4j Implementation Java 9 support . SKIPPED > [INFO] Apache Log4j Core .. SKIPPED > [INFO] Apache Log4j API Tests . SKIPPED > [INFO] Apache Log4j Core Tests SKIPPED > [INFO] Apache Log4j 1.x Compatibility API . SKIPPED > [INFO] Apache Log4j App Server Support SKIPPED > [INFO] Log4j API to SLF4J Adapter . SKIPPED > [INFO] SLF4J 1 Binding for Log4j API .. SKIPPED > [INFO] Apache Log4j Cassandra . SKIPPED > [INFO] Apache Log4j Core Integration Tests SKIPPED > [INFO] Apache Log4j CouchDB ... SKIPPED > [INFO] Apache Log4j Docker Library SKIPPED > [INFO] Apache Log4j Streaming Interface ... SKIPPED > [INFO] Apache Log4j Jakarta SMTP .. SKIPPED > [INFO] Apache Log4j Jakarta Web ... SKIPPED > [INFO] Apache Log4j Commons Logging Bridge SKIPPED > [INFO] Apache Log4j JPA ... SKIPPED > [INFO] Apache Log4j JDK Platform Logging Adapter .. SKIPPED > [INFO] Apache Log4j JDBC DBCP 2 ... SKIPPED > [INFO] Apache Log4j JUL Adapter ... SKIPPED > [INFO] Apache Log4j JSON Template Layout .. SKIPPED > [INFO] Apache Log4j JSON Template Layout tests SKIPPED > [INFO] Apache Log4j MongoDB 4 . SKIPPED > [INFO] Apache Log4j MongoDB Appender .. SKIPPED > [INFO] Apache Log4j to JUL Bridge . SKIPPED > [INFO] Apache Log4j OSGi tests SKIPPED > [INFO] Apache Log4J Performance Tests . SKIPPED > [INFO] SLF4J 2 Provider for Log4j API . SKIPPED > [INFO] Apache Log4j Spring Boot Support ... SKIPPED > [INFO] Apache Log4j Spring Cloud Config Client Support SKIPPED > [INFO] Apache Log4j Web ... SKIPPED > [INFO] Apache Log4j Tag Library ... SKIPPED > [INFO] > > [INFO] BUILD FAILURE > [INFO] > > [INFO] Total time: 05:46 min > [INFO] Finished at: 2024-09-03T09:16:38-04:00 > [INFO] > > [ERROR] Failed to execute goal > org.apache.maven.plugins:maven-artifact-plugin:3.5.1:compare (default-cli) on > project log4j-api: Build artifacts are different from reference -> [Help 1] > [ERROR] > [ERROR] To see the full stack trace of the errors, re-run Maven with th
Re: [VOTE] Release Apache Log4j `2.24.0`
-1 On Windows, I deleting my entire .m2/repository folder and then ran mvnw -Prelease clean verify artifact:compare -Dreference.repo=%NEXUS_REPO% and got: [INFO] Minimal buildinfo generated from downloaded artifacts: C:\Users\ggregory\rc\2.24.0\src\target\reference\log4j-bom-2.24.0.buildinfo [ERROR] size mismatch log4j-bom-2.24.0.pom: investigate with diffoscope target\reference\org.apache.logging.log4j\log4j-bom-2.24.0.pom .flattened-pom.xml [ERROR] size mismatch log4j-bom-2.24.0-cyclonedx.xml: investigate with diffoscope target\reference\org.apache.logging.log4j\log4j-bom-2.24.0-cyclonedx.xml target\bom.xml [ERROR] Reproducible Build output summary: 0 files ok, 2 different [ERROR] see diff target\reference\log4j-bom-2.24.0.buildinfo target\log4j-bom-2.24.0.buildinfo [ERROR] see also https://maven.apache.org/guides/mini/guide-reproducible-builds.html [INFO] Reproducible Build output comparison saved to C:\Users\ggregory\rc\2.24.0\src\target\log4j-bom-2.24.0.buildcompare [INFO] Aggregate buildcompare copied to C:\Users\ggregory\rc\2.24.0\src\target\log4j-bom-2.24.0.buildcompare [INFO] [INFO] Reactor Summary for Apache Log4j BOM 2.24.0: [INFO] [INFO] Apache Log4j BOM ... FAILURE [02:58 min] [ So I give up after trying macOS, Linux, and Windows. Gary On 2024/09/03 13:23:59 "Gary D. Gregory" wrote: > Note that I add "clean" *(why does the kit not use "clean"?) > > mvnw -Prelease clean verify artifact:compare -Dreference.repo=$NEXUS_REPO > > Gary > > On 2024/09/03 13:21:32 "Gary D. Gregory" wrote: > > It's fails differently on Ubuntu: > > > > ... > > [INFO] --- artifact:3.5.1:compare (default-cli) @ log4j-api --- > > [WARNING] property is inherited from > > outside the reactor, it should be defined in parent POM from reactor > > /mnt/c/Users/ggregory/rc/2.24.0/src/.flattened-pom.xml > > [INFO] Reference buildinfo file not found: it will be generated from > > downloaded reference artifacts > > [INFO] Reference build java.version: 17 (from MANIFEST.MF Build-Jdk-Spec) > > [INFO] Reference build os.name: Unix (from pom.properties newline) > > [INFO] Minimal buildinfo generated from downloaded artifacts: > > /mnt/c/Users/ggregory/rc/2.24.0/src/log4j-api/target/reference/log4j-api-2.24.0.buildinfo > > [ERROR] sha512 mismatch log4j-api-2.24.0-sources.jar: investigate with > > diffoscope > > log4j-api/target/reference/org.apache.logging.log4j/log4j-api-2.24.0-sources.jar > > log4j-api/target/log4j-api-2.24.0-sources.jar > > [ERROR] Reproducible Build output summary: 3 files ok, 1 different > > [ERROR] see diff log4j-api/target/reference/log4j-api-2.24.0.buildinfo > > log4j-api/target/log4j-api-2.24.0.buildinfo > > [ERROR] see also > > https://maven.apache.org/guides/mini/guide-reproducible-builds.html > > [INFO] Reproducible Build output comparison saved to > > /mnt/c/Users/ggregory/rc/2.24.0/src/log4j-api/target/log4j-api-2.24.0.buildcompare > > [INFO] Aggregate buildcompare copied to > > /mnt/c/Users/ggregory/rc/2.24.0/src/target/log4j-bom-2.24.0.buildcompare > > [INFO] > > > > [INFO] Reactor Summary for Apache Log4j BOM 2.24.0: > > [INFO] > > [INFO] Apache Log4j BOM ... SUCCESS [02:01 > > min] > > [INFO] Apache Log4j Parent SUCCESS [ > > 1.427 s] > > [INFO] Apache Log4j API Java 9 support SUCCESS [ > > 29.766 s] > > [INFO] Apache Log4j API ... FAILURE [03:13 > > min] > > [INFO] Apache Log4j Implementation Java 9 support . SKIPPED > > [INFO] Apache Log4j Core .. SKIPPED > > [INFO] Apache Log4j API Tests . SKIPPED > > [INFO] Apache Log4j Core Tests SKIPPED > > [INFO] Apache Log4j 1.x Compatibility API . SKIPPED > > [INFO] Apache Log4j App Server Support SKIPPED > > [INFO] Log4j API to SLF4J Adapter . SKIPPED > > [INFO] SLF4J 1 Binding for Log4j API .. SKIPPED > > [INFO] Apache Log4j Cassandra . SKIPPED > > [INFO] Apache Log4j Core Integration Tests SKIPPED > > [INFO] Apache Log4j CouchDB ... SKIPPED > > [INFO] Apache Log4j Docker Library SKIPPED > > [INFO] Apache Log4j Streaming Interface ... SKIPPED > > [INFO] Apache Log4j Jakarta SMTP .. SKIPPED > > [INFO] Apache Log4j Jakarta Web ... SKIPPED > > [INFO] Apache Log4j Commons Logging Bridge SKIPPED > > [INFO] Apache Log4j JPA ... SKIPPED > > [INFO] Apache Log4j JDK Platform Logging Adapter .. SKIPPED > > [INFO] Apache Log4j JDBC DBCP 2 .
