pivot-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sandro Martini (JIRA)" <j...@apache.org>
Subject [jira] Commented: (PIVOT-260) Add missing resources in generated jar files, for compatibility with Apache Maven Repository
Date Thu, 22 Oct 2009 15:22:59 GMT

    [ https://issues.apache.org/jira/browse/PIVOT-260?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12768715#action_12768715

Sandro Martini commented on PIVOT-260:

I've just seen that for example the main jar of wicket-1.4.2 in the META-INF dir has the following
files (other than the Jar Index and the manifest):

DEPENDENCIES => we don't have this because our dependencies are inside the README
LICENSE => Ok, same as our
NOTICE => Ok, we have it

We'll have to include also the DISCLAIMER file, and I'd exclude the RELEASE-NOTES.

Probably inside our Ant build file we should define a group for all those files, and add a
subtask to copy them in the META-INF dir, when generating JARs and WARs.

> Add missing resources in generated jar files, for compatibility with Apache Maven Repository
> --------------------------------------------------------------------------------------------
>                 Key: PIVOT-260
>                 URL: https://issues.apache.org/jira/browse/PIVOT-260
>             Project: Pivot
>          Issue Type: New Feature
>          Components: project
>            Reporter: Sandro Martini
>            Priority: Minor
>             Fix For: 1.4
> To publish Pivot jars in the main Apache Maven Repository, some files must be added inside
jars (under a META-INF directory), the full discussion thread on our mailing list here:
> http://markmail.org/message/33a74zxgod4wbovh?q=News+on+Pivot+jars+published+via+Maven
> Our build file should be modified, to include this.
> And maybe renewing our self-signing certificate could be useful, too.
> Extract:
> ASF projects can get their artifacts published in the central Maven repository (eg http://repo2.maven.org/maven2/)
by copying them to http://people.apache.org/repo/m2-ibiblio-rsync-repository/ which automatically
syncs with the central repo. 
> To do that on people.apache.org copy them to /x1/www/people.apache.org/repo/m2-ibiblio-rsync-repository.

> All committers should have access to do that, via ssh.
> Each artifact MUST have been voted on by a PMC and comply with all the release requirements
like having LICENSE, NOTICE, DISCLAIMER files, be signed, and indicate they're incubating
artifacts in the name eg by including the "-incubating" suffix in the artifact name. A common
way of getting that vote done is by including the artifacts to be published in a staging area
which is pointed to in the release VOTE. 
> Signed in Apache jargong only means ".asc" files. Those are so called detached PGP signatures,
and from that it is possible to verify authenticity of artifacts published. 
> See http://www.apache.org/info/verification.html for more info, and perhaps you are interested
in http://www.apache.org/dev/release-signing.html as well in case you end up cutting the releases.
Once the troubled server (Minotaur?) is back up and working properly again, you will also
find interesting data at http://www.apache.org/~henkp/trust/apache.html (or there about).
> Maven wants the POMs to be present, but succeeds even without them. 
> Maven also have deployment tools, so once the release is properly cut, the publishing
to Maven central will go via a "mvn deploy:deploy-file" which if it is not given a POM will
create a skeletal one, which I think for our usage is good enough (we don't
> have dependencies).

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message