more cleanup of build.xml, improved release procedure, added a script to create .md5 and .asc

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@883629 13f79535-47bb-0310-9956-ffa450edef68
2009-11-24 09:10:49 +00:00 · 2009-11-24 09:10:49 +00:00 · 03443502f5
parent b7aa4bea9a
commit 03443502f5
4 changed files with 63 additions and 82 deletions
--- a/build.xml
+++ b/build.xml
@ -844,6 +844,13 @@ under the License.
                </replacetokens>
            </filterchain>
        </copy>
+        <copy file="maven/poi-examples.pom" tofile="${dist.dir}/poi-examples-${version.id}.pom">
+            <filterchain>
+                <replacetokens>
+                    <token key="VERSION" value="${version.id}"/>
+                </replacetokens>
+            </filterchain>
+        </copy>
        <copy file="maven/poi-ooxml-schemas.pom" tofile="${dist.dir}/poi-ooxml-schemas-${version.id}.pom">
            <filterchain>
                <replacetokens>
@ -1011,17 +1018,15 @@ under the License.
                <patternset refid="src.dist.patterns"/>
            </tarfileset>
        </tar>
-      
+         
+        <!-- script to create signatures and hashes -->
+        <copy file="maven/multisign.sh" todir="${dist.dir}"/>
+
        <echo>Creating Maven POMs</echo>
        <antcall target="maven-poms"/>

-        <echo>Generating MD5 Checksums</echo>
-
-        <checksum fileext=".md5">
-            <fileset dir="${dist.dir}" includes="*.pom,*.gz,*.zip"/>
-        </checksum>
-        
        <echo>Distribution located in ${dist.dir}</echo>
+        <echo>Use ${dist.dir}/multisign.sh to create md5 checksums and GPG signatures</echo>
    </target>

    <target name="dist" depends="clean, compile-all, test-all, site, jar, assemble"
--- a/maven/multisign.sh
+++ b/maven/multisign.sh
@ -0,0 +1,31 @@
+#! /bin/sh
+#
+#   Licensed to the Apache Software Foundation (ASF) under one or more
+#   contributor license agreements.  See the NOTICE file distributed with
+#   this work for additional information regarding copyright ownership.
+#   The ASF licenses this file to You under the Apache License, Version 2.0
+#   (the "License"); you may not use this file except in compliance with
+#   the License.  You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+#   create md5 checksums and gpg signatures 
+
+stty -echo
+echo "enter your GPG passphrase"
+read passphrase
+stty echo
+
+for i in *; do
+    echo Signing $i
+    echo $passphrase | gpg --passphrase-fd 0 --output $i.asc --detach-sig --armor $i
+    gpg --verify $i.asc $i
+    echo Hashing $i
+    openssl md5 < $i > $i.md5
+done
--- a/maven/mvn-deploy.sh
+++ b/maven/mvn-deploy.sh
@ -43,39 +43,21 @@
 M2_REPOSITORY=scp://people.apache.org/www/people.apache.org/repo/m2-ibiblio-rsync-repository
 M2_SCP=people.apache.org:/www/people.apache.org/repo/m2-ibiblio-rsync-repository

-mvn gpg:sign-and-deploy-file -DrepositoryId=apache-releases -P apache-releases \
-  -Durl=$M2_REPOSITORY \
-  -Dfile=poi-@VERSION@-@DSTAMP@.jar -DpomFile=poi-@VERSION@.pom
-scp poi-@VERSION@.pom.asc $M2_SCP/org/apache/poi/poi/@VERSION@/
-scp poi-@VERSION@-sources.* $M2_SCP/org/apache/poi/poi/@VERSION@/
-
-mvn gpg:sign-and-deploy-file -DrepositoryId=apache-releases -P apache-releases \
-  -Durl=$M2_REPOSITORY \
-  -Dfile=poi-scratchpad-@VERSION@-@DSTAMP@.jar -DpomFile=poi-scratchpad-@VERSION@.pom
-scp poi-scratchpad-@VERSION@.pom.asc $M2_SCP/org/apache/poi/poi-scratchpad/@VERSION@/
-scp poi-scratchpad-@VERSION@-sources.* $M2_SCP/org/apache/poi/poi-scratchpad/@VERSION@/
-
-mvn gpg:sign-and-deploy-file -DrepositoryId=apache-releases -P apache-releases \
-  -Durl=$M2_REPOSITORY \
-  -Dfile=poi-contrib-@VERSION@-@DSTAMP@.jar -DpomFile=poi-contrib-@VERSION@.pom
-scp poi-contrib-@VERSION@.pom.asc $M2_SCP/org/apache/poi/poi-contrib/@VERSION@/
-scp poi-contrib-@VERSION@-sources.* $M2_SCP/org/apache/poi/poi-contrib/@VERSION@/
-
-mvn gpg:sign-and-deploy-file -DrepositoryId=apache-releases -P apache-releases \
-  -Durl=$M2_REPOSITORY \
-  -Dfile=poi-ooxml-@VERSION@-@DSTAMP@.jar -DpomFile=poi-ooxml-@VERSION@.pom
-scp poi-ooxml-@VERSION@.pom.asc $M2_SCP/org/apache/poi/poi-ooxml/@VERSION@/
-scp poi-ooxml-@VERSION@-sources.* $M2_SCP/org/apache/poi/poi-ooxml/@VERSION@/
-
-mvn gpg:sign-and-deploy-file -DrepositoryId=apache-releases -P apache-releases \
-  -Durl=$M2_REPOSITORY \
-  -Dfile=poi-examples-@VERSION@-@DSTAMP@.jar -DpomFile=poi-examples-@VERSION@.pom
-scp poi-examples-@VERSION@.pom.asc $M2_SCP/org/apache/poi/poi-examples/@VERSION@/
-scp poi-examples-@VERSION@-sources.* $M2_SCP/org/apache/poi/poi-examples/@VERSION@/
-
-mvn gpg:sign-and-deploy-file -DrepositoryId=apache-releases -P apache-releases \
-  -Durl=$M2_REPOSITORY \
-  -Dfile=poi-ooxml-schemas-@VERSION@-@DSTAMP@.jar -DpomFile=poi-ooxml-schemas-@VERSION@.pom
-scp poi-ooxml-schemas-@VERSION@.pom.asc $M2_SCP/org/apache/poi/poi-ooxml-schemas/@VERSION@/
+VERSION=@VERSION@
+DSTAMP=@DSTAMP@