Re: [VOTE] Release Apache Log4j `2.24.0`
Hi all, On Sat, 31 Aug 2024 at 21:30, Piotr P. Karwasz wrote: > > This is a vote to release the Apache Log4j `2.24.0`. > > Website: https://logging.staged.apache.org/log4j/2.24.0/index.html > GitHub: https://github.com/apache/logging-log4j2 > Commit: 08053687456f6be61ee8206da782a3d051928a57 > Distribution: https://dist.apache.org/repos/dist/dev/logging/log4j > Nexus: > https://repository.apache.org/content/repositories/orgapachelogging-1293 > Signing key: 0x077e8893a6dcc33dd4a4d5b256e73ba9a0b592d0 > > Please download, test, and cast your votes on this mailing list. > > [ ] +1, release the artifacts > [ ] -1, don't release, because... Given the problem you encountered building 2.24.0, I find it more prudent to cancel this vote. I will issue an RC2 shortly. Piotr
Re: [VOTE] Release Apache Log4j `2.24.0`
Thank you Piotr! Gary On Tue, Sep 3, 2024, 11:17 AM Piotr P. Karwasz wrote: > Hi all, > > On Sat, 31 Aug 2024 at 21:30, Piotr P. Karwasz > wrote: > > > > This is a vote to release the Apache Log4j `2.24.0`. > > > > Website: https://logging.staged.apache.org/log4j/2.24.0/index.html > > GitHub: https://github.com/apache/logging-log4j2 > > Commit: 08053687456f6be61ee8206da782a3d051928a57 > > Distribution: https://dist.apache.org/repos/dist/dev/logging/log4j > > Nexus: > https://repository.apache.org/content/repositories/orgapachelogging-1293 > > Signing key: 0x077e8893a6dcc33dd4a4d5b256e73ba9a0b592d0 > > > > Please download, test, and cast your votes on this mailing list. > > > > [ ] +1, release the artifacts > > [ ] -1, don't release, because... > > Given the problem you encountered building 2.24.0, I find it more > prudent to cancel this vote. > I will issue an RC2 shortly. > > Piotr >
Re: (logging-parent) branch main updated: Modify review kit
Why doesn't the maven build in the review kit (below) invoke clean goal? Gary On Tue, Sep 3, 2024, 11:37 AM wrote: > This is an automated email from the ASF dual-hosted git repository. > > pkarwasz pushed a commit to branch main > in repository https://gitbox.apache.org/repos/asf/logging-parent.git > > > The following commit(s) were added to refs/heads/main by this push: > new 13031ed Modify review kit > 13031ed is described below > > commit 13031ede96f0234bd3c80ec98c0d012a2d94a2a1 > Author: Piotr P. Karwasz > AuthorDate: Tue Sep 3 17:36:56 2024 +0200 > > Modify review kit > --- > .github/release-review-kit.txt | 22 +++--- > 1 file changed, 15 insertions(+), 7 deletions(-) > > diff --git a/.github/release-review-kit.txt > b/.github/release-review-kit.txt > index 0ec5bc9..915dbfd 100644 > --- a/.github/release-review-kit.txt > +++ b/.github/release-review-kit.txt > @@ -23,19 +23,27 @@ should work universally for all projects using > > -8<-~( cut here )~-8<- > # Check out the distribution > -svn co https://dist.apache.org/repos/dist/dev/logging/... && cd $_ > +wget --cut-dirs=6 \ > + --no-host-directories \ > + --no-parent \ > + --recursive \ > + > https://dist.apache.org/repos/dist/dev/logging/@PROJECT_NAME@/@PROJECT_VERSION@ > > # Verify checksums > -shasum --check *.sha512 > +sha512sum --check *.sha512 > > # Verify signatures > -wget -O - https://downloads.apache.org/logging/KEYS | gpg --import > +# > +# If you didn't import the KEYS previously, run: > +# wget -O - https://downloads.apache.org/logging/KEYS | gpg --import > for sigFile in *.asc; do gpg --verify $sigFile; done > > -# Verify reproduciblity > +# Verify reproducibility (only Linux/MacOS X) > umask 0022 > unzip *-src.zip -d src > cd src > -export NEXUS_REPO=https://repository.apache.org/content/... > -sh mvnw -Prelease verify artifact:compare -Dreference.repo=$NEXUS_REPO > -# If preferred, augment `mvnw` with `-DskipTests` to speed things up > +export NEXUS_REPO= > https://repository.apache.org/content/repositories/orgapachelogging- > > +sh mvnw -Prelease clean verify artifact:compare > -Dreference.repo=$NEXUS_REPO > + > +# Run tests only (Windows) > +sh mvnw -Prelease clean verify artifact:compare > \ No newline at end of file > >
[VOTE] Release Apache Log4j `2.24.0` (RC2)
