git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@883629 13f79535-47bb-0310-9956-ffa450edef68

14 years ago · 03443502f5
--- a/build.xml
+++ b/build.xml
@@ -844,6 +844,13 @@ under the License.
                </replacetokens>
            </filterchain>
        </copy>
        <copy file="maven/poi-examples.pom" tofile="${dist.dir}/poi-examples-${version.id}.pom">
            <filterchain>
                <replacetokens>
                    <token key="VERSION" value="${version.id}"/>
                </replacetokens>
            </filterchain>
        </copy>
        <copy file="maven/poi-ooxml-schemas.pom" tofile="${dist.dir}/poi-ooxml-schemas-${version.id}.pom">
            <filterchain>
                <replacetokens>
@@ -1011,17 +1018,15 @@ under the License.
                <patternset refid="src.dist.patterns"/>
            </tarfileset>
        </tar>
      
         
        <!-- script to create signatures and hashes -->
        <copy file="maven/multisign.sh" todir="${dist.dir}"/>

        <echo>Creating Maven POMs</echo>
        <antcall target="maven-poms"/>

        <echo>Generating MD5 Checksums</echo>

        <checksum fileext=".md5">
            <fileset dir="${dist.dir}" includes="*.pom,*.gz,*.zip"/>
        </checksum>
        
        <echo>Distribution located in ${dist.dir}</echo>
        <echo>Use ${dist.dir}/multisign.sh to create md5 checksums and GPG signatures</echo>
    </target>

    <target name="dist" depends="clean, compile-all, test-all, site, jar, assemble"
--- a/maven/multisign.sh
+++ b/maven/multisign.sh
@@ -0,0 +1,31 @@
 #! /bin/sh
 #
 #   Licensed to the Apache Software Foundation (ASF) under one or more
 #   contributor license agreements.  See the NOTICE file distributed with
 #   this work for additional information regarding copyright ownership.
 #   The ASF licenses this file to You under the Apache License, Version 2.0
 #   (the "License"); you may not use this file except in compliance with
 #   the License.  You may obtain a copy of the License at
 #
 #       http://www.apache.org/licenses/LICENSE-2.0
 #
 #   Unless required by applicable law or agreed to in writing, software
 #   distributed under the License is distributed on an "AS IS" BASIS,
 #   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 #   See the License for the specific language governing permissions and
 #   limitations under the License.
 #
 #   create md5 checksums and gpg signatures 

 stty -echo
 echo "enter your GPG passphrase"
 read passphrase
 stty echo

 for i in *; do
    echo Signing $i
    echo $passphrase | gpg --passphrase-fd 0 --output $i.asc --detach-sig --armor $i
    gpg --verify $i.asc $i
    echo Hashing $i
    openssl md5 < $i > $i.md5
 done
--- a/maven/mvn-deploy.sh
+++ b/maven/mvn-deploy.sh
@@ -43,39 +43,21 @@
 M2_REPOSITORY=scp://people.apache.org/www/people.apache.org/repo/m2-ibiblio-rsync-repository
 M2_SCP=people.apache.org:/www/people.apache.org/repo/m2-ibiblio-rsync-repository

 mvn gpg:sign-and-deploy-file -DrepositoryId=apache-releases -P apache-releases \
  -Durl=$M2_REPOSITORY \
  -Dfile=poi-@VERSION@-@DSTAMP@.jar -DpomFile=poi-@VERSION@.pom
 scp poi-@VERSION@.pom.asc $M2_SCP/org/apache/poi/poi/@VERSION@/
 scp poi-@VERSION@-sources.* $M2_SCP/org/apache/poi/poi/@VERSION@/

 mvn gpg:sign-and-deploy-file -DrepositoryId=apache-releases -P apache-releases \
  -Durl=$M2_REPOSITORY \
  -Dfile=poi-scratchpad-@VERSION@-@DSTAMP@.jar -DpomFile=poi-scratchpad-@VERSION@.pom
 scp poi-scratchpad-@VERSION@.pom.asc $M2_SCP/org/apache/poi/poi-scratchpad/@VERSION@/
 scp poi-scratchpad-@VERSION@-sources.* $M2_SCP/org/apache/poi/poi-scratchpad/@VERSION@/

 mvn gpg:sign-and-deploy-file -DrepositoryId=apache-releases -P apache-releases \
  -Durl=$M2_REPOSITORY \
  -Dfile=poi-contrib-@VERSION@-@DSTAMP@.jar -DpomFile=poi-contrib-@VERSION@.pom
 scp poi-contrib-@VERSION@.pom.asc $M2_SCP/org/apache/poi/poi-contrib/@VERSION@/
 scp poi-contrib-@VERSION@-sources.* $M2_SCP/org/apache/poi/poi-contrib/@VERSION@/