+for artifactId in poi poi-scratchpad poi-contrib poi-ooxml poi-examples poi-ooxml-schemas
+do
+  mvn gpg:sign-and-deploy-file -DrepositoryId=apache-releases -P apache-releases \
+    -Durl=$M2_REPOSITORY \
+    -Dfile=$artifactId-$VERSION-$DSTAMP.jar -DpomFile=$artifactId-$VERSION.pom
+  #The maven sign-and-deploy-file command does NOT sign POM files, so we have to upload the POM's .asc manually
+  scp $artifactId-$VERSION.pom.asc $M2_SCP/org/apache/poi/$artifactId/$VERSION/

+  if [ -r $artifactId-$VERSION-sources.jar ]; then
+    mvn deploy:deploy-file -DrepositoryId=apache-releases -P apache-releases \
+      -Durl=$M2_REPOSITORY -DgeneratePom=false -Dpackaging=java-source \
+      -Dfile=$artifactId-$VERSION-sources.jar -DpomFile=$artifactId-$VERSION.pom
+    scp $artifactId-$VERSION-sources.jar.asc $M2_SCP/org/apache/poi/$artifactId/$VERSION/
+  fi
+done
--- a/src/documentation/release-guide.txt
+++ b/src/documentation/release-guide.txt
@ -59,58 +59,21 @@ $ svn merge https://svn.apache.org/repos/asf/poi/tags/$TAG \
 https://svn.apache.org/repos/asf/poi/trunk
 {code}

-  5. Start a new section in sites.xml and status.xml. 
+  5. Start a new section in status.xml. 

  6. Build as if the vote had passed. The build date must be +7 days from current.
 {code}
 ant build
 {code}
-After build you should have the following files in the build/dist:
-
-{code}
-poi-$TAG-$DATE.jar
-poi-bin-$TAG-$DATE.tar.gz
-poi-bin-$TAG-$DATE.zip
-poi-contrib-$TAG-$DATE.jar
-poi-scratchpad-$TAG-$DATE.jar
-poi-src-$TAG-$DATE.tar.gz
-poi-src-$TAG-$DATE.zip
-{code}

 where $TAG is the release tag specified in build.xml in the version.id property, $DATE is the release date (typically +7 days from the actual build date). 

  7. Signing the release artifacts:
 {code}
 cd build/dist
-for i in *.zip ; do 
-  gpg --armor --output $i.asc --detach-sig $i; 
-done
-for i in *.gz ; do 
-  gpg --armor --output $i.asc --detach-sig $i; 
-done
-{code}
+./multisign.sh

-Verify the signatures:
-
-{code}
-gpg --multifile --verify *.asc
-{code}
-
-   8. Create MD5 checksums for all artifacts to be published:
-
-{code}
-for i in *.zip ; do 
-  openssl md5 < $i > $i.md5
-done
-for i in *.gz ; do 
-  openssl md5 < $i > $i.md5
-done
-{code}
-
-   9. Upload to your area at people.apache.org.
-There should be two directories:
-main
-maven
+   8. Upload to your area at people.apache.org, e.g. public_html/poi

 Make sure that the all files have read permission. 

@ -139,7 +102,7 @@ cp *-src-* /www/www.apache.org/dist/poi/release/src
 cp *-bin-* /www/www.apache.org/dist/poi/release/bin
 {code}

-copy Maven artifacts
+deploy Maven artifacts
 {code}
 cd build/dist
 ./mvn-deploy.sh