This is a vote to release the Apache Log4j `2.24.0`. Website: https://logging.staged.apache.org/log4j/2.24.0/index.html GitHub: https://github.com/apache/logging-log4j2 Commit: c79ae325f6a21af45526c202f121bfced188613e Distribution: https://dist.apache.org/repos/dist/dev/logging/log4j/2.24.0/ Nexus: https://repository.apache.org/content/repositories/orgapachelogging-1294 Signing key: 0x077e8893a6dcc33dd4a4d5b256e73ba9a0b592d0 Please download, test, and cast your votes on this mailing list. [ ] +1, release the artifacts [ ] -1, don't release, because... This vote is open for 72 hours and will pass unless getting a net negative vote count. All votes are welcome and we encourage everyone to test the release, but only the Logging Services PMC votes are officially counted. At least 3 +1 votes and more positive than negative votes are required. == Review kit The minimum set of steps needed to review the uploaded distribution files in the Subversion repository can be summarized as follows: # Check out the distribution wget --cut-dirs=6 \ --no-host-directories \ --no-parent \ --recursive \ https://dist.apache.org/repos/dist/dev/logging/log4j/2.24.0/ # Verify checksums sha512sum --check *.sha512 # Verify signatures # # If you didn't import the KEYS previously, run: # wget -O - https://downloads.apache.org/logging/KEYS | gpg --import for sigFile in *.asc; do gpg --verify $sigFile; done # Verify reproducibility (only Linux/MacOS X) umask 0022 unzip *-src.zip -d src cd src export NEXUS_REPO=https://repository.apache.org/content/repositories/orgapachelogging-1294 sh mvnw -Prelease clean verify artifact:compare -Dreference.repo=$NEXUS_REPO # Run tests only (Windows) sh mvnw -Prelease clean verify == Release Notes This release contains improvements and changes in several areas of Apache Log4j: === Log4j API The `2.24.0` version of Log4j API has been enhanced with changes from the 3.x branch and will be used by both Log4j 2 Core and Log4j 3 Core releases. The changes include: * A faster default `ThreadContextMap`. * Enhanced GraalVM support: native binaries that use Log4j API will no longer require additional GraalVM configuration. * The configuration properties subsystem now only accepts the official pre-2.10 property names and the normalized post-2.10 names. Check your configuration for typos. === Documentation The Apache Log4j 2[1] website has been almost entirely rewritten to provide improved documentation and faster access to the information you need. [1] https://logging.staged.apache.org/log4j/2.24.0/index.html === Bridges The JUL-to-Log4j API and Log4j 1-to-Log4j API will no longer be able to modify the configuration of Log4j Core by default. If such a functionality is required, it must be explicitly enabled. === Modules The following Log4j Core additional modules have been removed: `log4j-flume-ng`:: The module is no longer part of the release process and will follow its own release lifecycle. Please manage your dependencies using `log4j-bom`[2] to always use its latest version. `log4j-kubernetes`:: The module has been moved to the Fabric8.io Kubernetes project[3] and follows the Fabric8.io release lifecycle. `log4j-mongodb3`:: The module based on MongoDB Java client version 3.x has been removed. Please migrate to `log4j-mongodb`[4] (client version 5.x) or `log4j-mongodb4`[5] (client version 4.x). [2] https://logging.staged.apache.org/log4j/2.24.0/components.html#log4j-bom [3] https://github.com/fabric8io/kubernetes-client/blob/main/doc/KubernetesLog4j.md [4] https://logging.staged.apache.org/log4j/2.24.0/components.html#log4j-mongodb [5] https://logging.staged.apache.org/log4j/2.24.0/components.html#log4j-mongodb4 === JMX changes Starting in version 2.24.0, JMX support is disabled by default and can be re-enabled via the `log4j2.disableJmx=false` system property. === Added * Add a faster `DefaultThreadContextMap` implementation. (#2330) * Add Logback throwable-consuming semantics as an option in `log4j-slf4j-impl` and `log4j-slf4j2-impl`. Users can enable it by setting the property `log4j2.messageFactory` to `org.apache.logging.slf4j.message.ThrowableConsumingMessageFactory`. (#2363) * Add trace context fields to `GcpLayout.json` (#2498) * Add _"Plugin Reference"_ to the website. It is a Javadoc-on-steroids focusing on Log4j plugins. (#1954) * Automate website deployment using the new CI infrastructure shipped with `org.apache.logging:logging-parent:11.0.0` === Changed * Fix usage of `log4j-api` in GraalVM without additional reachability data. (#1539) * Ignore exceptions thrown by PropertySources. (https://github.com/spring-projects/spring-boot/issues/33450[Spring-33450]) * Add logging to `PropertiesUtil` and fix `Duration` parser. (#1936) * Disable level modification via JUL by default. (#2353) * Centralize initialization in the `Provider` class and deprecate `log4j2.loggerContextFactory` property. (#2374) * Remove `log4j-kubernetes` lookup. User should migr
Re: (logging-parent) branch main updated: Modify review kit
Hi Gary, On Tue, 3 Sept 2024 at 18:25, Gary Gregory wrote: > > Why doesn't the maven build in the review kit (below) invoke clean goal? > > > +sh mvnw -Prelease clean verify artifact:compare > > -Dreference.repo=$NEXUS_REPO > > + > > +# Run tests only (Windows) > > +sh mvnw -Prelease clean verify artifact:compare > > \ No newline at end of file Normally there is nothing to clean, but as you can see I added `clean` to both UNIX and Windows. Piotr
Re: (logging-parent) branch main updated: Modify review kit
I will remove `clean`, since there is nothing to clean. We shouldn't add unnecessary overhead. On Tue, Sep 3, 2024 at 7:01 PM Piotr P. Karwasz wrote: > Hi Gary, > > On Tue, 3 Sept 2024 at 18:25, Gary Gregory wrote: > > > > Why doesn't the maven build in the review kit (below) invoke clean goal? > > > > > +sh mvnw -Prelease clean verify artifact:compare > > > -Dreference.repo=$NEXUS_REPO > > > + > > > +# Run tests only (Windows) > > > +sh mvnw -Prelease clean verify artifact:compare > > > \ No newline at end of file > > Normally there is nothing to clean, but as you can see I added `clean` > to both UNIX and Windows. > > Piotr >
