From 047f8c7c53e296580ae4ec262a396e058dd307de Mon Sep 17 00:00:00 2001 From: iwakeh Date: Mon, 26 Jun 2017 20:12:13 +0000 Subject: [PATCH] Rename jar files and release tarball. --- .gitignore | 4 ++-- CHANGELOG.md | 1 + CONTRIB.md | 8 ++++---- README.md | 15 +++++++++------ build.xml | 4 ++-- 5 files changed, 18 insertions(+), 14 deletions(-) diff --git a/.gitignore b/.gitignore index 373c2c7..af0ea90 100644 --- a/.gitignore +++ b/.gitignore @@ -2,8 +2,8 @@ classes/ cobertura.ser generated/ lib/ -descriptor-*.jar -descriptor-*.tar.gz +metrics-lib-*.jar +metrics-lib-*.tar.gz .classpath .project build.properties diff --git a/CHANGELOG.md b/CHANGELOG.md index 394d4eb..4754dde 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,7 @@ * Minor changes - Replace custom ImplementationNotAccessibleException thrown by DescriptorSourceFactory with generic RuntimeException. + - Rename jar files and release tarball to start with "metrics-lib". # Changes in version 1.9.0 - 2017-06-21 diff --git a/CONTRIB.md b/CONTRIB.md index 4a9d5b6..85c1fa2 100644 --- a/CONTRIB.md +++ b/CONTRIB.md @@ -219,7 +219,7 @@ Sign the produced tarball using GnuPG: ``` gpg --detach-sign --armor --local-user 0x4EFD4FDC3F46D41E \ - descriptor-1.0.0.tar.gz + metrics-lib-2.0.0.tar.gz ``` Verify the signed tarball, ideally on a different system, as described in @@ -228,20 +228,20 @@ Verify the signed tarball, ideally on a different system, as described in Create a signed Git tag for the new release: ``` -git tag -s descriptor-1.0.0 -m "DescripTor 1.0.0" +git tag -s metrics-lib-2.0.0 -m "Tor Metrics Library 2.0.0" ``` Push the branch. Ideally, verify the tag signature by cloning it on another system and running the following command: ``` -git verify-tag descriptor-1.0.0 +git verify-tag metrics-lib-2.0.0 ``` Upload the tarball and signature file and announce the new version. Edit `build.xml` again and raise `release.version` to the current release -plus `-dev`, e.g., `1.0.0-dev`. +plus `-dev`, e.g., `2.0.0-dev`. Development ----------- diff --git a/README.md b/README.md index aa309ac..ddddf77 100644 --- a/README.md +++ b/README.md @@ -43,14 +43,17 @@ verification process by example. Download the release tarball and the separate signature file: ``` -wget https://dist.torproject.org/descriptor/1.0.0/descriptor-1.0.0.tar.gz -wget https://dist.torproject.org/descriptor/1.0.0/descriptor-1.0.0.tar.gz.asc +wget https://dist.torproject.org/metrics-lib/2.0.0/metrics-lib-2.0.0.tar.gz +wget https://dist.torproject.org/metrics-lib/2.0.0/metrics-lib-2.0.0.tar.gz.asc ``` +(Note that earlier tarballs were named descriptor-VERSION.tar.gz and could +be found in https://dist.torproject.org/descriptor/.) + Attempt to verify the signature on the tarball: ``` -gpg --verify descriptor-1.0.0.tar.gz.asc +gpg --verify metrics-lib-2.0.0.tar.gz.asc ``` If the signature cannot be verified due to the public key of the signer @@ -59,7 +62,7 @@ servers and retry: ``` gpg --keyserver pgp.mit.edu --recv-key 0x4EFD4FDC3F46D41E -gpg --verify descriptor-1.0.0.tar.gz.asc +gpg --verify metrics-lib-2.0.0.tar.gz.asc ``` If the signature still cannot be verified, something is wrong! @@ -85,8 +88,8 @@ Verify the signatures on the contained .jar files using Java's jarsigner tool: ``` -jarsigner -verify descriptor-1.0.0.jar -jarsigner -verify descriptor-1.0.0-sources.jar +jarsigner -verify metrics-lib-2.0.0.jar +jarsigner -verify metrics-lib-2.0.0-sources.jar ``` diff --git a/build.xml b/build.xml index 4c7cfff..765d16f 100644 --- a/build.xml +++ b/build.xml @@ -4,13 +4,13 @@ ]> - + - +