 mvn gpg:sign-and-deploy-file -DrepositoryId=apache-releases -P apache-releases \
  -Durl=$M2_REPOSITORY \
  -Dfile=poi-ooxml-@VERSION@-@DSTAMP@.jar -DpomFile=poi-ooxml-@VERSION@.pom
 scp poi-ooxml-@VERSION@.pom.asc $M2_SCP/org/apache/poi/poi-ooxml/@VERSION@/
 scp poi-ooxml-@VERSION@-sources.* $M2_SCP/org/apache/poi/poi-ooxml/@VERSION@/

 mvn gpg:sign-and-deploy-file -DrepositoryId=apache-releases -P apache-releases \
  -Durl=$M2_REPOSITORY \
  -Dfile=poi-examples-@VERSION@-@DSTAMP@.jar -DpomFile=poi-examples-@VERSION@.pom
 scp poi-examples-@VERSION@.pom.asc $M2_SCP/org/apache/poi/poi-examples/@VERSION@/
 scp poi-examples-@VERSION@-sources.* $M2_SCP/org/apache/poi/poi-examples/@VERSION@/

 mvn gpg:sign-and-deploy-file -DrepositoryId=apache-releases -P apache-releases \
  -Durl=$M2_REPOSITORY \
  -Dfile=poi-ooxml-schemas-@VERSION@-@DSTAMP@.jar -DpomFile=poi-ooxml-schemas-@VERSION@.pom
 scp poi-ooxml-schemas-@VERSION@.pom.asc $M2_SCP/org/apache/poi/poi-ooxml-schemas/@VERSION@/


 VERSION=@VERSION@
 DSTAMP=@DSTAMP@

 for artifactId in poi poi-scratchpad poi-contrib poi-ooxml poi-examples poi-ooxml-schemas
 do
  mvn gpg:sign-and-deploy-file -DrepositoryId=apache-releases -P apache-releases \
    -Durl=$M2_REPOSITORY \
    -Dfile=$artifactId-$VERSION-$DSTAMP.jar -DpomFile=$artifactId-$VERSION.pom
  #The maven sign-and-deploy-file command does NOT sign POM files, so we have to upload the POM's .asc manually
  scp $artifactId-$VERSION.pom.asc $M2_SCP/org/apache/poi/$artifactId/$VERSION/

  if [ -r $artifactId-$VERSION-sources.jar ]; then
    mvn deploy:deploy-file -DrepositoryId=apache-releases -P apache-releases \
      -Durl=$M2_REPOSITORY -DgeneratePom=false -Dpackaging=java-source \
      -Dfile=$artifactId-$VERSION-sources.jar -DpomFile=$artifactId-$VERSION.pom
    scp $artifactId-$VERSION-sources.jar.asc $M2_SCP/org/apache/poi/$artifactId/$VERSION/
  fi
 done
--- a/src/documentation/release-guide.txt
+++ b/src/documentation/release-guide.txt
@@ -59,58 +59,21 @@ $ svn merge https://svn.apache.org/repos/asf/poi/tags/$TAG \
 https://svn.apache.org/repos/asf/poi/trunk
 {code}

  5. Start a new section in sites.xml and status.xml. 
  5. Start a new section in status.xml. 

  6. Build as if the vote had passed. The build date must be +7 days from current.
 {code}
 ant build
 {code}
 After build you should have the following files in the build/dist:

 {code}
 poi-$TAG-$DATE.jar
 poi-bin-$TAG-$DATE.tar.gz
 poi-bin-$TAG-$DATE.zip
 poi-contrib-$TAG-$DATE.jar
 poi-scratchpad-$TAG-$DATE.jar
 poi-src-$TAG-$DATE.tar.gz
 poi-src-$TAG-$DATE.zip
 {code}

 where $TAG is the release tag specified in build.xml in the version.id property, $DATE is the release date (typically +7 days from the actual build date). 

  7. Signing the release artifacts:
 {code}
 cd build/dist
 for i in *.zip ; do 
  gpg --armor --output $i.asc --detach-sig $i; 
 done
 for i in *.gz ; do 
  gpg --armor --output $i.asc --detach-sig $i; 
 done
 {code}

 Verify the signatures:

 {code}
 gpg --multifile --verify *.asc
 {code}

   8. Create MD5 checksums for all artifacts to be published:

 {code}
 for i in *.zip ; do 
  openssl md5 < $i > $i.md5
 done
 for i in *.gz ; do 
  openssl md5 < $i > $i.md5
 done
 {code}
 ./multisign.sh

   9. Upload to your area at people.apache.org.
 There should be two directories:
 main
 maven
   8. Upload to your area at people.apache.org, e.g. public_html/poi

 Make sure that the all files have read permission. 

@@ -139,7 +102,7 @@ cp *-src-* /www/www.apache.org/dist/poi/release/src
 cp *-bin-* /www/www.apache.org/dist/poi/release/bin
 {code}

 copy Maven artifacts
 deploy Maven artifacts
 {code}
 cd build/dist
 ./mvn-deploy.sh