Re: [VOTE] Release Apache Log4j `2.24.0` (RC2)
Sorry to be a pain, on Windows, running 'mvn clean verify', I get: [ERROR] Tests run: 3, Failures: 1, Errors: 0, Skipped: 1, Time elapsed: 11.48 s <<< FAILURE! -- in org.apache.logging.log4j.core.net.UrlConnectionFactoryTest [ERROR] org.apache.logging.log4j.core.net.UrlConnectionFactoryTest.withAuthentication -- Time elapsed: 0.093 s <<< FAILURE! org.opentest4j.AssertionFailedError: File was not modified ==> expected: <200> but was: <304> at org.junit.jupiter.api.AssertionFailureBuilder.build(AssertionFailureBuilder.java:151) at org.junit.jupiter.api.AssertionFailureBuilder.buildAndThrow(AssertionFailureBuilder.java:132) at org.junit.jupiter.api.AssertEquals.failNotEqual(AssertEquals.java:197) at org.junit.jupiter.api.AssertEquals.assertEquals(AssertEquals.java:150) at org.junit.jupiter.api.Assertions.assertEquals(Assertions.java:563) at org.apache.logging.log4j.core.net.UrlConnectionFactoryTest.withAuthentication(UrlConnectionFactoryTest.java:130) at java.base/java.lang.reflect.Method.invoke(Method.java:569) at java.base/java.util.ArrayList.forEach(ArrayList.java:1511) at java.base/java.util.ArrayList.forEach(ArrayList.java:1511) I can't dig in now :-( day job calls... Gary On 2024/09/03 16:56:42 "Piotr P. Karwasz" wrote: > This is a vote to release the Apache Log4j `2.24.0`. > > Website: https://logging.staged.apache.org/log4j/2.24.0/index.html > GitHub: https://github.com/apache/logging-log4j2 > Commit: c79ae325f6a21af45526c202f121bfced188613e > Distribution: https://dist.apache.org/repos/dist/dev/logging/log4j/2.24.0/ > Nexus: > https://repository.apache.org/content/repositories/orgapachelogging-1294 > Signing key: 0x077e8893a6dcc33dd4a4d5b256e73ba9a0b592d0 > > Please download, test, and cast your votes on this mailing list. > > [ ] +1, release the artifacts > [ ] -1, don't release, because... > > This vote is open for 72 hours and will pass unless getting a > net negative vote count. All votes are welcome and we encourage > everyone to test the release, but only the Logging Services PMC > votes are officially counted. At least 3 +1 votes and more > positive than negative votes are required. > > == Review kit > > The minimum set of steps needed to review the uploaded distribution > files in the Subversion repository can be summarized as follows: > > # Check out the distribution > wget --cut-dirs=6 \ > --no-host-directories \ > --no-parent \ > --recursive \ > https://dist.apache.org/repos/dist/dev/logging/log4j/2.24.0/ > > # Verify checksums > sha512sum --check *.sha512 > > # Verify signatures > # > # If you didn't import the KEYS previously, run: > # wget -O - https://downloads.apache.org/logging/KEYS | gpg --import > for sigFile in *.asc; do gpg --verify $sigFile; done > > # Verify reproducibility (only Linux/MacOS X) > umask 0022 > unzip *-src.zip -d src > cd src > export > NEXUS_REPO=https://repository.apache.org/content/repositories/orgapachelogging-1294 > sh mvnw -Prelease clean verify artifact:compare -Dreference.repo=$NEXUS_REPO > > # Run tests only (Windows) > sh mvnw -Prelease clean verify > > == Release Notes > > This release contains improvements and changes in several areas of Apache > Log4j: > > === Log4j API > > The `2.24.0` version of Log4j API has been enhanced with changes from > the 3.x branch and will be used by both Log4j 2 Core and Log4j 3 Core > releases. > The changes include: > > * A faster default `ThreadContextMap`. > * Enhanced GraalVM support: native binaries that use Log4j API will no > longer require additional GraalVM configuration. > * The configuration properties subsystem now only accepts the official > pre-2.10 property names and the normalized post-2.10 names. > Check your configuration for typos. > > === Documentation > > The Apache Log4j 2[1] website has been almost entirely rewritten to > provide improved documentation and faster access to the information > you need. > > [1] https://logging.staged.apache.org/log4j/2.24.0/index.html > > === Bridges > > The JUL-to-Log4j API and Log4j 1-to-Log4j API will no longer be able > to modify the configuration of Log4j Core by default. > If such a functionality is required, it must be explicitly enabled. > > === Modules > > The following Log4j Core additional modules have been removed: > > `log4j-flume-ng`:: > The module is no longer part of the release process and will follow > its own release lifecycle. > Please manage your dependencies using `log4j-bom`[2] to always use its > latest version. > > `log4j-kubernetes`:: > The module has been moved to the Fabric8.io Kubernetes project[3] and > follows the Fabric8.io release lifecycle. > > `log4j-mongodb3`:: > The module based on MongoDB Java client version 3.x has been removed. > Please migrate to `log4j-mongodb`[4] (client version 5.x) or > `log4j-mongodb4`[5] (client version 4.x). > > [2] https://logging.staged.apache.org/log4j/2.24.0/componen
Re: [VOTE] Release Apache Log4j `2.24.0`
Gary, do you know what is the difference between RC1 and RC2? Nothing. Piotr only kindly added a one-liner condition check to the contending (FQDN-related) test to make it up to you. That is the only difference – plus, he updated the review kit (shared in the email) to avoid the reproducibility check on Windows. Put another way, RC1 is effectively identical to RC2, bit by bit. My point is, 3 people verified the release and CI runs passed on all 3 platforms – there is definitely something unexpected in your setup. As you know better, issuing an RC is a time and energy consuming task. Besides RM, other voters put effort into it too. Would you mind asking for further help instead of downvoting a release due to local failures, please? I would have been more than happy to assist you in a video call, instead of re-issuing the whole release. On Tue, Sep 3, 2024 at 4:04 PM Gary D. Gregory wrote: > -1 > > On Windows, I deleting my entire .m2/repository folder and then ran > > mvnw -Prelease clean verify artifact:compare -Dreference.repo=%NEXUS_REPO% > > and got: > > [INFO] Minimal buildinfo generated from downloaded artifacts: > C:\Users\ggregory\rc\2.24.0\src\target\reference\log4j-bom-2.24.0.buildinfo > [ERROR] size mismatch log4j-bom-2.24.0.pom: investigate with diffoscope > target\reference\org.apache.logging.log4j\log4j-bom-2.24.0.pom > .flattened-pom.xml > [ERROR] size mismatch log4j-bom-2.24.0-cyclonedx.xml: investigate with > diffoscope > target\reference\org.apache.logging.log4j\log4j-bom-2.24.0-cyclonedx.xml > target\bom.xml > [ERROR] Reproducible Build output summary: 0 files ok, 2 different > [ERROR] see diff target\reference\log4j-bom-2.24.0.buildinfo > target\log4j-bom-2.24.0.buildinfo > [ERROR] see also > https://maven.apache.org/guides/mini/guide-reproducible-builds.html > [INFO] Reproducible Build output comparison saved to > C:\Users\ggregory\rc\2.24.0\src\target\log4j-bom-2.24.0.buildcompare > [INFO] Aggregate buildcompare copied to > C:\Users\ggregory\rc\2.24.0\src\target\log4j-bom-2.24.0.buildcompare > [INFO] > > [INFO] Reactor Summary for Apache Log4j BOM 2.24.0: > [INFO] > [INFO] Apache Log4j BOM ... FAILURE [02:58 > min] > [ > > So I give up after trying macOS, Linux, and Windows. > > Gary > > On 2024/09/03 13:23:59 "Gary D. Gregory" wrote: > > Note that I add "clean" *(why does the kit not use "clean"?) > > > > mvnw -Prelease clean verify artifact:compare -Dreference.repo=$NEXUS_REPO > > > > Gary > > > > On 2024/09/03 13:21:32 "Gary D. Gregory" wrote: > > > It's fails differently on Ubuntu: > > > > > > ... > > > [INFO] --- artifact:3.5.1:compare (default-cli) @ log4j-api --- > > > [WARNING] property is inherited from > outside the reactor, it should be defined in parent POM from reactor > /mnt/c/Users/ggregory/rc/2.24.0/src/.flattened-pom.xml > > > [INFO] Reference buildinfo file not found: it will be generated from > downloaded reference artifacts > > > [INFO] Reference build java.version: 17 (from MANIFEST.MF > Build-Jdk-Spec) > > > [INFO] Reference build os.name: Unix (from pom.properties newline) > > > [INFO] Minimal buildinfo generated from downloaded artifacts: > /mnt/c/Users/ggregory/rc/2.24.0/src/log4j-api/target/reference/log4j-api-2.24.0.buildinfo > > > [ERROR] sha512 mismatch log4j-api-2.24.0-sources.jar: investigate with > diffoscope > log4j-api/target/reference/org.apache.logging.log4j/log4j-api-2.24.0-sources.jar > log4j-api/target/log4j-api-2.24.0-sources.jar > > > [ERROR] Reproducible Build output summary: 3 files ok, 1 different > > > [ERROR] see diff log4j-api/target/reference/log4j-api-2.24.0.buildinfo > log4j-api/target/log4j-api-2.24.0.buildinfo > > > [ERROR] see also > https://maven.apache.org/guides/mini/guide-reproducible-builds.html > > > [INFO] Reproducible Build output comparison saved to > /mnt/c/Users/ggregory/rc/2.24.0/src/log4j-api/target/log4j-api-2.24.0.buildcompare > > > [INFO] Aggregate buildcompare copied to > /mnt/c/Users/ggregory/rc/2.24.0/src/target/log4j-bom-2.24.0.buildcompare > > > [INFO] > > > > [INFO] Reactor Summary for Apache Log4j BOM 2.24.0: > > > [INFO] > > > [INFO] Apache Log4j BOM ... SUCCESS > [02:01 min] > > > [INFO] Apache Log4j Parent SUCCESS [ > 1.427 s] > > > [INFO] Apache Log4j API Java 9 support SUCCESS [ > 29.766 s] > > > [INFO] Apache Log4j API ... FAILURE > [03:13 min] > > > [INFO] Apache Log4j Implementation Java 9 support . SKIPPED > > > [INFO] Apache Log4j Core .. SKIPPED > > > [INFO] Apache Log4j API Tests . SKIPPED > > > [INFO] Apache Log4j Core Tests SKIPPED > > > [INFO] Apache Log4j 1.x Compatibility API . SKIPPED >
[DISCUSS][VOTE] Release Apache Log4j `2.24.0`
Hi Volkan, On Tue, 3 Sept 2024 at 20:54, Volkan Yazıcı wrote: > My point is, 3 people verified the release and CI runs passed on all 3 > platforms – there is definitely something unexpected in your setup. As you > know better, issuing an RC is a time and energy consuming task. Besides RM, > other voters put effort into it too. Would you mind asking for further help > instead of downvoting a release due to local failures, please? I would have > been more than happy to assist you in a video call, instead of re-issuing > the whole release. The call to cancel the vote was mine, since the -1 is not a veto. That said, please consider that: * Around 10% of all builds fail due to a test. You can find a list of broken tests on Develocity[1] and try to fix them. * The SBOM is generated based on the dependencies in your local Maven repo. If you happen to be the Release Manager of some of Log4j dependencies, you might have some pre-releases and RCs in the repo instead of the official versions. Piotr [1] https://ge.apache.org/scans/tests?search.relativeStartTime=P28D&search.rootProjectNames=Apache%20Log4j%20BOM&search.timeZoneId=Europe%2FWarsaw#
Re: [VOTE] Release Apache Log4j `2.24.0`
Volcan, Please stop complaining about the hours I've already sunk into validation on 3 different operating system on two different machines. You're not helping the cause. I can't help but notice the irony that one of the failures is in the "reproducible" part of the build. >From my point of view, building has gotten worse and less reliable over time :-( My -1 vote reflects this. Gary On Tue, Sep 3, 2024, 2:55 PM Volkan Yazıcı wrote: > Gary, do you know what is the difference between RC1 and RC2? Nothing. > Piotr only kindly added a one-liner condition check to the contending > (FQDN-related) test to make it up to you. That is the only difference – > plus, he updated the review kit (shared in the email) to avoid the > reproducibility check on Windows. Put another way, RC1 is effectively > identical to RC2, bit by bit. > > My point is, 3 people verified the release and CI runs passed on all 3 > platforms – there is definitely something unexpected in your setup. As you > know better, issuing an RC is a time and energy consuming task. Besides RM, > other voters put effort into it too. Would you mind asking for further help > instead of downvoting a release due to local failures, please? I would have > been more than happy to assist you in a video call, instead of re-issuing > the whole release. > > On Tue, Sep 3, 2024 at 4:04 PM Gary D. Gregory > wrote: > > > -1 > > > > On Windows, I deleting my entire .m2/repository folder and then ran > > > > mvnw -Prelease clean verify artifact:compare > -Dreference.repo=%NEXUS_REPO% > > > > and got: > > > > [INFO] Minimal buildinfo generated from downloaded artifacts: > > > C:\Users\ggregory\rc\2.24.0\src\target\reference\log4j-bom-2.24.0.buildinfo > > [ERROR] size mismatch log4j-bom-2.24.0.pom: investigate with diffoscope > > target\reference\org.apache.logging.log4j\log4j-bom-2.24.0.pom > > .flattened-pom.xml > > [ERROR] size mismatch log4j-bom-2.24.0-cyclonedx.xml: investigate with > > diffoscope > > target\reference\org.apache.logging.log4j\log4j-bom-2.24.0-cyclonedx.xml > > target\bom.xml > > [ERROR] Reproducible Build output summary: 0 files ok, 2 different > > [ERROR] see diff target\reference\log4j-bom-2.24.0.buildinfo > > target\log4j-bom-2.24.0.buildinfo > > [ERROR] see also > > https://maven.apache.org/guides/mini/guide-reproducible-builds.html > > [INFO] Reproducible Build output comparison saved to > > C:\Users\ggregory\rc\2.24.0\src\target\log4j-bom-2.24.0.buildcompare > > [INFO] Aggregate buildcompare copied to > > C:\Users\ggregory\rc\2.24.0\src\target\log4j-bom-2.24.0.buildcompare > > [INFO] > > > > [INFO] Reactor Summary for Apache Log4j BOM 2.24.0: > > [INFO] > > [INFO] Apache Log4j BOM ... FAILURE > [02:58 > > min] > > [ > > > > So I give up after trying macOS, Linux, and Windows. > > > > Gary > > > > On 2024/09/03 13:23:59 "Gary D. Gregory" wrote: > > > Note that I add "clean" *(why does the kit not use "clean"?) > > > > > > mvnw -Prelease clean verify artifact:compare > -Dreference.repo=$NEXUS_REPO > > > > > > Gary > > > > > > On 2024/09/03 13:21:32 "Gary D. Gregory" wrote: > > > > It's fails differently on Ubuntu: > > > > > > > > ... > > > > [INFO] --- artifact:3.5.1:compare (default-cli) @ log4j-api --- > > > > [WARNING] property is inherited from > > outside the reactor, it should be defined in parent POM from reactor > > /mnt/c/Users/ggregory/rc/2.24.0/src/.flattened-pom.xml > > > > [INFO] Reference buildinfo file not found: it will be generated from > > downloaded reference artifacts > > > > [INFO] Reference build java.version: 17 (from MANIFEST.MF > > Build-Jdk-Spec) > > > > [INFO] Reference build os.name: Unix (from pom.properties newline) > > > > [INFO] Minimal buildinfo generated from downloaded artifacts: > > > /mnt/c/Users/ggregory/rc/2.24.0/src/log4j-api/target/reference/log4j-api-2.24.0.buildinfo > > > > [ERROR] sha512 mismatch log4j-api-2.24.0-sources.jar: investigate > with > > diffoscope > > > log4j-api/target/reference/org.apache.logging.log4j/log4j-api-2.24.0-sources.jar > > log4j-api/target/log4j-api-2.24.0-sources.jar > > > > [ERROR] Reproducible Build output summary: 3 files ok, 1 different > > > > [ERROR] see diff > log4j-api/target/reference/log4j-api-2.24.0.buildinfo > > log4j-api/target/log4j-api-2.24.0.buildinfo > > > > [ERROR] see also > > https://maven.apache.org/guides/mini/guide-reproducible-builds.html > > > > [INFO] Reproducible Build output comparison saved to > > > /mnt/c/Users/ggregory/rc/2.24.0/src/log4j-api/target/log4j-api-2.24.0.buildcompare > > > > [INFO] Aggregate buildcompare copied to > > /mnt/c/Users/ggregory/rc/2.24.0/src/target/log4j-bom-2.24.0.buildcompare > > > > [INFO] > > > > > > [INFO] Reactor Summary for Apache Log4j BOM 2.24.0: > > > > [INFO] > > > > [INFO] Apache Log4j BOM ... SUCCE
Re: [VOTE] Release Apache Log4j `2.24.0`
> You're not helping the cause. I am offering a video call to assist you. What else do you want me to do? On Tue, Sep 3, 2024 at 9:51 PM Gary Gregory wrote: > Volcan, > > Please stop complaining about the hours I've already sunk into validation > on 3 different operating system on two different machines. You're not > helping the cause. > > I can't help but notice the irony that one of the failures is in the > "reproducible" part of the build. > > From my point of view, building has gotten worse and less reliable over > time :-( > > My -1 vote reflects this. > > Gary > > On Tue, Sep 3, 2024, 2:55 PM Volkan Yazıcı wrote: > > > Gary, do you know what is the difference between RC1 and RC2? Nothing. > > Piotr only kindly added a one-liner condition check to the contending > > (FQDN-related) test to make it up to you. That is the only difference – > > plus, he updated the review kit (shared in the email) to avoid the > > reproducibility check on Windows. Put another way, RC1 is effectively > > identical to RC2, bit by bit. > > > > My point is, 3 people verified the release and CI runs passed on all 3 > > platforms – there is definitely something unexpected in your setup. As > you > > know better, issuing an RC is a time and energy consuming task. Besides > RM, > > other voters put effort into it too. Would you mind asking for further > help > > instead of downvoting a release due to local failures, please? I would > have > > been more than happy to assist you in a video call, instead of re-issuing > > the whole release. > > > > On Tue, Sep 3, 2024 at 4:04 PM Gary D. Gregory > > wrote: > > > > > -1 > > > > > > On Windows, I deleting my entire .m2/repository folder and then ran > > > > > > mvnw -Prelease clean verify artifact:compare > > -Dreference.repo=%NEXUS_REPO% > > > > > > and got: > > > > > > [INFO] Minimal buildinfo generated from downloaded artifacts: > > > > > > C:\Users\ggregory\rc\2.24.0\src\target\reference\log4j-bom-2.24.0.buildinfo > > > [ERROR] size mismatch log4j-bom-2.24.0.pom: investigate with diffoscope > > > target\reference\org.apache.logging.log4j\log4j-bom-2.24.0.pom > > > .flattened-pom.xml > > > [ERROR] size mismatch log4j-bom-2.24.0-cyclonedx.xml: investigate with > > > diffoscope > > > > target\reference\org.apache.logging.log4j\log4j-bom-2.24.0-cyclonedx.xml > > > target\bom.xml > > > [ERROR] Reproducible Build output summary: 0 files ok, 2 different > > > [ERROR] see diff target\reference\log4j-bom-2.24.0.buildinfo > > > target\log4j-bom-2.24.0.buildinfo > > > [ERROR] see also > > > https://maven.apache.org/guides/mini/guide-reproducible-builds.html > > > [INFO] Reproducible Build output comparison saved to > > > C:\Users\ggregory\rc\2.24.0\src\target\log4j-bom-2.24.0.buildcompare > > > [INFO] Aggregate buildcompare copied to > > > C:\Users\ggregory\rc\2.24.0\src\target\log4j-bom-2.24.0.buildcompare > > > [INFO] > > > > > > > [INFO] Reactor Summary for Apache Log4j BOM 2.24.0: > > > [INFO] > > > [INFO] Apache Log4j BOM ... FAILURE > > [02:58 > > > min] > > > [ > > > > > > So I give up after trying macOS, Linux, and Windows. > > > > > > Gary > > > > > > On 2024/09/03 13:23:59 "Gary D. Gregory" wrote: > > > > Note that I add "clean" *(why does the kit not use "clean"?) > > > > > > > > mvnw -Prelease clean verify artifact:compare > > -Dreference.repo=$NEXUS_REPO > > > > > > > > Gary > > > > > > > > On 2024/09/03 13:21:32 "Gary D. Gregory" wrote: > > > > > It's fails differently on Ubuntu: > > > > > > > > > > ... > > > > > [INFO] --- artifact:3.5.1:compare (default-cli) @ log4j-api --- > > > > > [WARNING] property is inherited > from > > > outside the reactor, it should be defined in parent POM from reactor > > > /mnt/c/Users/ggregory/rc/2.24.0/src/.flattened-pom.xml > > > > > [INFO] Reference buildinfo file not found: it will be generated > from > > > downloaded reference artifacts > > > > > [INFO] Reference build java.version: 17 (from MANIFEST.MF > > > Build-Jdk-Spec) > > > > > [INFO] Reference build os.name: Unix (from pom.properties newline) > > > > > [INFO] Minimal buildinfo generated from downloaded artifacts: > > > > > > /mnt/c/Users/ggregory/rc/2.24.0/src/log4j-api/target/reference/log4j-api-2.24.0.buildinfo > > > > > [ERROR] sha512 mismatch log4j-api-2.24.0-sources.jar: investigate > > with > > > diffoscope > > > > > > log4j-api/target/reference/org.apache.logging.log4j/log4j-api-2.24.0-sources.jar > > > log4j-api/target/log4j-api-2.24.0-sources.jar > > > > > [ERROR] Reproducible Build output summary: 3 files ok, 1 different > > > > > [ERROR] see diff > > log4j-api/target/reference/log4j-api-2.24.0.buildinfo > > > log4j-api/target/log4j-api-2.24.0.buildinfo > > > > > [ERROR] see also > > > https://maven.apache.org/guides/mini/guide-reproducible-builds.html > > > > > [INFO] Reproducible Build output comparison saved to > > > > > > /mnt/c/Users/ggregory/rc/2.24.0/src/lo
Re: [VOTE] Release Apache Log4j `2.24.0`
Volkan, I think Gary told you. He has the right to complain and vote on a release as he feels. Although I believe it is wrong to do so, I could have voted -1 on the release do to the release notes and web site issues. With 3 +1 votes Piotr always had the option to go ahead with the release anyway if he deemed Gary’s complaints to be minor. Please remember a -1 on a release is NOT a veto. Ralph > On Sep 3, 2024, at 1:07 PM, Volkan Yazıcı wrote: > >> You're not helping the cause. > > I am offering a video call to assist you. What else do you want me to do? > > > On Tue, Sep 3, 2024 at 9:51 PM Gary Gregory wrote: > >> Volcan, >> >> Please stop complaining about the hours I've already sunk into validation >> on 3 different operating system on two different machines. You're not >> helping the cause. >> >> I can't help but notice the irony that one of the failures is in the >> "reproducible" part of the build. >> >> From my point of view, building has gotten worse and less reliable over >> time :-( >> >> My -1 vote reflects this. >> >> Gary >> >> On Tue, Sep 3, 2024, 2:55 PM Volkan Yazıcı wrote: >> >>> Gary, do you know what is the difference between RC1 and RC2? Nothing. >>> Piotr only kindly added a one-liner condition check to the contending >>> (FQDN-related) test to make it up to you. That is the only difference – >>> plus, he updated the review kit (shared in the email) to avoid the >>> reproducibility check on Windows. Put another way, RC1 is effectively >>> identical to RC2, bit by bit. >>> >>> My point is, 3 people verified the release and CI runs passed on all 3 >>> platforms – there is definitely something unexpected in your setup. As >> you >>> know better, issuing an RC is a time and energy consuming task. Besides >> RM, >>> other voters put effort into it too. Would you mind asking for further >> help >>> instead of downvoting a release due to local failures, please? I would >> have >>> been more than happy to assist you in a video call, instead of re-issuing >>> the whole release. >>> >>> On Tue, Sep 3, 2024 at 4:04 PM Gary D. Gregory >>> wrote: >>> -1 On Windows, I deleting my entire .m2/repository folder and then ran mvnw -Prelease clean verify artifact:compare >>> -Dreference.repo=%NEXUS_REPO% and got: [INFO] Minimal buildinfo generated from downloaded artifacts: >>> >> C:\Users\ggregory\rc\2.24.0\src\target\reference\log4j-bom-2.24.0.buildinfo [ERROR] size mismatch log4j-bom-2.24.0.pom: investigate with diffoscope target\reference\org.apache.logging.log4j\log4j-bom-2.24.0.pom .flattened-pom.xml [ERROR] size mismatch log4j-bom-2.24.0-cyclonedx.xml: investigate with diffoscope >> target\reference\org.apache.logging.log4j\log4j-bom-2.24.0-cyclonedx.xml target\bom.xml [ERROR] Reproducible Build output summary: 0 files ok, 2 different [ERROR] see diff target\reference\log4j-bom-2.24.0.buildinfo target\log4j-bom-2.24.0.buildinfo [ERROR] see also https://maven.apache.org/guides/mini/guide-reproducible-builds.html [INFO] Reproducible Build output comparison saved to C:\Users\ggregory\rc\2.24.0\src\target\log4j-bom-2.24.0.buildcompare [INFO] Aggregate buildcompare copied to C:\Users\ggregory\rc\2.24.0\src\target\log4j-bom-2.24.0.buildcompare [INFO] >> [INFO] Reactor Summary for Apache Log4j BOM 2.24.0: [INFO] [INFO] Apache Log4j BOM ... FAILURE >>> [02:58 min] [ So I give up after trying macOS, Linux, and Windows. Gary On 2024/09/03 13:23:59 "Gary D. Gregory" wrote: > Note that I add "clean" *(why does the kit not use "clean"?) > > mvnw -Prelease clean verify artifact:compare >>> -Dreference.repo=$NEXUS_REPO > > Gary > > On 2024/09/03 13:21:32 "Gary D. Gregory" wrote: >> It's fails differently on Ubuntu: >> >> ... >> [INFO] --- artifact:3.5.1:compare (default-cli) @ log4j-api --- >> [WARNING] property is inherited >> from outside the reactor, it should be defined in parent POM from reactor /mnt/c/Users/ggregory/rc/2.24.0/src/.flattened-pom.xml >> [INFO] Reference buildinfo file not found: it will be generated >> from downloaded reference artifacts >> [INFO] Reference build java.version: 17 (from MANIFEST.MF Build-Jdk-Spec) >> [INFO] Reference build os.name: Unix (from pom.properties newline) >> [INFO] Minimal buildinfo generated from downloaded artifacts: >>> >> /mnt/c/Users/ggregory/rc/2.24.0/src/log4j-api/target/reference/log4j-api-2.24.0.buildinfo >> [ERROR] sha512 mismatch log4j-api-2.24.0-sources.jar: investigate >>> with diffoscope >>> >> log4j-api/target/reference/org.apache.logging.log4j/log4j-api-2.24.0-sources.jar log4j-api/target/log4j-api-2.24.
Re: (logging-parent) branch main updated: Modify review kit
? Clean takes a no time. It ensures no junk is lying around. Ralph > On Sep 3, 2024, at 10:58 AM, Volkan Yazıcı wrote: > > I will remove `clean`, since there is nothing to clean. > We shouldn't add unnecessary overhead. > > On Tue, Sep 3, 2024 at 7:01 PM Piotr P. Karwasz > wrote: > >> Hi Gary, >> >> On Tue, 3 Sept 2024 at 18:25, Gary Gregory wrote: >>> >>> Why doesn't the maven build in the review kit (below) invoke clean goal? >>> +sh mvnw -Prelease clean verify artifact:compare -Dreference.repo=$NEXUS_REPO + +# Run tests only (Windows) +sh mvnw -Prelease clean verify artifact:compare \ No newline at end of file >> >> Normally there is nothing to clean, but as you can see I added `clean` >> to both UNIX and Windows. >> >> Piotr >>
Re: [DISCUSS][VOTE] Release Apache Log4j `2.24.0`
Thanks Piotr. It is good to know this as I often have lots of source code and build from various things on my computer. Ralph > On Sep 3, 2024, at 12:45 PM, Piotr P. Karwasz wrote: > > Hi Volkan, > > On Tue, 3 Sept 2024 at 20:54, Volkan Yazıcı wrote: >> My point is, 3 people verified the release and CI runs passed on all 3 >> platforms – there is definitely something unexpected in your setup. As you >> know better, issuing an RC is a time and energy consuming task. Besides RM, >> other voters put effort into it too. Would you mind asking for further help >> instead of downvoting a release due to local failures, please? I would have >> been more than happy to assist you in a video call, instead of re-issuing >> the whole release. > > The call to cancel the vote was mine, since the -1 is not a veto. > > That said, please consider that: > > * Around 10% of all builds fail due to a test. You can find a list of > broken tests on Develocity[1] and try to fix them. > * The SBOM is generated based on the dependencies in your local Maven > repo. If you happen to be the Release Manager of some of Log4j > dependencies, you might have some pre-releases and RCs in the repo > instead of the official versions. > > Piotr > > [1] > https://ge.apache.org/scans/tests?search.relativeStartTime=P28D&search.rootProjectNames=Apache%20Log4j%20BOM&search.timeZoneId=Europe%2FWarsaw#
